Split the tasks file. TLS without letsencrypt.
This commit is contained in:
parent
10b25f8774
commit
71a51e8de1
|
@ -26,8 +26,8 @@ orientdb_configuration_files:
|
|||
- hazelcast.xml
|
||||
- automatic-backup.json
|
||||
|
||||
orientdb_ssl_enabled: false
|
||||
orientdb_letsencrypt_ssl_enabled: false
|
||||
orientdb_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
|
||||
orientdb_letsencrypt_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
|
||||
orientdb_ssl_client_auth_enabled: false
|
||||
|
||||
orientdb_hooks_enabled: false
|
||||
|
@ -85,3 +85,6 @@ orientdb_automatic_backup_target_file_name: '${DBNAME}-${DATE:yyyyMMddHHmmss}.zi
|
|||
orientdb_automatic_backup_compression_level: 9
|
||||
orientdb_automatic_backup_buffer_size: 1048576
|
||||
orientdb_automatic_backup_retention_days: '7'
|
||||
|
||||
# Monitoring
|
||||
orientdb_nagios_enabled: "{% if nagios_enabled is defined %}{{ nagios_enabled }}{% else %}false{% endif %}"
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
---
|
||||
- name: Restart orientdb
|
||||
service: name=orientdb state=restarted sleep=30
|
||||
ansible.builtin.service:
|
||||
name: orientdb
|
||||
state: restarted
|
||||
when: orientdb_enabled
|
||||
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
|
|
@ -26,4 +26,7 @@ dependencies:
|
|||
version: master
|
||||
name: openjdk
|
||||
state: latest
|
||||
|
||||
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-java-keystore.git
|
||||
version: master
|
||||
name: java_keystore
|
||||
state: latest
|
||||
|
|
257
tasks/main.yml
257
tasks/main.yml
|
@ -1,158 +1,25 @@
|
|||
---
|
||||
- name: OrientDB installation
|
||||
- name: Manage the OrientDB installation
|
||||
ansible.builtin.import_tasks: orientdb_install.yml
|
||||
- name: Clean up the OrientDB backups
|
||||
ansible.builtin.import_tasks: orientdb_backups.yml
|
||||
- name: OrientDB monitoring
|
||||
ansible.builtin.import_tasks: orientdb_monitoring.yml
|
||||
when: orientdb_enabled
|
||||
- name: OrientDB certificates via Letsencrypt
|
||||
ansible.builtin.import_tasks: orientdb_letsencrypt.yml
|
||||
when: orientdb_install
|
||||
- name: OrientDB local certificates
|
||||
ansible.builtin.import_tasks: orientdb_certificates.yml
|
||||
when: orientdb_install
|
||||
- name: OrientDB removal
|
||||
ansible.builtin.import_tasks: orientdb_removal.yml
|
||||
when: not orientdb_install
|
||||
|
||||
- name: Manage the OrientDB service
|
||||
tags: ['orientdb']
|
||||
when: orientdb_install
|
||||
block:
|
||||
- name: Create the orientdb user
|
||||
ansible.builtin.user:
|
||||
name: "{{ orientdb_user }}"
|
||||
home: "{{ orientdb_base_dir }}"
|
||||
createhome: false
|
||||
shell: /bin/bash
|
||||
- name: Create the orientdb directories
|
||||
ansible.builtin.file:
|
||||
dest: "{{ item }}"
|
||||
owner: "{{ orientdb_user }}"
|
||||
group: "{{ orientdb_user }}"
|
||||
mode: "0750"
|
||||
state: directory
|
||||
loop:
|
||||
- "{{ orientdb_base_dir }}"
|
||||
- "{{ orientdb_data_dir }}"
|
||||
- name: Get the orientdb distribution
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ orientdb_binary_distribution_url }}"
|
||||
dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
|
||||
validate_certs: false
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
- name: Unpack the orientdb distribution
|
||||
ansible.builtin.unarchive:
|
||||
src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
|
||||
dest: '{{ orientdb_base_dir }}'
|
||||
copy: false
|
||||
owner: root
|
||||
group: root
|
||||
args:
|
||||
creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
|
||||
- name: Create some directories inside the orientdb user home
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
dest: "{{ item }}"
|
||||
state: directory
|
||||
mode: "0750"
|
||||
loop:
|
||||
- '{{ orientdb_pid_dir }}'
|
||||
- '{{ orientdb_automatic_backup_directory }}'
|
||||
- name: Link to the databases directory
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: "{{ orientdb_data_dir }}"
|
||||
dest: "{{ orientdb_link_to_data_dir }}"
|
||||
state: link
|
||||
- name: Remove the demodb database
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
|
||||
state: absent
|
||||
- name: Link to the latest version
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: '{{ orientdb_tar_filename }}'
|
||||
dest: '{{ orientdb_install_dir }}'
|
||||
state: link
|
||||
- name: Create a link to the data directory
|
||||
ansible.builtin.file:
|
||||
src: '{{ orientdb_data_dir }}'
|
||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
|
||||
state: link
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
force: true
|
||||
- name: Create a orientdb log directory out of the distribution directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_log_dir }}'
|
||||
state: directory
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0755'
|
||||
- name: Link the log directory inside the orientdb user home
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: "{{ orientdb_log_dir }}"
|
||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
|
||||
state: link
|
||||
- name: Remove the old hook jars
|
||||
ansible.builtin.shell: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
|
||||
loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
|
||||
tags: ['orientdb', 'orientdb_hooks']
|
||||
- name: Fetch and install the hook jars
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ item }}"
|
||||
dest: "{{ orientdb_install_dir }}/lib"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop: '{{ orientdb_hooks_jars | default([]) }}'
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_hooks']
|
||||
- name: Install the orientdb default settings
|
||||
ansible.builtin.template:
|
||||
src: orientdb.default.j2
|
||||
dest: /etc/default/orientdb
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Restart orientdb
|
||||
- name: Fix the pid file path inside the start and shutdown scripts
|
||||
ansible.builtin.lineinfile:
|
||||
dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
|
||||
regexp: "^ORIENTDB_PID=.*$"
|
||||
line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
|
||||
insertafter: "^PRG=.*$"
|
||||
firstmatch: true
|
||||
loop:
|
||||
- server.sh
|
||||
- shutdown.sh
|
||||
tags: ['orientdb', 'orientdb_pid']
|
||||
- name: Install the orientdb configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item }}.j2'
|
||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0640'
|
||||
loop: '{{ orientdb_configuration_files }}'
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_config']
|
||||
- name: Set the permissions of some configuration files
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0600'
|
||||
loop:
|
||||
- custom-sql-functions.json
|
||||
- security.json
|
||||
- orientdb-etl-log.properties
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_config']
|
||||
- name: Install the nagios nrpe configuration
|
||||
ansible.builtin.template:
|
||||
src: orientdb-nrpe.cfg.j2
|
||||
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Reload NRPE server
|
||||
when:
|
||||
- nrpe_include_dir is defined
|
||||
- nagios_enabled is defined and nagios_enabled
|
||||
tags: ['orientdb', 'orientdb_nagios']
|
||||
- name: Install the orientdb SYSV startup script
|
||||
ansible.builtin.template:
|
||||
src: orientdb.init.j2
|
||||
|
@ -171,11 +38,9 @@
|
|||
mode: "0644"
|
||||
tags: ['orientdb', 'orientdb_init']
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
register: reload_systemd
|
||||
notify: Reload systemd
|
||||
- name: Reload the systemd service
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when: reload_systemd is changed
|
||||
ansible.builtin.meta: flush_handlers
|
||||
- name: Ensure that the service is enabled and running
|
||||
ansible.builtin.service:
|
||||
name: orientdb
|
||||
|
@ -188,85 +53,3 @@
|
|||
state: stopped
|
||||
enabled: false
|
||||
when: not orientdb_enabled
|
||||
- name: Clean up the backups
|
||||
tags: ['orientdb', 'orientdb_backup']
|
||||
when: orientdb_install
|
||||
block:
|
||||
- name: Install a script that removes the old orientdb backups
|
||||
ansible.builtin.template:
|
||||
src: backup-cleaner.sh.j2
|
||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0555"
|
||||
- name: Add a cron job that removes the old backups
|
||||
ansible.builtin.cron:
|
||||
cron_file: orientdb-backup-cleaner
|
||||
disabled: false
|
||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||
special_time: daily
|
||||
user: "{{ orientdb_user }}"
|
||||
name: "Remove old orientdb backups"
|
||||
state: present
|
||||
- name: Manage the Letsencrypt certificates
|
||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||
when:
|
||||
- orientdb_install
|
||||
- orientdb_letsencrypt_ssl_enabled
|
||||
- letsencrypt_acme_install is defined and letsencrypt_acme_install
|
||||
block:
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
- name: Install a letsencrypt hook to update the orientdb certificate
|
||||
ansible.builtin.template:
|
||||
src: orientdb-letsencrypt-acme.sh.j2
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "4555"
|
||||
|
||||
- name: Remove OrientDB
|
||||
tags: ['orientdb']
|
||||
when: not orientdb_install
|
||||
block:
|
||||
- name: Ensure that the service is disabled and stopped
|
||||
ansible.builtin.service:
|
||||
name: orientdb
|
||||
state: stopped
|
||||
enabled: false
|
||||
- name: Remove the orientdb SysV startup file
|
||||
ansible.builtin.file:
|
||||
dest: /etc/init.d/orientdb
|
||||
state: absent
|
||||
when: ansible_service_mgr != 'systemd'
|
||||
- name: Remove the orientdb systemd unit
|
||||
ansible.builtin.file:
|
||||
dest: /usr/lib/systemd/system/orientdb.service
|
||||
state: absent
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
- name: Remove the link to the orientdb distribution
|
||||
ansible.builtin.file:
|
||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
|
||||
state: absent
|
||||
- name: Remove the default options file
|
||||
ansible.builtin.file:
|
||||
dest: /etc/default/orientdb
|
||||
state: absent
|
||||
- name: Remove the backup cleaner script
|
||||
ansible.builtin.file:
|
||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||
state: absent
|
||||
- name: Remove the backup cleaner cron job
|
||||
ansible.builtin.cron:
|
||||
cron_file: orientdb-backup-cleaner
|
||||
disabled: false
|
||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||
special_time: daily
|
||||
user: '{{ orientdb_user }}'
|
||||
name: "Remove old orientdb backups"
|
||||
state: absent
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
- name: orientdb_backups | Clean up the backups
|
||||
tags: ['orientdb', 'orientdb_backup']
|
||||
when: orientdb_install
|
||||
block:
|
||||
- name: orientdb_backups | Install a script that removes the old orientdb backups
|
||||
ansible.builtin.template:
|
||||
src: backup-cleaner.sh.j2
|
||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0555"
|
||||
- name: orientdb_backups | Add a cron job that removes the old backups
|
||||
ansible.builtin.cron:
|
||||
cron_file: orientdb-backup-cleaner
|
||||
disabled: false
|
||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||
special_time: daily
|
||||
user: "{{ orientdb_user }}"
|
||||
name: "Remove old orientdb backups"
|
||||
state: present
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: orientdb_certificates | Manage the Letsencrypt certificates
|
||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||
when: orientdb_ssl_enabled
|
||||
block:
|
||||
- name: orientdb_certificates | Create the acme hooks directory if it does not yet exist
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
- name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
|
||||
ansible.builtin.template:
|
||||
src: orientdb-letsencrypt-acme.sh.j2
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "4555"
|
||||
|
||||
- name: orientdb_certificates | Remove the hook if letsencrypt is not used
|
||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||
when: not orientdb_letsencrypt_ssl_enabled
|
||||
block:
|
||||
- name: orientdb_certificates | Install a letsencrypt hook to update the orientdb certificate
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||
state: absent
|
|
@ -0,0 +1,145 @@
|
|||
---
|
||||
- name: orientdb_install | OrientDB installation
|
||||
tags: ['orientdb']
|
||||
when: orientdb_install
|
||||
block:
|
||||
- name: orientdb_install | Create the orientdb user
|
||||
ansible.builtin.user:
|
||||
name: "{{ orientdb_user }}"
|
||||
home: "{{ orientdb_base_dir }}"
|
||||
createhome: false
|
||||
shell: /bin/bash
|
||||
- name: orientdb_install | Create the orientdb directories
|
||||
ansible.builtin.file:
|
||||
dest: "{{ item }}"
|
||||
owner: "{{ orientdb_user }}"
|
||||
group: "{{ orientdb_user }}"
|
||||
mode: "0750"
|
||||
state: directory
|
||||
loop:
|
||||
- "{{ orientdb_base_dir }}"
|
||||
- "{{ orientdb_data_dir }}"
|
||||
- name: orientdb_install | Get the orientdb distribution
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ orientdb_binary_distribution_url }}"
|
||||
dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
|
||||
validate_certs: false
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
- name: orientdb_install | Unpack the orientdb distribution
|
||||
ansible.builtin.unarchive:
|
||||
src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
|
||||
dest: '{{ orientdb_base_dir }}'
|
||||
copy: false
|
||||
owner: root
|
||||
group: root
|
||||
args:
|
||||
creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
|
||||
- name: orientdb_install | Create some directories inside the orientdb user home
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
dest: "{{ item }}"
|
||||
state: directory
|
||||
mode: "0750"
|
||||
loop:
|
||||
- '{{ orientdb_pid_dir }}'
|
||||
- '{{ orientdb_automatic_backup_directory }}'
|
||||
- name: orientdb_install | Link to the databases directory
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: "{{ orientdb_data_dir }}"
|
||||
dest: "{{ orientdb_link_to_data_dir }}"
|
||||
state: link
|
||||
- name: orientdb_install | Remove the demodb database
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
|
||||
state: absent
|
||||
- name: orientdb_install | Link to the latest version
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: '{{ orientdb_tar_filename }}'
|
||||
dest: '{{ orientdb_install_dir }}'
|
||||
state: link
|
||||
- name: orientdb_install | Create a link to the data directory
|
||||
ansible.builtin.file:
|
||||
src: '{{ orientdb_data_dir }}'
|
||||
dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
|
||||
state: link
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
force: true
|
||||
- name: orientdb_install | Create a orientdb log directory out of the distribution directory
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_log_dir }}'
|
||||
state: directory
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0755'
|
||||
- name: orientdb_install | Link the log directory inside the orientdb user home
|
||||
become: true
|
||||
become_user: '{{ orientdb_user }}'
|
||||
ansible.builtin.file:
|
||||
src: "{{ orientdb_log_dir }}"
|
||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
|
||||
state: link
|
||||
- name: orientdb_install | Remove the old hook jars
|
||||
ansible.builtin.command: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
|
||||
loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
|
||||
register: hook_jars_rm
|
||||
changed_when: hook_jars_rm.rc
|
||||
tags: ['orientdb', 'orientdb_hooks']
|
||||
- name: orientdb_install | Fetch and install the hook jars
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ item }}"
|
||||
dest: "{{ orientdb_install_dir }}/lib"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
loop: '{{ orientdb_hooks_jars | default([]) }}'
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_hooks']
|
||||
- name: orientdb_install | Install the orientdb default settings
|
||||
ansible.builtin.template:
|
||||
src: orientdb.default.j2
|
||||
dest: /etc/default/orientdb
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Restart orientdb
|
||||
- name: orientdb_install | Fix the pid file path inside the start and shutdown scripts
|
||||
ansible.builtin.lineinfile:
|
||||
dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
|
||||
regexp: "^ORIENTDB_PID=.*$"
|
||||
line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
|
||||
insertafter: "^PRG=.*$"
|
||||
firstmatch: true
|
||||
loop:
|
||||
- server.sh
|
||||
- shutdown.sh
|
||||
tags: ['orientdb', 'orientdb_pid']
|
||||
- name: orientdb_install | Install the orientdb configuration files
|
||||
ansible.builtin.template:
|
||||
src: '{{ item }}.j2'
|
||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0640'
|
||||
loop: '{{ orientdb_configuration_files }}'
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_config']
|
||||
- name: orientdb_install | Set the permissions of some configuration files
|
||||
ansible.builtin.file:
|
||||
dest: '{{ orientdb_install_dir }}/config/{{ item }}'
|
||||
owner: '{{ orientdb_user }}'
|
||||
group: '{{ orientdb_user }}'
|
||||
mode: '0600'
|
||||
loop:
|
||||
- custom-sql-functions.json
|
||||
- security.json
|
||||
- orientdb-etl-log.properties
|
||||
notify: Restart orientdb
|
||||
tags: ['orientdb', 'orientdb_config']
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: orientdb_letsencrypt | Manage the Letsencrypt certificates
|
||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||
when: orientdb_letsencrypt_ssl_enabled
|
||||
block:
|
||||
- name: orientdb_letsencrypt | Create the acme hooks directory if it does not yet exist
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
- name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
|
||||
ansible.builtin.template:
|
||||
src: orientdb-letsencrypt-acme.sh.j2
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "4555"
|
||||
|
||||
- name: orientdb_letsencrypt | Remove the hook if letsencrypt is not used
|
||||
tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
|
||||
when: not orientdb_letsencrypt_ssl_enabled
|
||||
block:
|
||||
- name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
|
||||
ansible.builtin.file:
|
||||
dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
|
||||
state: absent
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: orientdb_monitoring | OrientDB Nagios monitoring
|
||||
tags: ['orientdb', 'orientdb_nagios']
|
||||
block:
|
||||
- name: orientdb_monitoring | Install the nagios nrpe configuration
|
||||
ansible.builtin.template:
|
||||
src: orientdb-nrpe.cfg.j2
|
||||
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Reload NRPE server
|
||||
when: orientdb_nagios_enabled
|
||||
- name: orientdb_monitoring | Remove the nagios nrpe configuration
|
||||
ansible.builtin.file:
|
||||
dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
|
||||
state: absent
|
||||
when: not orientdb_nagios_enabled
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- name: orientdb_removal | Remove OrientDB
|
||||
tags: ['orientdb']
|
||||
block:
|
||||
- name: orientdb_removal | Ensure that the service is disabled and stopped
|
||||
ansible.builtin.service:
|
||||
name: orientdb
|
||||
state: stopped
|
||||
enabled: false
|
||||
- name: orientdb_removal | Remove the orientdb SysV startup file
|
||||
ansible.builtin.file:
|
||||
dest: /etc/init.d/orientdb
|
||||
state: absent
|
||||
when: ansible_service_mgr != 'systemd'
|
||||
- name: orientdb_removal | Remove the orientdb systemd unit
|
||||
ansible.builtin.file:
|
||||
dest: /usr/lib/systemd/system/orientdb.service
|
||||
state: absent
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
- name: orientdb_removal | Remove the link to the orientdb distribution
|
||||
ansible.builtin.file:
|
||||
dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
|
||||
state: absent
|
||||
- name: orientdb_removal | Remove the default options file
|
||||
ansible.builtin.file:
|
||||
dest: /etc/default/orientdb
|
||||
state: absent
|
||||
- name: orientdb_removal | Remove the backup cleaner script
|
||||
ansible.builtin.file:
|
||||
dest: /usr/local/bin/orientdb-backup-cleaner
|
||||
state: absent
|
||||
- name: orientdb_removal | Remove the backup cleaner cron job
|
||||
ansible.builtin.cron:
|
||||
cron_file: orientdb-backup-cleaner
|
||||
disabled: false
|
||||
job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
|
||||
special_time: daily
|
||||
user: '{{ orientdb_user }}'
|
||||
name: "Remove old orientdb backups"
|
||||
state: absent
|
|
@ -30,9 +30,9 @@ chgrp {{ orientdb_user }} "{{ java_keystore_file }}"
|
|||
|
||||
if [ "$ORIENTDB_ENABLED" == "True" ] ; then
|
||||
logger "orientdb letsencrypt hook: shut down orientdb."
|
||||
/etc/init.d/orientdb stop
|
||||
systemctl stop orientdb
|
||||
sleep 30
|
||||
/etc/init.d/orientdb start
|
||||
systemctl start orientdb
|
||||
logger "orientdb letsencrypt hook: start orientdb."
|
||||
else
|
||||
logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
|
||||
|
|
|
@ -54,8 +54,8 @@
|
|||
{% endif %}
|
||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||
<parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
|
||||
<parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||
</parameters>
|
||||
</socket>
|
||||
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
|
||||
|
@ -67,8 +67,8 @@
|
|||
{% endif %}
|
||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
||||
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||
<parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
|
||||
<parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||
</parameters>
|
||||
</socket>
|
||||
</sockets>
|
||||
|
|
Loading…
Reference in New Issue