From 71a51e8de1f05065c3fa4381ac21baaa5eedca0e Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 6 Dec 2023 19:38:05 +0100
Subject: [PATCH] Split the tasks file. TLS without letsencrypt.

---
 defaults/main.yml                         |   7 +-
 handlers/main.yml                         |   8 +-
 meta/main.yml                             |   5 +-
 tasks/main.yml                            | 257 ++--------------------
 tasks/orientdb_backups.yml                |  21 ++
 tasks/orientdb_certificates.yml           |  28 +++
 tasks/orientdb_install.yml                | 145 ++++++++++++
 tasks/orientdb_letsencrypt.yml            |  28 +++
 tasks/orientdb_monitoring.yml             |  18 ++
 tasks/orientdb_removal.yml                |  40 ++++
 templates/orientdb-letsencrypt-acme.sh.j2 |   4 +-
 templates/orientdb-server-config.xml.j2   |   8 +-
 12 files changed, 322 insertions(+), 247 deletions(-)
 create mode 100644 tasks/orientdb_backups.yml
 create mode 100644 tasks/orientdb_certificates.yml
 create mode 100644 tasks/orientdb_install.yml
 create mode 100644 tasks/orientdb_letsencrypt.yml
 create mode 100644 tasks/orientdb_monitoring.yml
 create mode 100644 tasks/orientdb_removal.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 934ea84..02bc475 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -26,8 +26,8 @@ orientdb_configuration_files:
   - hazelcast.xml
   - automatic-backup.json
 
-orientdb_ssl_enabled: false
-orientdb_letsencrypt_ssl_enabled: false
+orientdb_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
+orientdb_letsencrypt_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
 orientdb_ssl_client_auth_enabled: false
 
 orientdb_hooks_enabled: false
@@ -85,3 +85,6 @@ orientdb_automatic_backup_target_file_name: '${DBNAME}-${DATE:yyyyMMddHHmmss}.zi
 orientdb_automatic_backup_compression_level: 9
 orientdb_automatic_backup_buffer_size: 1048576
 orientdb_automatic_backup_retention_days: '7'
+
+# Monitoring
+orientdb_nagios_enabled: "{% if nagios_enabled is defined %}{{ nagios_enabled }}{% else %}false{% endif %}"
diff --git a/handlers/main.yml b/handlers/main.yml
index 52964c3..be81b53 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,10 @@
 ---
 - name: Restart orientdb
-  service: name=orientdb state=restarted sleep=30
+  ansible.builtin.service:
+    name: orientdb
+    state: restarted
   when: orientdb_enabled
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
diff --git a/meta/main.yml b/meta/main.yml
index 3c4007c..9ff4750 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -26,4 +26,7 @@ dependencies:
     version: master
     name: openjdk
     state: latest
-
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-java-keystore.git
+    version: master
+    name: java_keystore
+    state: latest
diff --git a/tasks/main.yml b/tasks/main.yml
index 6ff2d9f..d87b2ea 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,158 +1,25 @@
 ---
-- name: OrientDB installation
+- name: Manage the OrientDB installation
+  ansible.builtin.import_tasks: orientdb_install.yml
+- name: Clean up the OrientDB backups
+  ansible.builtin.import_tasks: orientdb_backups.yml
+- name: OrientDB monitoring
+  ansible.builtin.import_tasks: orientdb_monitoring.yml
+  when: orientdb_enabled
+- name: OrientDB certificates via Letsencrypt
+  ansible.builtin.import_tasks: orientdb_letsencrypt.yml
+  when: orientdb_install
+- name: OrientDB local certificates
+  ansible.builtin.import_tasks: orientdb_certificates.yml
+  when: orientdb_install
+- name: OrientDB removal
+  ansible.builtin.import_tasks: orientdb_removal.yml
+  when: not orientdb_install
+
+- name: Manage the OrientDB service
   tags: ['orientdb']
   when: orientdb_install
   block:
-    - name: Create the orientdb user
-      ansible.builtin.user:
-        name: "{{ orientdb_user }}"
-        home: "{{ orientdb_base_dir }}"
-        createhome: false
-        shell: /bin/bash
-    - name: Create the orientdb directories
-      ansible.builtin.file:
-        dest: "{{ item }}"
-        owner: "{{ orientdb_user }}"
-        group: "{{ orientdb_user }}"
-        mode: "0750"
-        state: directory
-      loop:
-        - "{{ orientdb_base_dir }}"
-        - "{{ orientdb_data_dir }}"
-    - name: Get the orientdb distribution
-      ansible.builtin.get_url:
-        url: "{{ orientdb_binary_distribution_url }}"
-        dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
-        validate_certs: false
-        owner: root
-        group: root
-        mode: "0444"
-    - name: Unpack the orientdb distribution
-      ansible.builtin.unarchive:
-        src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
-        dest: '{{ orientdb_base_dir }}'
-        copy: false
-        owner: root
-        group: root
-      args:
-        creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
-    - name: Create some directories inside the orientdb user home
-      become: true
-      become_user: '{{ orientdb_user }}'
-      ansible.builtin.file:
-        dest: "{{ item }}"
-        state: directory
-        mode: "0750"
-      loop:
-        - '{{ orientdb_pid_dir }}'
-        - '{{ orientdb_automatic_backup_directory }}'
-    - name: Link to the databases directory
-      become: true
-      become_user: '{{ orientdb_user }}'
-      ansible.builtin.file:
-        src: "{{ orientdb_data_dir }}"
-        dest: "{{ orientdb_link_to_data_dir }}"
-        state: link
-    - name: Remove the demodb database
-      ansible.builtin.file:
-        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
-        state: absent
-    - name: Link to the latest version
-      become: true
-      become_user: '{{ orientdb_user }}'
-      ansible.builtin.file:
-        src: '{{ orientdb_tar_filename }}'
-        dest: '{{ orientdb_install_dir }}'
-        state: link
-    - name: Create a link to the data directory
-      ansible.builtin.file:
-        src: '{{ orientdb_data_dir }}'
-        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
-        state: link
-        owner: '{{ orientdb_user }}'
-        group: '{{ orientdb_user }}'
-        force: true
-    - name: Create a orientdb log directory out of the distribution directory
-      ansible.builtin.file:
-        dest: '{{ orientdb_log_dir }}'
-        state: directory
-        owner: '{{ orientdb_user }}'
-        group: '{{ orientdb_user }}'
-        mode: '0755'
-    - name: Link the log directory inside the orientdb user home
-      become: true
-      become_user: '{{ orientdb_user }}'
-      ansible.builtin.file:
-        src: "{{ orientdb_log_dir }}"
-        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
-        state: link
-    - name: Remove the old hook jars
-      ansible.builtin.shell: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
-      loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
-      tags: ['orientdb', 'orientdb_hooks']
-    - name: Fetch and install the hook jars
-      ansible.builtin.get_url:
-        url: "{{ item }}"
-        dest: "{{ orientdb_install_dir }}/lib"
-        owner: root
-        group: root
-        mode: "0644"
-      loop: '{{ orientdb_hooks_jars | default([]) }}'
-      notify: Restart orientdb
-      tags: ['orientdb', 'orientdb_hooks']
-    - name: Install the orientdb default settings
-      ansible.builtin.template:
-        src: orientdb.default.j2
-        dest: /etc/default/orientdb
-        owner: root
-        group: root
-        mode: "0444"
-      notify: Restart orientdb
-    - name: Fix the pid file path inside the start and shutdown scripts
-      ansible.builtin.lineinfile:
-        dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
-        regexp: "^ORIENTDB_PID=.*$"
-        line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
-        insertafter: "^PRG=.*$"
-        firstmatch: true
-      loop:
-        - server.sh
-        - shutdown.sh
-      tags: ['orientdb', 'orientdb_pid']
-    - name: Install the orientdb configuration files
-      ansible.builtin.template:
-        src: '{{ item }}.j2'
-        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
-        owner: '{{ orientdb_user }}'
-        group: '{{ orientdb_user }}'
-        mode: '0640'
-      loop: '{{ orientdb_configuration_files }}'
-      notify: Restart orientdb
-      tags: ['orientdb', 'orientdb_config']
-    - name: Set the permissions of some configuration files
-      ansible.builtin.file:
-        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
-        owner: '{{ orientdb_user }}'
-        group: '{{ orientdb_user }}'
-        mode: '0600'
-      loop:
-        - custom-sql-functions.json
-        - security.json
-        - orientdb-etl-log.properties
-      notify: Restart orientdb
-      tags: ['orientdb', 'orientdb_config']
-    - name: Install the nagios nrpe configuration
-      ansible.builtin.template:
-        src: orientdb-nrpe.cfg.j2
-        dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
-        owner: root
-        group: root
-        mode: "0444"
-      notify: Reload NRPE server
-      when:
-        - nrpe_include_dir is defined
-        - nagios_enabled is defined and nagios_enabled
-      tags: ['orientdb', 'orientdb_nagios']
     - name: Install the orientdb SYSV startup script
       ansible.builtin.template:
         src: orientdb.init.j2
@@ -171,11 +38,9 @@
         mode: "0644"
       tags: ['orientdb', 'orientdb_init']
       when: ansible_service_mgr == 'systemd'
-      register: reload_systemd
+      notify: Reload systemd
     - name: Reload the systemd service
-      ansible.builtin.systemd:
-        daemon_reload: true
-      when: reload_systemd is changed
+      ansible.builtin.meta: flush_handlers
     - name: Ensure that the service is enabled and running
       ansible.builtin.service:
         name: orientdb
@@ -188,85 +53,3 @@
         state: stopped
         enabled: false
       when: not orientdb_enabled
-- name: Clean up the backups
-  tags: ['orientdb', 'orientdb_backup']
-  when: orientdb_install
-  block:
-    - name: Install a script that removes the old orientdb backups
-      ansible.builtin.template:
-        src: backup-cleaner.sh.j2
-        dest: /usr/local/bin/orientdb-backup-cleaner
-        owner: root
-        group: root
-        mode: "0555"
-    - name: Add a cron job that removes the old backups
-      ansible.builtin.cron:
-        cron_file: orientdb-backup-cleaner
-        disabled: false
-        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
-        special_time: daily
-        user: "{{ orientdb_user }}"
-        name: "Remove old orientdb backups"
-        state: present
-- name: Manage the Letsencrypt certificates
-  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
-  when:
-    - orientdb_install
-    - orientdb_letsencrypt_ssl_enabled
-    - letsencrypt_acme_install is defined and letsencrypt_acme_install
-  block:
-    - name: Create the acme hooks directory if it does not yet exist
-      ansible.builtin.file:
-        dest: "{{ letsencrypt_acme_services_scripts_dir }}"
-        state: directory
-        owner: root
-        group: root
-        mode: "0755"
-    - name: Install a letsencrypt hook to update the orientdb certificate
-      ansible.builtin.template:
-        src: orientdb-letsencrypt-acme.sh.j2
-        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
-        owner: root
-        group: root
-        mode: "4555"
-
-- name: Remove OrientDB
-  tags: ['orientdb']
-  when: not orientdb_install
-  block:
-    - name: Ensure that the service is disabled and stopped
-      ansible.builtin.service:
-        name: orientdb
-        state: stopped
-        enabled: false
-    - name: Remove the orientdb SysV startup file
-      ansible.builtin.file:
-        dest: /etc/init.d/orientdb
-        state: absent
-      when: ansible_service_mgr != 'systemd'
-    - name: Remove the orientdb systemd unit
-      ansible.builtin.file:
-        dest: /usr/lib/systemd/system/orientdb.service
-        state: absent
-      when: ansible_service_mgr == 'systemd'
-    - name: Remove the link to the orientdb distribution
-      ansible.builtin.file:
-        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
-        state: absent
-    - name: Remove the default options file
-      ansible.builtin.file:
-        dest: /etc/default/orientdb
-        state: absent
-    - name: Remove the backup cleaner script
-      ansible.builtin.file:
-        dest: /usr/local/bin/orientdb-backup-cleaner
-        state: absent
-    - name: Remove the backup cleaner cron job
-      ansible.builtin.cron:
-        cron_file: orientdb-backup-cleaner
-        disabled: false
-        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
-        special_time: daily
-        user: '{{ orientdb_user }}'
-        name: "Remove old orientdb backups"
-        state: absent
diff --git a/tasks/orientdb_backups.yml b/tasks/orientdb_backups.yml
new file mode 100644
index 0000000..5ecc091
--- /dev/null
+++ b/tasks/orientdb_backups.yml
@@ -0,0 +1,21 @@
+---
+- name: orientdb_backups | Clean up the backups
+  tags: ['orientdb', 'orientdb_backup']
+  when: orientdb_install
+  block:
+    - name: orientdb_backups | Install a script that removes the old orientdb backups
+      ansible.builtin.template:
+        src: backup-cleaner.sh.j2
+        dest: /usr/local/bin/orientdb-backup-cleaner
+        owner: root
+        group: root
+        mode: "0555"
+    - name: orientdb_backups | Add a cron job that removes the old backups
+      ansible.builtin.cron:
+        cron_file: orientdb-backup-cleaner
+        disabled: false
+        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
+        special_time: daily
+        user: "{{ orientdb_user }}"
+        name: "Remove old orientdb backups"
+        state: present
diff --git a/tasks/orientdb_certificates.yml b/tasks/orientdb_certificates.yml
new file mode 100644
index 0000000..337911e
--- /dev/null
+++ b/tasks/orientdb_certificates.yml
@@ -0,0 +1,28 @@
+---
+- name: orientdb_certificates | Manage the Letsencrypt certificates
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: orientdb_ssl_enabled
+  block:
+    - name: orientdb_certificates | Create the acme hooks directory if it does not yet exist
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+    - name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.template:
+        src: orientdb-letsencrypt-acme.sh.j2
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        owner: root
+        group: root
+        mode: "4555"
+
+- name: orientdb_certificates | Remove the hook if letsencrypt is not used
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: not orientdb_letsencrypt_ssl_enabled
+  block:
+    - name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        state: absent
diff --git a/tasks/orientdb_install.yml b/tasks/orientdb_install.yml
new file mode 100644
index 0000000..03082c4
--- /dev/null
+++ b/tasks/orientdb_install.yml
@@ -0,0 +1,145 @@
+---
+- name: orientdb_install | OrientDB installation
+  tags: ['orientdb']
+  when: orientdb_install
+  block:
+    - name: orientdb_install | Create the orientdb user
+      ansible.builtin.user:
+        name: "{{ orientdb_user }}"
+        home: "{{ orientdb_base_dir }}"
+        createhome: false
+        shell: /bin/bash
+    - name: orientdb_install | Create the orientdb directories
+      ansible.builtin.file:
+        dest: "{{ item }}"
+        owner: "{{ orientdb_user }}"
+        group: "{{ orientdb_user }}"
+        mode: "0750"
+        state: directory
+      loop:
+        - "{{ orientdb_base_dir }}"
+        - "{{ orientdb_data_dir }}"
+    - name: orientdb_install | Get the orientdb distribution
+      ansible.builtin.get_url:
+        url: "{{ orientdb_binary_distribution_url }}"
+        dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
+        validate_certs: false
+        owner: root
+        group: root
+        mode: "0444"
+    - name: orientdb_install | Unpack the orientdb distribution
+      ansible.builtin.unarchive:
+        src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
+        dest: '{{ orientdb_base_dir }}'
+        copy: false
+        owner: root
+        group: root
+      args:
+        creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
+    - name: orientdb_install | Create some directories inside the orientdb user home
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        dest: "{{ item }}"
+        state: directory
+        mode: "0750"
+      loop:
+        - '{{ orientdb_pid_dir }}'
+        - '{{ orientdb_automatic_backup_directory }}'
+    - name: orientdb_install | Link to the databases directory
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: "{{ orientdb_data_dir }}"
+        dest: "{{ orientdb_link_to_data_dir }}"
+        state: link
+    - name: orientdb_install | Remove the demodb database
+      ansible.builtin.file:
+        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
+        state: absent
+    - name: orientdb_install | Link to the latest version
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: '{{ orientdb_tar_filename }}'
+        dest: '{{ orientdb_install_dir }}'
+        state: link
+    - name: orientdb_install | Create a link to the data directory
+      ansible.builtin.file:
+        src: '{{ orientdb_data_dir }}'
+        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
+        state: link
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        force: true
+    - name: orientdb_install | Create a orientdb log directory out of the distribution directory
+      ansible.builtin.file:
+        dest: '{{ orientdb_log_dir }}'
+        state: directory
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0755'
+    - name: orientdb_install | Link the log directory inside the orientdb user home
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: "{{ orientdb_log_dir }}"
+        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
+        state: link
+    - name: orientdb_install | Remove the old hook jars
+      ansible.builtin.command: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
+      loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
+      register: hook_jars_rm
+      changed_when: hook_jars_rm.rc
+      tags: ['orientdb', 'orientdb_hooks']
+    - name: orientdb_install | Fetch and install the hook jars
+      ansible.builtin.get_url:
+        url: "{{ item }}"
+        dest: "{{ orientdb_install_dir }}/lib"
+        owner: root
+        group: root
+        mode: "0644"
+      loop: '{{ orientdb_hooks_jars | default([]) }}'
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_hooks']
+    - name: orientdb_install | Install the orientdb default settings
+      ansible.builtin.template:
+        src: orientdb.default.j2
+        dest: /etc/default/orientdb
+        owner: root
+        group: root
+        mode: "0444"
+      notify: Restart orientdb
+    - name: orientdb_install | Fix the pid file path inside the start and shutdown scripts
+      ansible.builtin.lineinfile:
+        dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
+        regexp: "^ORIENTDB_PID=.*$"
+        line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
+        insertafter: "^PRG=.*$"
+        firstmatch: true
+      loop:
+        - server.sh
+        - shutdown.sh
+      tags: ['orientdb', 'orientdb_pid']
+    - name: orientdb_install | Install the orientdb configuration files
+      ansible.builtin.template:
+        src: '{{ item }}.j2'
+        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0640'
+      loop: '{{ orientdb_configuration_files }}'
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_config']
+    - name: orientdb_install | Set the permissions of some configuration files
+      ansible.builtin.file:
+        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0600'
+      loop:
+        - custom-sql-functions.json
+        - security.json
+        - orientdb-etl-log.properties
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_config']
diff --git a/tasks/orientdb_letsencrypt.yml b/tasks/orientdb_letsencrypt.yml
new file mode 100644
index 0000000..ffb3f7e
--- /dev/null
+++ b/tasks/orientdb_letsencrypt.yml
@@ -0,0 +1,28 @@
+---
+- name: orientdb_letsencrypt | Manage the Letsencrypt certificates
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: orientdb_letsencrypt_ssl_enabled
+  block:
+    - name: orientdb_letsencrypt | Create the acme hooks directory if it does not yet exist
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+    - name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.template:
+        src: orientdb-letsencrypt-acme.sh.j2
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        owner: root
+        group: root
+        mode: "4555"
+
+- name: orientdb_letsencrypt | Remove the hook if letsencrypt is not used
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: not orientdb_letsencrypt_ssl_enabled
+  block:
+    - name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        state: absent
diff --git a/tasks/orientdb_monitoring.yml b/tasks/orientdb_monitoring.yml
new file mode 100644
index 0000000..d39ff2d
--- /dev/null
+++ b/tasks/orientdb_monitoring.yml
@@ -0,0 +1,18 @@
+---
+- name: orientdb_monitoring | OrientDB Nagios monitoring
+  tags: ['orientdb', 'orientdb_nagios']
+  block:
+    - name: orientdb_monitoring | Install the nagios nrpe configuration
+      ansible.builtin.template:
+        src: orientdb-nrpe.cfg.j2
+        dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
+        owner: root
+        group: root
+        mode: "0444"
+      notify: Reload NRPE server
+      when: orientdb_nagios_enabled
+    - name: orientdb_monitoring | Remove the nagios nrpe configuration
+      ansible.builtin.file:
+        dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
+        state: absent
+      when: not orientdb_nagios_enabled
diff --git a/tasks/orientdb_removal.yml b/tasks/orientdb_removal.yml
new file mode 100644
index 0000000..6176165
--- /dev/null
+++ b/tasks/orientdb_removal.yml
@@ -0,0 +1,40 @@
+---
+- name: orientdb_removal | Remove OrientDB
+  tags: ['orientdb']
+  block:
+    - name: orientdb_removal | Ensure that the service is disabled and stopped
+      ansible.builtin.service:
+        name: orientdb
+        state: stopped
+        enabled: false
+    - name: orientdb_removal | Remove the orientdb SysV startup file
+      ansible.builtin.file:
+        dest: /etc/init.d/orientdb
+        state: absent
+      when: ansible_service_mgr != 'systemd'
+    - name: orientdb_removal | Remove the orientdb systemd unit
+      ansible.builtin.file:
+        dest: /usr/lib/systemd/system/orientdb.service
+        state: absent
+      when: ansible_service_mgr == 'systemd'
+    - name: orientdb_removal | Remove the link to the orientdb distribution
+      ansible.builtin.file:
+        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
+        state: absent
+    - name: orientdb_removal | Remove the default options file
+      ansible.builtin.file:
+        dest: /etc/default/orientdb
+        state: absent
+    - name: orientdb_removal | Remove the backup cleaner script
+      ansible.builtin.file:
+        dest: /usr/local/bin/orientdb-backup-cleaner
+        state: absent
+    - name: orientdb_removal | Remove the backup cleaner cron job
+      ansible.builtin.cron:
+        cron_file: orientdb-backup-cleaner
+        disabled: false
+        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
+        special_time: daily
+        user: '{{ orientdb_user }}'
+        name: "Remove old orientdb backups"
+        state: absent
diff --git a/templates/orientdb-letsencrypt-acme.sh.j2 b/templates/orientdb-letsencrypt-acme.sh.j2
index abec2a8..2409a42 100644
--- a/templates/orientdb-letsencrypt-acme.sh.j2
+++ b/templates/orientdb-letsencrypt-acme.sh.j2
@@ -30,9 +30,9 @@ chgrp {{ orientdb_user }} "{{ java_keystore_file }}"
 
 if [ "$ORIENTDB_ENABLED" == "True" ] ; then
     logger "orientdb letsencrypt hook: shut down orientdb."
-    /etc/init.d/orientdb stop
+    systemctl stop orientdb
     sleep 30
-    /etc/init.d/orientdb start
+    systemctl start orientdb
     logger "orientdb letsencrypt hook: start orientdb."
 else
     logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
diff --git a/templates/orientdb-server-config.xml.j2 b/templates/orientdb-server-config.xml.j2
index 360746f..13e9ba0 100644
--- a/templates/orientdb-server-config.xml.j2
+++ b/templates/orientdb-server-config.xml.j2
@@ -54,8 +54,8 @@
 {% endif %}
                     <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
                     <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
-                    <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
-                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
+                    <parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
+                    <parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
                 </parameters>
             </socket>
             <socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
@@ -67,8 +67,8 @@
 {% endif %}
                     <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
                     <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
-                    <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
-                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
+                    <parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
+                    <parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
                 </parameters>
             </socket>
         </sockets>