Non letsencrypt certificates handled externally.

Split the tasks file. TLS without letsencrypt.
ignore the vscode settings.
2023-12-06 19:39:43 +01:00 · 2023-12-06 19:38:05 +01:00 · 2023-12-02 18:15:20 +01:00 · 2023-11-22 19:13:35 +01:00 · 2023-11-21 18:14:36 +01:00 · 2022-11-04 15:46:42 +01:00
16 changed files with 376 additions and 208 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 # ---> Ansible
 *.retry

+.vscode/settings.json
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,19 +1,23 @@
 ---
-orientdb_install: False
-orientdb_enabled: True
-orientdb_version: 3.0.31
+orientdb_install: false
+orientdb_enabled: true
+orientdb_version: 3.2.5
 orientdb_archive_commpression: tar.gz
-orientdb_dir: 'orientdb'
+orientdb_dir: 'orientdb-community'
 orientdb_tar_filename: '{{ orientdb_dir }}-{{ orientdb_version }}'
 orientdb_tar_file: '{{ orientdb_tar_filename }}.{{ orientdb_archive_commpression }}'
-orientdb_binary_distribution_url: 'https://s3.us-east-2.amazonaws.com/orientdb3/releases/{{ orientdb_version }}/{{ orientdb_tar_file }}' 
+orientdb_jdk_version: 8
+# Pre 3.2.5
+# orientdb_binary_distribution_url: 'https://s3.us-east-2.amazonaws.com/orientdb3/releases/{{ orientdb_version }}/{{ orientdb_tar_file }}'
+orientdb_binary_distribution_url: 'https://repo1.maven.org/maven2/com/orientechnologies/{{ orientdb_dir }}/{{ orientdb_version }}/{{ orientdb_tar_file }}'
 orientdb_user: orientdb
 orientdb_log_dir: /var/log/orientdb
 orientdb_log_level: INFO
-orientdb_home_prefix: /home
+orientdb_home_prefix: /srv
+orientdb_data_dir: /srv/orientdb_databases
 orientdb_base_dir: '{{ orientdb_home_prefix }}/{{ orientdb_user }}'
 orientdb_install_dir: '{{ orientdb_base_dir }}/{{ orientdb_dir }}'
-orientdb_data_dir: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/databases'
+orientdb_link_to_data_dir: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/databases'
 orientdb_pid_dir: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/pid'
 orientdb_configuration_files:
  - orientdb-server-log.properties
@ -22,18 +26,19 @@ orientdb_configuration_files:
  - hazelcast.xml
  - automatic-backup.json

-orientdb_ssl_enabled: False
-orientdb_letsencrypt_ssl_enabled: False  
-orientdb_ssl_client_auth_enabled: False
+orientdb_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
+orientdb_letsencrypt_ssl_enabled: "{% if letsencrypt_acme_install is defined %}{{ letsencrypt_acme_install }}{% else %}false{% endif %}"
+orientdb_ssl_client_auth_enabled: false

+orientdb_hooks_enabled: false
 orientdb_hooks_classes:
-  - { name: 'org.gcube.informationsystem.orientdb.hooks.HeaderHook', position: 'REGULAR' }
-  - { name: 'org.gcube.informationsystem.orientdb.hooks.ConsistsOfHook', position: 'REGULAR' }
-  - { name: 'org.gcube.informationsystem.orientdb.hooks.IsRelatedToHook', position: 'REGULAR' }
+  - {name: 'org.gcube.informationsystem.orientdb.hooks.HeaderHook', position: 'REGULAR'}
+  - {name: 'org.gcube.informationsystem.orientdb.hooks.ConsistsOfHook', position: 'REGULAR'}
+  - {name: 'org.gcube.informationsystem.orientdb.hooks.IsRelatedToHook', position: 'REGULAR'}

-#orientdb_hooks_jars:
-#  - 'http://maven.research-infrastructures.eu/nexus/service/local/artifact/maven/redirect?r=gcube-snapshots&g=org.gcube.information-system&a=resource-registry-orientdb-hooks&v=1.3.0-SNAPSHOT&e=jar&c=jar-with-dependencies'
-#orientdb_hooks_to_be_removed:
+# orientdb_hooks_jars:
+#  - 'https://nexus.d4science.org/nexus/service/local/artifact/maven/redirect?r=gcube-snapshots&g=org.gcube.information-system&a=resource-registry-orientdb-hooks&v=1.3.0-SNAPSHOT&e=jar&c=jar-with-dependencies'
+# orientdb_hooks_to_be_removed:
 # - hook*.jar

 orientdb_binary_protocol_lower_port: 2424
@ -46,31 +51,31 @@ orientdb_http_protocol_higher_port: 2490
 orientdb_java_heap: '-Xms1024m -Xmx2048m'
 orientdb_default_settings: ''

-orientdb_distributed: False
+orientdb_distributed: false
 orientdb_distributed_autodeploy: 'true'
 orientdb_distributed_writequorum: 'majority'
-#orientdb_distributed_writequorum: 'all'
+# orientdb_distributed_writequorum: 'all'
 orientdb_distributed_readquorum: 1
 orientdb_distributed_readyourwrites: 'true'
 orientdb_distributed_executionmode: 'undefined'
 orientdb_new_node_strategy: 'dynamic'

-orientdb_graph_server_enabled: False
+orientdb_graph_server_enabled: false

 orientdb_hazelcast_group_name: orientdb
 orientdb_hazelcast_group_password: orientdb
 # This works on the enterprise version only.
-orientdb_hazelcast_encryption: False
+orientdb_hazelcast_encryption: false
 orientdb_hazelcast_port_min: 2434
 orientdb_hazelcast_port_max: 2454
-orientdb_hazelcast_multicast_enabled: False
+orientdb_hazelcast_multicast_enabled: false
 orientdb_hazelcast_multicast_group: 235.1.1.1
 orientdb_hazelcast_unicast_members:
-  - { member: 'localhost', port: '{{ orientdb_hazelcast_port_min }}' }
+  - {member: 'localhost', port: '{{ orientdb_hazelcast_port_min }}'}


 # For Reference see http://orientdb.com/docs/3.0.x/plugins/Automatic-Backup.html
-orientdb_automatic_backup: True
+orientdb_automatic_backup: true
 orientdb_automatic_backup_mode: 'EXPORT'
 orientdb_automatic_backup_export_options: ''
 orientdb_automatic_backup_delay: 24h
@ -80,3 +85,6 @@ orientdb_automatic_backup_target_file_name: '${DBNAME}-${DATE:yyyyMMddHHmmss}.zi
 orientdb_automatic_backup_compression_level: 9
 orientdb_automatic_backup_buffer_size: 1048576
 orientdb_automatic_backup_retention_days: '7'
+
+# Monitoring
+orientdb_nagios_enabled: "{% if nagios_enabled is defined %}{{ nagios_enabled }}{% else %}false{% endif %}"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,4 +1,10 @@
 ---
 - name: Restart orientdb
-  service: name=orientdb state=restarted sleep=30
+  ansible.builtin.service:
+    name: orientdb
+    state: restarted
  when: orientdb_enabled
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,13 +1,12 @@
 galaxy_info:
  author: Andrea Dell'Amico
-  description: Systems Architect
+  description: Role that installs OrientDB
  company: ISTI-CNR
-
-  issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
-
+  namespace: adellam
+  role_name: orientdb
  license: EUPL 1.2+

-  min_ansible_version: 2.8
+  min_ansible_version: "2.15"

  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
@ -15,11 +14,9 @@ galaxy_info:
  platforms:
    - name: Ubuntu
      versions:
-        - Trusty
        - bionic
-    - name: EL
-      versions:
-        - 7
+        - focal
+        - jammy

  galaxy_tags:
    - orientdb
@ -29,4 +26,7 @@ dependencies:
    version: master
    name: openjdk
    state: latest
-
+  - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-java-keystore.git
+    version: master
+    name: java_keystore
+    state: latest
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,162 +1,52 @@
 ---
- block:
-    - name: Create the orientdb user
-      user: name={{ orientdb_user }} home={{ orientdb_base_dir }} createhome=yes shell=/bin/bash
-      
-    - name: Get the orientdb distribution
-      get_url: url={{ orientdb_binary_distribution_url }} dest={{ orientdb_base_dir }}/{{ orientdb_tar_file }} validate_certs=no
-
-    - name: Unpack the orientdb distribution
-      unarchive: src={{ orientdb_base_dir }}/{{ orientdb_tar_file }} dest={{ orientdb_base_dir }} copy=no
-      args:
-        creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
-
-    - name: Link to the latest version
-      become: True
-      become_user: '{{ orientdb_user }}'
-      file: src={{ orientdb_tar_filename }} dest={{ orientdb_install_dir }} state=link
-
-    - name: Create a orientdb log directory out of the distribution directory
-      file: dest={{ orientdb_log_dir }} state=directory owner={{ orientdb_user }} group={{ orientdb_user }} mode=0755
-
-    - name: Link the log directory inside the orientdb user home
-      become: True
-      become_user: '{{ orientdb_user }}'
-      file: dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/logs src={{ orientdb_log_dir }} state=link
-
-    - name: Create the needed directory inside the orientdb user home
-      become: True
-      become_user: '{{ orientdb_user }}'
-      file: dest={{ item }} state=directory mode=0750
-      with_items:
-        - '{{ orientdb_data_dir }}'
-        - '{{ orientdb_pid_dir }}'
-        - '{{ orientdb_automatic_backup_directory }}'
-
-    - name: Remove the old hook jars
-      shell: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
-      with_items: '{{ orientdb_hooks_to_be_removed | default([]) }}'
-      tags: [ 'orientdb', 'orientdb_hooks' ]
-
-    - name: Fetch and install the hook jars
-      get_url: url='{{ item }}' dest={{ orientdb_install_dir }}/lib
-      with_items: '{{ orientdb_hooks_jars | default([]) }}'
-      notify: Restart orientdb
-      tags: [ 'orientdb', 'orientdb_hooks' ]
-
-    - name: Install the orientdb default settings
-      template: src=orientdb.default.j2 dest=/etc/default/orientdb owner=root group=root mode=0444
-      notify: Restart orientdb
-
-    - name: Fix the pid file path inside the start and shutdown scripts
-      lineinfile: dest={{ orientdb_install_dir }}/bin/{{ item }} regexp="^ORIENTDB_PID=.*$" line="ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid" insertafter="^PRG=.*$" firstmatch=yes
-      with_items:
-        - server.sh
-        - shutdown.sh
-      tags: [ 'orientdb', 'orientdb_pid' ]
-
-    - name: Install the orientdb configuration files
-      template: src={{ item }}.j2 dest={{ orientdb_install_dir }}/config/{{ item }} owner={{ orientdb_user }} group={{ orientdb_user }} mode=0640
-      with_items: '{{ orientdb_configuration_files }}'
-      notify: Restart orientdb
-      tags: [ 'orientdb', 'orientdb_config' ]
-
-    - name: Install the nagios nrpe configuration
-      template: src=orientdb-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/orientdb-nrpe.cfg owner=root group=root mode=0444
-      notify: Reload NRPE server
-      when:
-        - nrpe_include_dir is defined
-        - nagios_enabled is defined and nagios_enabled
-      tags: [ 'orientdb', 'orientdb_nagios' ]
-
-    - name: Install the orientdb SYSV startup script
-      template: src=orientdb.init.j2 dest=/etc/init.d/orientdb owner=root group=root mode=0755
-      tags: [ 'orientdb', 'orientdb_init' ]
-      when: ansible_service_mgr != 'systemd'
-
-    - name: Install the orientdb systemd unit
-      template: src=orientdb.service.j2 dest=/usr/lib/systemd/system/orientdb.service owner=root group=root mode=0644
-      tags: [ 'orientdb', 'orientdb_init' ]
-      when: ansible_service_mgr == 'systemd'
-      register: reload_systemd
-
-    - name: Reload the systemd service
-      systemd:
-          daemon_reload: yes
-      when: reload_systemd is changed
-
-    - name: Ensure that the service is enabled and running
-      service: name=orientdb state=started enabled=yes
-      when: orientdb_enabled
-
-    - name: Ensure that the service is stopped and disabled
-      service: name=orientdb state=stopped enabled=no
-      when: not orientdb_enabled
-
-  tags: orientdb
+- name: Manage the OrientDB installation
+  ansible.builtin.import_tasks: orientdb_install.yml
+- name: Clean up the OrientDB backups
+  ansible.builtin.import_tasks: orientdb_backups.yml
+- name: OrientDB monitoring
+  ansible.builtin.import_tasks: orientdb_monitoring.yml
+  when: orientdb_enabled
+- name: OrientDB certificates via Letsencrypt
+  ansible.builtin.import_tasks: orientdb_letsencrypt.yml
  when: orientdb_install
-
- block:
-    - name: Install a script that removes the old orientdb backups
-      template: src=backup-cleaner.sh.j2 dest=/usr/local/bin/orientdb-backup-cleaner owner=root group=root mode=555
-
-    - name: Add a cron job that removes the old backups
-      cron:
-          cron_file: 'orientdb-backup-cleaner'
-          disabled: no
-          job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
-          special_time: daily
-          user: '{{ orientdb_user }}'
-          name: "Remove old orientdb backups"
-          state: present
-
-  tags: [ 'orientdb', 'orientdb_backup' ]
-  when: orientdb_install
-
-
- block:
-    - name: Create the acme hooks directory if it does not yet exist
-      file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
-
-    - name: Install a letsencrypt hook to update the orientdb certificate
-      template: src=orientdb-letsencrypt-acme.sh.j2 dest={{ letsencrypt_acme_services_scripts_dir }}/orientdb owner=root group=root mode=4555
-
-  tags: [ 'orientdb', 'letsencrypt', 'orientdb_letsencrypt' ]
-  when:
-    - orientdb_install
-    - orientdb_letsencrypt_ssl_enabled
-
- block:
-    - name: Ensure that the service is disabled and stopped
-      service: name=orientdb state=stopped enabled=no
-
-    - name: Remove the orientdb SysV startup file
-      file: dest=/etc/init.d/orientdb state=absent
-      when: ansible_service_mgr != 'systemd'
-
-    - name: Remove the orientdb systemd unit
-      file: dest=/usr/lib/systemd/system/orientdb.service state=absent
-      when: ansible_service_mgr == 'systemd'
-
-    - name: Remove the link to the orientdb distribution
-      file: dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }} state=absent
-
-    - name: Remove the default options file
-      file: dest=/etc/default/orientdb state=absent
-
-    - name: Remove the backup cleaner script
-      file: dest=/usr/local/bin/orientdb-backup-cleaner state=absent
-
-    - name: Remove the backup cleaner cron job
-      cron:
-          cron_file: 'orientdb-backup-cleaner'
-          disabled: no
-          job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
-          special_time: daily
-          user: '{{ orientdb_user }}'
-          name: "Remove old orientdb backups"
-          state: absent
-
-  tags: orientdb
+- name: OrientDB removal
+  ansible.builtin.import_tasks: orientdb_removal.yml
  when: not orientdb_install

+- name: Manage the OrientDB service
+  tags: ['orientdb']
+  when: orientdb_install
+  block:
+    - name: Install the orientdb SYSV startup script
+      ansible.builtin.template:
+        src: orientdb.init.j2
+        dest: /etc/init.d/orientdb
+        owner: root
+        group: root
+        mode: "0755"
+      tags: ['orientdb', 'orientdb_init']
+      when: ansible_service_mgr != 'systemd'
+    - name: Install the orientdb systemd unit
+      ansible.builtin.template:
+        src: orientdb.service.j2
+        dest: /etc/systemd/system/orientdb.service
+        owner: root
+        group: root
+        mode: "0644"
+      tags: ['orientdb', 'orientdb_init']
+      when: ansible_service_mgr == 'systemd'
+      notify: Reload systemd
+    - name: Reload the systemd service
+      ansible.builtin.meta: flush_handlers
+    - name: Ensure that the service is enabled and running
+      ansible.builtin.service:
+        name: orientdb
+        state: started
+        enabled: true
+      when: orientdb_enabled
+    - name: Ensure that the service is stopped and disabled
+      ansible.builtin.service:
+        name: orientdb
+        state: stopped
+        enabled: false
+      when: not orientdb_enabled
--- a/tasks/orientdb_backups.yml
+++ b/tasks/orientdb_backups.yml
@ -0,0 +1,21 @@
+---
+- name: orientdb_backups | Clean up the backups
+  tags: ['orientdb', 'orientdb_backup']
+  when: orientdb_install
+  block:
+    - name: orientdb_backups | Install a script that removes the old orientdb backups
+      ansible.builtin.template:
+        src: backup-cleaner.sh.j2
+        dest: /usr/local/bin/orientdb-backup-cleaner
+        owner: root
+        group: root
+        mode: "0555"
+    - name: orientdb_backups | Add a cron job that removes the old backups
+      ansible.builtin.cron:
+        cron_file: orientdb-backup-cleaner
+        disabled: false
+        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
+        special_time: daily
+        user: "{{ orientdb_user }}"
+        name: "Remove old orientdb backups"
+        state: present
--- a/tasks/orientdb_install.yml
+++ b/tasks/orientdb_install.yml
@ -0,0 +1,145 @@
+---
+- name: orientdb_install | OrientDB installation
+  tags: ['orientdb']
+  when: orientdb_install
+  block:
+    - name: orientdb_install | Create the orientdb user
+      ansible.builtin.user:
+        name: "{{ orientdb_user }}"
+        home: "{{ orientdb_base_dir }}"
+        createhome: false
+        shell: /bin/bash
+    - name: orientdb_install | Create the orientdb directories
+      ansible.builtin.file:
+        dest: "{{ item }}"
+        owner: "{{ orientdb_user }}"
+        group: "{{ orientdb_user }}"
+        mode: "0750"
+        state: directory
+      loop:
+        - "{{ orientdb_base_dir }}"
+        - "{{ orientdb_data_dir }}"
+    - name: orientdb_install | Get the orientdb distribution
+      ansible.builtin.get_url:
+        url: "{{ orientdb_binary_distribution_url }}"
+        dest: "{{ orientdb_base_dir }}/{{ orientdb_tar_file }}"
+        validate_certs: false
+        owner: root
+        group: root
+        mode: "0444"
+    - name: orientdb_install | Unpack the orientdb distribution
+      ansible.builtin.unarchive:
+        src: '{{ orientdb_base_dir }}/{{ orientdb_tar_file }}'
+        dest: '{{ orientdb_base_dir }}'
+        copy: false
+        owner: root
+        group: root
+      args:
+        creates: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}'
+    - name: orientdb_install | Create some directories inside the orientdb user home
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        dest: "{{ item }}"
+        state: directory
+        mode: "0750"
+      loop:
+        - '{{ orientdb_pid_dir }}'
+        - '{{ orientdb_automatic_backup_directory }}'
+    - name: orientdb_install | Link to the databases directory
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: "{{ orientdb_data_dir }}"
+        dest: "{{ orientdb_link_to_data_dir }}"
+        state: link
+    - name: orientdb_install | Remove the demodb database
+      ansible.builtin.file:
+        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases/demodb'
+        state: absent
+    - name: orientdb_install | Link to the latest version
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: '{{ orientdb_tar_filename }}'
+        dest: '{{ orientdb_install_dir }}'
+        state: link
+    - name: orientdb_install | Create a link to the data directory
+      ansible.builtin.file:
+        src: '{{ orientdb_data_dir }}'
+        dest: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}-{{ orientdb_version }}/databases'
+        state: link
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        force: true
+    - name: orientdb_install | Create a orientdb log directory out of the distribution directory
+      ansible.builtin.file:
+        dest: '{{ orientdb_log_dir }}'
+        state: directory
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0755'
+    - name: orientdb_install | Link the log directory inside the orientdb user home
+      become: true
+      become_user: '{{ orientdb_user }}'
+      ansible.builtin.file:
+        src: "{{ orientdb_log_dir }}"
+        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/logs"
+        state: link
+    - name: orientdb_install | Remove the old hook jars
+      ansible.builtin.command: rm -f {{ orientdb_install_dir }}/lib/{{ item }}
+      loop: '{{ orientdb_hooks_to_be_removed | default([]) }}'
+      register: hook_jars_rm
+      changed_when: hook_jars_rm.rc
+      tags: ['orientdb', 'orientdb_hooks']
+    - name: orientdb_install | Fetch and install the hook jars
+      ansible.builtin.get_url:
+        url: "{{ item }}"
+        dest: "{{ orientdb_install_dir }}/lib"
+        owner: root
+        group: root
+        mode: "0644"
+      loop: '{{ orientdb_hooks_jars | default([]) }}'
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_hooks']
+    - name: orientdb_install | Install the orientdb default settings
+      ansible.builtin.template:
+        src: orientdb.default.j2
+        dest: /etc/default/orientdb
+        owner: root
+        group: root
+        mode: "0444"
+      notify: Restart orientdb
+    - name: orientdb_install | Fix the pid file path inside the start and shutdown scripts
+      ansible.builtin.lineinfile:
+        dest: '{{ orientdb_install_dir }}/bin/{{ item }}'
+        regexp: "^ORIENTDB_PID=.*$"
+        line: "ORIENTDB_PID={{ orientdb_pid_dir }}/orientdb.pid"
+        insertafter: "^PRG=.*$"
+        firstmatch: true
+      loop:
+        - server.sh
+        - shutdown.sh
+      tags: ['orientdb', 'orientdb_pid']
+    - name: orientdb_install | Install the orientdb configuration files
+      ansible.builtin.template:
+        src: '{{ item }}.j2'
+        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0640'
+      loop: '{{ orientdb_configuration_files }}'
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_config']
+    - name: orientdb_install | Set the permissions of some configuration files
+      ansible.builtin.file:
+        dest: '{{ orientdb_install_dir }}/config/{{ item }}'
+        owner: '{{ orientdb_user }}'
+        group: '{{ orientdb_user }}'
+        mode: '0600'
+      loop:
+        - custom-sql-functions.json
+        - security.json
+        - orientdb-etl-log.properties
+      notify: Restart orientdb
+      tags: ['orientdb', 'orientdb_config']
--- a/tasks/orientdb_letsencrypt.yml
+++ b/tasks/orientdb_letsencrypt.yml
@ -0,0 +1,28 @@
+---
+- name: orientdb_letsencrypt | Manage the Letsencrypt certificates
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: orientdb_letsencrypt_ssl_enabled
+  block:
+    - name: orientdb_letsencrypt | Create the acme hooks directory if it does not yet exist
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+    - name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.template:
+        src: orientdb-letsencrypt-acme.sh.j2
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        owner: root
+        group: root
+        mode: "4555"
+
+- name: orientdb_letsencrypt | Remove the hook if letsencrypt is not used
+  tags: ['orientdb', 'letsencrypt', 'orientdb_letsencrypt']
+  when: not orientdb_letsencrypt_ssl_enabled
+  block:
+    - name: orientdb_letsencrypt | Install a letsencrypt hook to update the orientdb certificate
+      ansible.builtin.file:
+        dest: "{{ letsencrypt_acme_services_scripts_dir }}/orientdb"
+        state: absent
--- a/tasks/orientdb_monitoring.yml
+++ b/tasks/orientdb_monitoring.yml
@ -0,0 +1,18 @@
+---
+- name: orientdb_monitoring | OrientDB Nagios monitoring
+  tags: ['orientdb', 'orientdb_nagios']
+  block:
+    - name: orientdb_monitoring | Install the nagios nrpe configuration
+      ansible.builtin.template:
+        src: orientdb-nrpe.cfg.j2
+        dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
+        owner: root
+        group: root
+        mode: "0444"
+      notify: Reload NRPE server
+      when: orientdb_nagios_enabled
+    - name: orientdb_monitoring | Remove the nagios nrpe configuration
+      ansible.builtin.file:
+        dest: "{{ nrpe_include_dir }}/orientdb-nrpe.cfg"
+        state: absent
+      when: not orientdb_nagios_enabled
--- a/tasks/orientdb_removal.yml
+++ b/tasks/orientdb_removal.yml
@ -0,0 +1,40 @@
+---
+- name: orientdb_removal | Remove OrientDB
+  tags: ['orientdb']
+  block:
+    - name: orientdb_removal | Ensure that the service is disabled and stopped
+      ansible.builtin.service:
+        name: orientdb
+        state: stopped
+        enabled: false
+    - name: orientdb_removal | Remove the orientdb SysV startup file
+      ansible.builtin.file:
+        dest: /etc/init.d/orientdb
+        state: absent
+      when: ansible_service_mgr != 'systemd'
+    - name: orientdb_removal | Remove the orientdb systemd unit
+      ansible.builtin.file:
+        dest: /usr/lib/systemd/system/orientdb.service
+        state: absent
+      when: ansible_service_mgr == 'systemd'
+    - name: orientdb_removal | Remove the link to the orientdb distribution
+      ansible.builtin.file:
+        dest: "{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
+        state: absent
+    - name: orientdb_removal | Remove the default options file
+      ansible.builtin.file:
+        dest: /etc/default/orientdb
+        state: absent
+    - name: orientdb_removal | Remove the backup cleaner script
+      ansible.builtin.file:
+        dest: /usr/local/bin/orientdb-backup-cleaner
+        state: absent
+    - name: orientdb_removal | Remove the backup cleaner cron job
+      ansible.builtin.cron:
+        cron_file: orientdb-backup-cleaner
+        disabled: false
+        job: "/usr/local/bin/orientdb-backup-cleaner >/dev/null 2>&1"
+        special_time: daily
+        user: '{{ orientdb_user }}'
+        name: "Remove old orientdb backups"
+        state: absent
--- a/templates/orientdb-letsencrypt-acme.sh.j2
+++ b/templates/orientdb-letsencrypt-acme.sh.j2
@ -30,9 +30,9 @@ chgrp {{ orientdb_user }} "{{ java_keystore_file }}"

 if [ "$ORIENTDB_ENABLED" == "True" ] ; then
    logger "orientdb letsencrypt hook: shut down orientdb."
-    /etc/init.d/orientdb stop
+    systemctl stop orientdb
    sleep 30
-    /etc/init.d/orientdb start
+    systemctl start orientdb
    logger "orientdb letsencrypt hook: start orientdb."
 else
    logger "orientdb letsencrypt hook: the service is disabled, we do not restart it."
--- a/templates/orientdb-server-config.xml.j2
+++ b/templates/orientdb-server-config.xml.j2
@ -9,6 +9,7 @@
            </parameters>
        </handler>
        {% endif %}
+        {% if orientdb_distributed %}
        <handler class="com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin">
            <parameters>
                <parameter value="{{ orientdb_distributed | ternary('true','false') }}" name="enabled"/>
@ -17,6 +18,7 @@
                <parameter value="${ORIENTDB_HOME}/config/hazelcast.xml" name="configuration.hazelcast"/>
            </parameters>
        </handler>
+        {% endif %}
        <handler class="com.orientechnologies.orient.server.handler.OJMXPlugin">
            <parameters>
                <parameter value="false" name="enabled"/>
@ -52,8 +54,8 @@
 {% endif %}
                    <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
-                    <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
-                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
+                    <parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
+                    <parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
                </parameters>
            </socket>
            <socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
@ -65,8 +67,8 @@
 {% endif %}
                    <parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
-                    <parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
-                    <parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
+                    <parameter value="{{ java_truststore_file }}" name="network.ssl.trustStore"/>
+                    <parameter value="{{ java_truststore_pwd }}" name="network.ssl.trustStorePassword"/>
                </parameters>
            </socket>
        </sockets>
@ -104,15 +106,20 @@
        <entry value="1" name="db.pool.min"/>
        <entry value="50" name="db.pool.max"/>
        <entry value="50" name="script.pool.maxSize"/>
-        <!-- Profile is available in enterprise edition only http://orientdb.com/docs/3.0.x/tuning/Profiler.html -->
        <entry value="false" name="profiler.enabled"/> 
-        <entry value="0" name="distributed.autoRemoveOfflineServers"/>
+{% if orientdb_version is version_compare('3.2.0', '<') %}
        <entry value="{{ orientdb_data_dir }}" name="server.database.path" />
+{% endif %}
    </properties>
+{% if orientdb_hooks_enabled %}    
    <hooks>
      {% for class in orientdb_hooks_classes %}
      <hook class="{{ class.name }}" position="{{ class.position }}"/>
      {% endfor %}
    </hooks>
+{% endif %}
+{% if orientdb_version is version_compare('3.2.0', '<') %}
    <isAfterFirstTime>true</isAfterFirstTime>
+{% endif %}
+
 </orient-server>
--- a/templates/orientdb.default.j2
+++ b/templates/orientdb.default.j2
@ -1,8 +1,8 @@
-export ORIENTDB_DIR="{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
-export ORIENTDB_USER="{{ orientdb_user }}"
-export ORIENTDB_OPTS_MEMORY="{{ orientdb_java_heap }}"
-export ORIENTDB_SETTINGS="{{ orientdb_default_settings }}"
+ORIENTDB_DIR="{{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}"
+ORIENTDB_USER="{{ orientdb_user }}"
+ORIENTDB_OPTS_MEMORY="{{ orientdb_java_heap }}"
+ORIENTDB_SETTINGS="{{ orientdb_default_settings }}"
 ORIENTDB_SERVER_OPTS=
 {% if orientdb_distributed %}
 ORIENTDB_SERVER_OPTS="-Ddistributed=true"
-{% endif %}
+{% endif %}
--- a/templates/orientdb.init.j2
+++ b/templates/orientdb.init.j2
@ -29,7 +29,7 @@ start() {
 	fi
 	echo "Starting OrientDB server daemon..."
 	cd "$ORIENTDB_DIR/bin"
-	su $ORIENTDB_USER -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./dserver.sh $ORIENTDB_SERVER_OPTS  >> {{ orientdb_log_dir }}/orientdb.log 2>&1 &"
+	su $ORIENTDB_USER -c "cd \"$ORIENTDB_DIR/bin\"; /usr/bin/nohup ./server.sh $ORIENTDB_SERVER_OPTS  >> {{ orientdb_log_dir }}/orientdb.log 2>&1 &"
 }

 stop() {
--- a/templates/orientdb.service.j2
+++ b/templates/orientdb.service.j2
@ -7,6 +7,7 @@ After=syslog.target
 WantedBy=multi-user.target

 [Service]
+EnvironmentFile=/etc/default/orientdb
 Type=simple
 User={{ orientdb_user }}
 Group={{ orientdb_user }}
@ -15,7 +16,10 @@ RestartSec=10
 StandardOutput=syslog
 StandardError=syslog
 SyslogIdentifier=orientdb
+{% if orientdb_distributed %}
+ExecStart={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/bin/dserver.sh
+{% else %}
 ExecStart={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/bin/server.sh
+{% endif %}
 ExecStop={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/bin/shutdown.sh
-ExecStatus={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/bin/orientdb.sh status
 ExecReload=/bin/kill -HUP $MAINPID
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,2 +1,2 @@
 ---
-# vars file for ansible-role-template
+jdk_default: "{{ orientdb_jdk_version }}"
Author	SHA1	Message	Date
Andrea Dell'Amico	4935b95b52	Non letsencrypt certificates handled externally.	2023-12-06 19:39:43 +01:00
Andrea Dell'Amico	71a51e8de1	Split the tasks file. TLS without letsencrypt.	2023-12-06 19:38:05 +01:00
Andrea Dell'Amico	10b25f8774	ignore the vscode settings.	2023-12-02 18:15:20 +01:00
Andrea Dell'Amico	770709ed47	Missing 'state' statement.	2023-11-22 19:13:35 +01:00
Andrea Dell'Amico	2a3375764e	Clean up some files. Enforce the jdk version.	2023-11-21 18:14:36 +01:00
Andrea Dell'Amico	c7f933ea9e	Other permissions to fix.	2022-11-04 15:46:42 +01:00
Andrea Dell'Amico	f053ca5be7	Fix the files permissions.	2022-11-04 15:37:57 +01:00
Andrea Dell'Amico	91414e6ac2	Fix the version comparison syntax.	2022-05-26 14:53:19 +02:00
Andrea Dell'Amico	ac990470fd	Fix the demodb path.	2022-05-26 14:48:37 +02:00
Andrea Dell'Amico	5f3a1f7374	Remove the demodb database.	2022-05-26 14:47:54 +02:00
Andrea Dell'Amico	4f45d378f7	A bit of cleanup.	2022-05-26 14:39:02 +02:00
Andrea Dell'Amico	57ef452cd2	Add back some 3.0 config options.	2022-05-26 14:37:02 +02:00
Andrea Dell'Amico	72df9ac731	Fix the task that links the databases directory.	2022-03-18 14:13:00 +01:00
Andrea Dell'Amico	3ff3a7a09a	Some fixes to run the 3.2 versions.	2022-03-18 09:50:16 +01:00
Andrea Dell'Amico	8b92472b88	Merge pull request 'Update 'templates/orientdb-server-config.xml.j2'' (!5 ) from luca.frosini-patch-1 into master Reviewed-on: InfraScience/ansible-role-orientdb#5	2022-03-17 16:44:35 +01:00
Luca Frosini	377037c601	Update 'templates/orientdb-server-config.xml.j2' Removed unneeded tag'isAfterFirstTime' and commented 'hooks' tag which is no more needed	2022-03-17 16:43:39 +01:00
Andrea Dell'Amico	8d25c3bff2	New download URL.	2022-03-01 13:44:08 +01:00
Andrea Dell'Amico	4e9ffe3087	New default version: 3.2.5	2022-03-01 13:09:28 +01:00
Andrea Dell'Amico	9c9425923f	Add the environment file to the systemd unit.	2021-06-04 15:28:58 +02:00
Andrea Dell'Amico	d26c1427e4	Install the systemd unit under /etc/systemd	2021-06-03 18:30:48 +02:00
Andrea Dell'Amico	b79344b89c	New default version and some cleanup.	2021-06-03 18:12:03 +02:00
Andrea Dell'Amico	fb71532efa	Merge pull request 'Update 'templates/orientdb-server-config.xml.j2'' (#4 ) from roberto.cirillo-19979 into master	2020-10-20 15:40:58 +02:00
Roberto Cirillo	1c21c9587b	Update 'templates/orientdb-server-config.xml.j2' commented some lines as requested in 19979	2020-10-20 15:40:06 +02:00
Andrea Dell'Amico	fbd97e1dde	Merge pull request 'Update 'templates/orientdb.init.j2'' (#2 ) from roberto.cirillo-patch-1 into master	2020-10-16 17:21:10 +02:00
Roberto Cirillo	b4f836795d	Update 'templates/orientdb.init.j2' reverting the change required in #19976	2020-10-16 17:20:04 +02:00
Andrea Dell'Amico	69071b02d6	Merge pull request 'Update 'templates/orientdb.init.j2'' (#1 ) from roberto.cirillo/ansible-role-orientdb:master into master	2020-10-16 12:46:49 +02:00