Split the tasks file. TLS without letsencrypt.
This commit is contained in:
parent
10b25f8774
commit
71a51e8de1
|
@ -26,8 +26,8 @@ orientdb_configuration_files:
|
||||||
- hazelcast.xml
|
- hazelcast.xml
|
||||||
- automatic-backup.json
|
- automatic-backup.json
|
||||||
|
|
||||||
orientdb_ssl_enabled: false
|
orientdb_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
|
||||||
orientdb_letsencrypt_ssl_enabled: false
|
orientdb_letsencrypt_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
|
||||||
orientdb_ssl_client_auth_enabled: false
|
orientdb_ssl_client_auth_enabled: false
|
||||||
|
|
||||||
orientdb_hooks_enabled: false
|
orientdb_hooks_enabled: false
|
||||||
|
@ -85,3 +85,6 @@ orientdb_automatic_backup_target_file_name: '${DBNAME}-${DATE:yyyyMMddHHmmss}.zi
|
||||||
orientdb_automatic_backup_compression_level: 9
|
orientdb_automatic_backup_compression_level: 9
|
||||||
orientdb_automatic_backup_buffer_size: 1048576
|
orientdb_automatic_backup_buffer_size: 1048576
|
||||||
orientdb_automatic_backup_retention_days: '7'
|
orientdb_automatic_backup_retention_days: '7'
|
||||||
|
|
||||||
|
# Monitoring
|
||||||
|
orientdb_nagios_enabled: "{% if nagios_enabled is defined %}{{ nagios_enabled }}{% else %}false{% endif %}"
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Restart orientdb
|
- name: Restart orientdb
|
||||||
service: name=orientdb state=restarted sleep=30
|
ansible.builtin.service:
|
||||||
|
name: orientdb
|
||||||
|
state: restarted
|
||||||
when: orientdb_enabled
|
when: orientdb_enabled
|
||||||
|
|
||||||
|
- name: Reload systemd
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
|
@ -26,4 +26,7 @@ dependencies:
|
||||||
version: master
|
version: master
|
||||||
name: openjdk
|
name: openjdk
|
||||||
state: latest
|
state: latest
|
||||||
|
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-java-keystore.git
|
||||||
|
version: master
|
||||||
|
name: java_keystore
|
||||||
|
state: latest
|
||||||
|
|
257
tasks/main.yml
257
tasks/main.yml
|
@ -1,158 +1,25 @@
|
||||||
---
|
---
|
||||||
- name: OrientDB installation
|
- name: Manage the OrientDB installation
|
||||||
|
ansible.builtin.import_tasks: orientdb_install.yml
|
||||||
|
- name: Clean up the OrientDB backups
|
||||||
|
ansible.builtin.import_tasks: orientdb_backups.yml
|
||||||
|
- name: OrientDB monitoring
|
||||||
|
ansible.builtin.import_tasks: orientdb_monitoring.yml
|
||||||
|
when: orientdb_enabled
|
||||||
|
- name: OrientDB certificates via Letsencrypt
|
||||||
|
ansible.builtin.import_tasks: orientdb_letsencrypt.yml
|
||||||
|
when: orientdb_install
|
||||||
|
- name: OrientDB local certificates
|
||||||
|
ansible.builtin.import_tasks: orientdb_certificates.yml
|
||||||
|
when: orientdb_install
|
||||||
|
- name: OrientDB removal
|
||||||
|
ansible.builtin.import_tasks: orientdb_removal.yml
|
||||||
|
when: not orientdb_install
|
||||||
|
|
||||||
|
- name: Manage the OrientDB service
|
||||||
tags: ['orientdb']
|
tags: ['orientdb']
|
||||||
when: orientdb_install
|
when: orientdb_install
|
||||||
block:
|
block:
|
||||||
- name: Create the orientdb user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: "{{ orientdb_user }}"
|
|
||||||
home: "{{ orientdb_base_dir }}"
|
|
||||||
createhome: false
|
|
||||||
shell: /bin/bash
|
|
||||||
- name: Create the orientdb directories
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ item }}"
|
|
||||||
owner: "{{ orientdb_user }}"
|
|
||||||
group: "{{ orientdb_user }}"
|
|
||||||
mode: "0750"
|
|
||||||
state: directory
|
|
||||||
loop:
|
|
||||||
- "{{ orientdb_base_dir }}"
|
|
||||||
- "{{ orientdb_data_dir }}"
|
|
||||||
- name: Get the orientdb distribution
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: "{{ orientdb_binary_distribution_url }}"
|
|
||||||
dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
|
|
||||||
validate_certs: false
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0444"
|
|
||||||
- name: Unpack the orientdb distribution
|
|
||||||
ansible.builtin.unarchive:
|
|
||||||
src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
|
|
||||||
dest: '{{ orientdb_base_dir }}'
|
|
||||||
copy: false
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
args:
|
|
||||||
creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
|
|
||||||
- name: Create some directories inside the orientdb user home
|
|
||||||
become: true
|
|
||||||
become_user: '{{ orientdb_user }}'
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
mode: "0750"
|
|
||||||
loop:
|
|
||||||
- '{{ orientdb_pid_dir }}'
|
|
||||||
- '{{ orientdb_automatic_backup_directory }}'
|
|
||||||
- name: Link to the databases directory
|
|
||||||
become: true
|
|
||||||
become_user: '{{ orientdb_user }}'
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: "{{ orientdb_data_dir }}"
|
|
||||||
dest: "{{ orientdb_link_to_data_dir }}"
|
|
||||||
state: link
|
|
||||||
- name: Remove the demodb database
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
|
|
||||||
state: absent
|
|
||||||
- name: Link to the latest version
|
|
||||||
become: true
|
|
||||||
become_user: '{{ orientdb_user }}'
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: '{{ orientdb_tar_filename }}'
|
|
||||||
dest: '{{ orientdb_install_dir }}'
|
|
||||||
state: link
|
|
||||||
- name: Create a link to the data directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: '{{ orientdb_data_dir }}'
|
|
||||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
|
|
||||||
state: link
|
|
||||||
owner: '{{ orientdb_user }}'
|
|
||||||
group: '{{ orientdb_user }}'
|
|
||||||
force: true
|
|
||||||
- name: Create a orientdb log directory out of the distribution directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: '{{ orientdb_log_dir }}'
|
|
||||||
state: directory
|
|
||||||
owner: '{{ orientdb_user }}'
|
|
||||||
group: '{{ orientdb_user }}'
|
|
||||||
mode: '0755'
|
|
||||||
- name: Link the log directory inside the orientdb user home
|
|
||||||
become: true
|
|
||||||
become_user: '{{ orientdb_user }}'
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: "{{ orientdb_log_dir }}"
|
|
||||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
|
|
||||||
state: link
|
|
||||||
- name: Remove the old hook jars
|
|
||||||
ansible.builtin.shell: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
|
|
||||||
loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
|
|
||||||
tags: ['orientdb', 'orientdb_hooks']
|
|
||||||
- name: Fetch and install the hook jars
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: "{{ item }}"
|
|
||||||
dest: "{{ orientdb_install_dir }}/lib"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
loop: '{{ orientdb_hooks_jars | default([]) }}'
|
|
||||||
notify: Restart orientdb
|
|
||||||
tags: ['orientdb', 'orientdb_hooks']
|
|
||||||
- name: Install the orientdb default settings
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: orientdb.default.j2
|
|
||||||
dest: /etc/default/orientdb
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0444"
|
|
||||||
notify: Restart orientdb
|
|
||||||
- name: Fix the pid file path inside the start and shutdown scripts
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
|
|
||||||
regexp: "^ORIENTDB_PID=.*$"
|
|
||||||
line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
|
|
||||||
insertafter: "^PRG=.*$"
|
|
||||||
firstmatch: true
|
|
||||||
loop:
|
|
||||||
- server.sh
|
|
||||||
- shutdown.sh
|
|
||||||
tags: ['orientdb', 'orientdb_pid']
|
|
||||||
- name: Install the orientdb configuration files
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: '{{ item }}.j2'
|
|
||||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
|
||||||
owner: '{{ orientdb_user }}'
|
|
||||||
group: '{{ orientdb_user }}'
|
|
||||||
mode: '0640'
|
|
||||||
loop: '{{ orientdb_configuration_files }}'
|
|
||||||
notify: Restart orientdb
|
|
||||||
tags: ['orientdb', 'orientdb_config']
|
|
||||||
- name: Set the permissions of some configuration files
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
|
||||||
owner: '{{ orientdb_user }}'
|
|
||||||
group: '{{ orientdb_user }}'
|
|
||||||
mode: '0600'
|
|
||||||
loop:
|
|
||||||
- custom-sql-functions.json
|
|
||||||
- security.json
|
|
||||||
- orientdb-etl-log.properties
|
|
||||||
notify: Restart orientdb
|
|
||||||
tags: ['orientdb', 'orientdb_config']
|
|
||||||
- name: Install the nagios nrpe configuration
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: orientdb-nrpe.cfg.j2
|
|
||||||
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0444"
|
|
||||||
notify: Reload NRPE server
|
|
||||||
when:
|
|
||||||
- nrpe_include_dir is defined
|
|
||||||
- nagios_enabled is defined and nagios_enabled
|
|
||||||
tags: ['orientdb', 'orientdb_nagios']
|
|
||||||
- name: Install the orientdb SYSV startup script
|
- name: Install the orientdb SYSV startup script
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: orientdb.init.j2
|
src: orientdb.init.j2
|
||||||
|
@ -171,11 +38,9 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
tags: ['orientdb', 'orientdb_init']
|
tags: ['orientdb', 'orientdb_init']
|
||||||
when: ansible_service_mgr == 'systemd'
|
when: ansible_service_mgr == 'systemd'
|
||||||
register: reload_systemd
|
notify: Reload systemd
|
||||||
- name: Reload the systemd service
|
- name: Reload the systemd service
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.meta: flush_handlers
|
||||||
daemon_reload: true
|
|
||||||
when: reload_systemd is changed
|
|
||||||
- name: Ensure that the service is enabled and running
|
- name: Ensure that the service is enabled and running
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: orientdb
|
name: orientdb
|
||||||
|
@ -188,85 +53,3 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: false
|
enabled: false
|
||||||
when: not orientdb_enabled
|
when: not orientdb_enabled
|
||||||
- name: Clean up the backups
|
|
||||||
tags: ['orientdb', 'orientdb_backup']
|
|
||||||
when: orientdb_install
|
|
||||||
block:
|
|
||||||
- name: Install a script that removes the old orientdb backups
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: backup-cleaner.sh.j2
|
|
||||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0555"
|
|
||||||
- name: Add a cron job that removes the old backups
|
|
||||||
ansible.builtin.cron:
|
|
||||||
cron_file: orientdb-backup-cleaner
|
|
||||||
disabled: false
|
|
||||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
|
||||||
special_time: daily
|
|
||||||
user: "{{ orientdb_user }}"
|
|
||||||
name: "Remove old orientdb backups"
|
|
||||||
state: present
|
|
||||||
- name: Manage the Letsencrypt certificates
|
|
||||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
|
||||||
when:
|
|
||||||
- orientdb_install
|
|
||||||
- orientdb_letsencrypt_ssl_enabled
|
|
||||||
- letsencrypt_acme_install is defined and letsencrypt_acme_install
|
|
||||||
block:
|
|
||||||
- name: Create the acme hooks directory if it does not yet exist
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0755"
|
|
||||||
- name: Install a letsencrypt hook to update the orientdb certificate
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: orientdb-letsencrypt-acme.sh.j2
|
|
||||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "4555"
|
|
||||||
|
|
||||||
- name: Remove OrientDB
|
|
||||||
tags: ['orientdb']
|
|
||||||
when: not orientdb_install
|
|
||||||
block:
|
|
||||||
- name: Ensure that the service is disabled and stopped
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: orientdb
|
|
||||||
state: stopped
|
|
||||||
enabled: false
|
|
||||||
- name: Remove the orientdb SysV startup file
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: /etc/init.d/orientdb
|
|
||||||
state: absent
|
|
||||||
when: ansible_service_mgr != 'systemd'
|
|
||||||
- name: Remove the orientdb systemd unit
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: /usr/lib/systemd/system/orientdb.service
|
|
||||||
state: absent
|
|
||||||
when: ansible_service_mgr == 'systemd'
|
|
||||||
- name: Remove the link to the orientdb distribution
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
|
|
||||||
state: absent
|
|
||||||
- name: Remove the default options file
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: /etc/default/orientdb
|
|
||||||
state: absent
|
|
||||||
- name: Remove the backup cleaner script
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
|
||||||
state: absent
|
|
||||||
- name: Remove the backup cleaner cron job
|
|
||||||
ansible.builtin.cron:
|
|
||||||
cron_file: orientdb-backup-cleaner
|
|
||||||
disabled: false
|
|
||||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
|
||||||
special_time: daily
|
|
||||||
user: '{{ orientdb_user }}'
|
|
||||||
name: "Remove old orientdb backups"
|
|
||||||
state: absent
|
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_backups | Clean up the backups
|
||||||
|
tags: ['orientdb', 'orientdb_backup']
|
||||||
|
when: orientdb_install
|
||||||
|
block:
|
||||||
|
- name: orientdb_backups | Install a script that removes the old orientdb backups
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: backup-cleaner.sh.j2
|
||||||
|
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0555"
|
||||||
|
- name: orientdb_backups | Add a cron job that removes the old backups
|
||||||
|
ansible.builtin.cron:
|
||||||
|
cron_file: orientdb-backup-cleaner
|
||||||
|
disabled: false
|
||||||
|
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||||
|
special_time: daily
|
||||||
|
user: "{{ orientdb_user }}"
|
||||||
|
name: "Remove old orientdb backups"
|
||||||
|
state: present
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_certificates | Manage the Letsencrypt certificates
|
||||||
|
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||||
|
when: orientdb_ssl_enabled
|
||||||
|
block:
|
||||||
|
- name: orientdb_certificates | Create the acme hooks directory if it does not yet exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
- name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: orientdb-letsencrypt-acme.sh.j2
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "4555"
|
||||||
|
|
||||||
|
- name: orientdb_certificates | Remove the hook if letsencrypt is not used
|
||||||
|
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||||
|
when: not orientdb_letsencrypt_ssl_enabled
|
||||||
|
block:
|
||||||
|
- name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||||
|
state: absent
|
|
@ -0,0 +1,145 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_install | OrientDB installation
|
||||||
|
tags: ['orientdb']
|
||||||
|
when: orientdb_install
|
||||||
|
block:
|
||||||
|
- name: orientdb_install | Create the orientdb user
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ orientdb_user }}"
|
||||||
|
home: "{{ orientdb_base_dir }}"
|
||||||
|
createhome: false
|
||||||
|
shell: /bin/bash
|
||||||
|
- name: orientdb_install | Create the orientdb directories
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
owner: "{{ orientdb_user }}"
|
||||||
|
group: "{{ orientdb_user }}"
|
||||||
|
mode: "0750"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ orientdb_base_dir }}"
|
||||||
|
- "{{ orientdb_data_dir }}"
|
||||||
|
- name: orientdb_install | Get the orientdb distribution
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ orientdb_binary_distribution_url }}"
|
||||||
|
dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
|
||||||
|
validate_certs: false
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
- name: orientdb_install | Unpack the orientdb distribution
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
|
||||||
|
dest: '{{ orientdb_base_dir }}'
|
||||||
|
copy: false
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
args:
|
||||||
|
creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
|
||||||
|
- name: orientdb_install | Create some directories inside the orientdb user home
|
||||||
|
become: true
|
||||||
|
become_user: '{{ orientdb_user }}'
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: "0750"
|
||||||
|
loop:
|
||||||
|
- '{{ orientdb_pid_dir }}'
|
||||||
|
- '{{ orientdb_automatic_backup_directory }}'
|
||||||
|
- name: orientdb_install | Link to the databases directory
|
||||||
|
become: true
|
||||||
|
become_user: '{{ orientdb_user }}'
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "{{ orientdb_data_dir }}"
|
||||||
|
dest: "{{ orientdb_link_to_data_dir }}"
|
||||||
|
state: link
|
||||||
|
- name: orientdb_install | Remove the demodb database
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
|
||||||
|
state: absent
|
||||||
|
- name: orientdb_install | Link to the latest version
|
||||||
|
become: true
|
||||||
|
become_user: '{{ orientdb_user }}'
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: '{{ orientdb_tar_filename }}'
|
||||||
|
dest: '{{ orientdb_install_dir }}'
|
||||||
|
state: link
|
||||||
|
- name: orientdb_install | Create a link to the data directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: '{{ orientdb_data_dir }}'
|
||||||
|
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
|
||||||
|
state: link
|
||||||
|
owner: '{{ orientdb_user }}'
|
||||||
|
group: '{{ orientdb_user }}'
|
||||||
|
force: true
|
||||||
|
- name: orientdb_install | Create a orientdb log directory out of the distribution directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: '{{ orientdb_log_dir }}'
|
||||||
|
state: directory
|
||||||
|
owner: '{{ orientdb_user }}'
|
||||||
|
group: '{{ orientdb_user }}'
|
||||||
|
mode: '0755'
|
||||||
|
- name: orientdb_install | Link the log directory inside the orientdb user home
|
||||||
|
become: true
|
||||||
|
become_user: '{{ orientdb_user }}'
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "{{ orientdb_log_dir }}"
|
||||||
|
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
|
||||||
|
state: link
|
||||||
|
- name: orientdb_install | Remove the old hook jars
|
||||||
|
ansible.builtin.command: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
|
||||||
|
loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
|
||||||
|
register: hook_jars_rm
|
||||||
|
changed_when: hook_jars_rm.rc
|
||||||
|
tags: ['orientdb', 'orientdb_hooks']
|
||||||
|
- name: orientdb_install | Fetch and install the hook jars
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ item }}"
|
||||||
|
dest: "{{ orientdb_install_dir }}/lib"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop: '{{ orientdb_hooks_jars | default([]) }}'
|
||||||
|
notify: Restart orientdb
|
||||||
|
tags: ['orientdb', 'orientdb_hooks']
|
||||||
|
- name: orientdb_install | Install the orientdb default settings
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: orientdb.default.j2
|
||||||
|
dest: /etc/default/orientdb
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
notify: Restart orientdb
|
||||||
|
- name: orientdb_install | Fix the pid file path inside the start and shutdown scripts
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
|
||||||
|
regexp: "^ORIENTDB_PID=.*$"
|
||||||
|
line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
|
||||||
|
insertafter: "^PRG=.*$"
|
||||||
|
firstmatch: true
|
||||||
|
loop:
|
||||||
|
- server.sh
|
||||||
|
- shutdown.sh
|
||||||
|
tags: ['orientdb', 'orientdb_pid']
|
||||||
|
- name: orientdb_install | Install the orientdb configuration files
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: '{{ item }}.j2'
|
||||||
|
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||||
|
owner: '{{ orientdb_user }}'
|
||||||
|
group: '{{ orientdb_user }}'
|
||||||
|
mode: '0640'
|
||||||
|
loop: '{{ orientdb_configuration_files }}'
|
||||||
|
notify: Restart orientdb
|
||||||
|
tags: ['orientdb', 'orientdb_config']
|
||||||
|
- name: orientdb_install | Set the permissions of some configuration files
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||||
|
owner: '{{ orientdb_user }}'
|
||||||
|
group: '{{ orientdb_user }}'
|
||||||
|
mode: '0600'
|
||||||
|
loop:
|
||||||
|
- custom-sql-functions.json
|
||||||
|
- security.json
|
||||||
|
- orientdb-etl-log.properties
|
||||||
|
notify: Restart orientdb
|
||||||
|
tags: ['orientdb', 'orientdb_config']
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_letsencrypt | Manage the Letsencrypt certificates
|
||||||
|
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||||
|
when: orientdb_letsencrypt_ssl_enabled
|
||||||
|
block:
|
||||||
|
- name: orientdb_letsencrypt | Create the acme hooks directory if it does not yet exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
- name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: orientdb-letsencrypt-acme.sh.j2
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "4555"
|
||||||
|
|
||||||
|
- name: orientdb_letsencrypt | Remove the hook if letsencrypt is not used
|
||||||
|
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||||
|
when: not orientdb_letsencrypt_ssl_enabled
|
||||||
|
block:
|
||||||
|
- name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||||
|
state: absent
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_monitoring | OrientDB Nagios monitoring
|
||||||
|
tags: ['orientdb', 'orientdb_nagios']
|
||||||
|
block:
|
||||||
|
- name: orientdb_monitoring | Install the nagios nrpe configuration
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: orientdb-nrpe.cfg.j2
|
||||||
|
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
notify: Reload NRPE server
|
||||||
|
when: orientdb_nagios_enabled
|
||||||
|
- name: orientdb_monitoring | Remove the nagios nrpe configuration
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
||||||
|
state: absent
|
||||||
|
when: not orientdb_nagios_enabled
|
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
- name: orientdb_removal | Remove OrientDB
|
||||||
|
tags: ['orientdb']
|
||||||
|
block:
|
||||||
|
- name: orientdb_removal | Ensure that the service is disabled and stopped
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: orientdb
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
- name: orientdb_removal | Remove the orientdb SysV startup file
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: /etc/init.d/orientdb
|
||||||
|
state: absent
|
||||||
|
when: ansible_service_mgr != 'systemd'
|
||||||
|
- name: orientdb_removal | Remove the orientdb systemd unit
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: /usr/lib/systemd/system/orientdb.service
|
||||||
|
state: absent
|
||||||
|
when: ansible_service_mgr == 'systemd'
|
||||||
|
- name: orientdb_removal | Remove the link to the orientdb distribution
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
|
||||||
|
state: absent
|
||||||
|
- name: orientdb_removal | Remove the default options file
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: /etc/default/orientdb
|
||||||
|
state: absent
|
||||||
|
- name: orientdb_removal | Remove the backup cleaner script
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||||
|
state: absent
|
||||||
|
- name: orientdb_removal | Remove the backup cleaner cron job
|
||||||
|
ansible.builtin.cron:
|
||||||
|
cron_file: orientdb-backup-cleaner
|
||||||
|
disabled: false
|
||||||
|
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||||
|
special_time: daily
|
||||||
|
user: '{{ orientdb_user }}'
|
||||||
|
name: "Remove old orientdb backups"
|
||||||
|
state: absent
|
|
@ -30,9 +30,9 @@ chgrp {{ orientdb_user }} "{{ java_keystore_file }}"
|
||||||
|
|
||||||
if [ "$ORIENTDB_ENABLED" == "True" ] ; then
|
if [ "$ORIENTDB_ENABLED" == "True" ] ; then
|
||||||
logger "orientdb letsencrypt hook: shut down orientdb."
|
logger "orientdb letsencrypt hook: shut down orientdb."
|
||||||
/etc/init.d/orientdb stop
|
systemctl stop orientdb
|
||||||
sleep 30
|
sleep 30
|
||||||
/etc/init.d/orientdb start
|
systemctl start orientdb
|
||||||
logger "orientdb letsencrypt hook: start orientdb."
|
logger "orientdb letsencrypt hook: start orientdb."
|
||||||
else
|
else
|
||||||
logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
|
logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
|
||||||
|
|
|
@ -54,8 +54,8 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
<parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
|
||||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
<parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||||
</parameters>
|
</parameters>
|
||||||
</socket>
|
</socket>
|
||||||
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
|
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
|
||||||
|
@ -67,8 +67,8 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
<parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
|
||||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
<parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||||
</parameters>
|
</parameters>
|
||||||
</socket>
|
</socket>
|
||||||
</sockets>
|
</sockets>
|
||||||
|
|
Loading…
Reference in New Issue