Commit Graph

525 Commits

Author SHA1 Message Date
b6a54ca4d1 roles/common: Reload firewalld instead of restart
There is no need to bounce the service, just reload it.
2017-11-05 00:27:44 +02:00
0a92f3ae8f roles/common: Use systemd module instead of "service"
This was new in Ansible 2.2 but I didn't notice until now. All of our
servers are running distributions with systemd so let's just use this.
2017-11-05 00:27:44 +02:00
0e409792ca
roles/mariadb: Update comment with link to MySQL module docs 2017-11-05 00:26:32 +02:00
7b60e6d24f
Revert "Import OS-specific vars in tasks instead of play"
This reverts commit e30e4d4b1e.

I suspect this was a side effect of using Python 3 rather than an
issue in Ansible 2.4.0.0.
2017-11-04 23:53:38 +02:00
63c5477f85
Revert "roles/common: Use static imports for tasks"
This reverts commit 5147f4029b.

I think this was a side effect of using Python 3, not a regression in
Ansible 2.4.0.0.
2017-11-04 23:53:25 +02:00
620e8258ac
roles/common: Remove duplicate option in sshd_config 2017-11-01 13:22:18 +02:00
0463c3c0b8
Revert "ansible.cfg: Temporary workaround for Ansible > 2.4.0.0 connection issue"
This reverts commit 4f357f336f.

On a hunch I recreated my Ansible virtualenv using Python 2.7 and now
connections work properly again without this. Something seems to have
happened with Python 3 in Ansible > 2.4.0.0.

For reference, Python version was 3.6.3 when it was not working, and
now it is working with Python 2.7.14.
2017-11-01 13:03:44 +02:00
5147f4029b
roles/common: Use static imports for tasks
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.

In practice this achieves the same function, but without the "magic"
ability to use one task for different operating systems.
2017-11-01 01:25:46 +02:00
e30e4d4b1e
Import OS-specific vars in tasks instead of play
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.

We make sure that this tasks always runs by using the special tag of
the same name.
2017-11-01 01:21:48 +02:00
73e6d0b7ed
roles/nginx: Fix issue raised by ansible-lint
[ANSIBLE0006] systemctl used in place of systemd module

Also, move the functionality of the changed check to the systemd task,
because it has the ability to simply daemon-reload itself now.
2017-10-31 23:18:15 +02:00
4ad4d79b3d
roles/munin: Fix issue raised by ansible-lint
[ANSIBLE0010] Package installs should not use latest
2017-10-31 22:41:40 +02:00
f362207616
roles/munin: Fix issue raised by ansible-lint
[ANSIBLE0002] Trailing whitespace
2017-10-31 22:39:34 +02:00
e043cd7dfe
roles/munin: Fix issue raised by ansible-lint
[ANSIBLE0010] Package installs should not use latest
2017-10-31 22:38:32 +02:00
f7393b0ca9
host_vars/web12: WordPress 4.8.3 2017-10-31 19:42:49 +02:00
4f357f336f
ansible.cfg: Temporary workaround for Ansible > 2.4.0.0 connection issue
Not sure what causes it but I get timeouts when connecting to my hosts
with Ansible > 2.4.0.0 (tested 2.4.1.0 and current 2.5.0-devel). For
some reason switching to paramiko fixes it.
2017-10-30 16:21:35 +02:00
a312166da9
misc-plays/change_password.yml: Use become 2017-10-14 14:20:34 +03:00
15bf4727c1
roles/common: Add names to include tasks
I'm not sure why these weren't caught by ansible-lint.
2017-10-03 17:46:55 +03:00
e86e2c081b
roles/nginx: Use 'present' instead of 'latest' to install nginx
Raised by the following rule in ansible-lint:

[ANSIBLE0010] Package installs should not use latest
2017-10-03 15:04:54 +03:00
5281d41445
Add names to include tasks
Raised by ansible-lint in the following rule:

[ANSIBLE0011] All tasks should be named
2017-10-03 15:03:09 +03:00
643c89891e
web.yml: Use 'remote_user' instead of 'user'
The use of 'user' was deprecated in Ansible 1.4.
2017-10-03 14:05:15 +03:00
bdf32df28e
host_vars/web12: Remove mjanja.org 2017-10-01 09:17:08 +03:00
b3fa930019
host_vars/web12: ansible_ssh_host → ansible_host
This was apparently deprecated in ansible 2.0.

See: https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#2.0
2017-09-26 15:27:27 +03:00
a38e2a4ff6
roles/mariadb: Use MariaDB 10.2 from vendor repo
I can't remember right now why I needed to use Debian's MariaDB build
but now I just want to use upstream's latest stable. Debian's version
is 10.1 and upstream has moved on to 10.2.
2017-09-26 15:15:27 +03:00
ff6253213a
roles/common: Rename "iptables" task to "firewall" 2017-09-26 14:32:21 +03:00
818cbfd533
roles/common: Enable firewalld in Debian 9 2017-09-26 14:30:18 +03:00
58245e3480
roles/common/tasks/main.yml: Remove comment 2017-09-22 15:53:01 +03:00
16a9ebf97f
Adjust playbooks for Ansible 2.4 import changes
Ansible 2.4 changes the way includes work. Now you have to use "import"
for playbooks and tasks that are static, and "include" for those that
are dynamic (ie, those that use variables, loops, etc).

See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
2017-09-21 21:30:47 +03:00
3e581f9a46
README.md: Remove options from example invocation
They are now embedded inside ansible.cfg.
2017-09-20 13:01:12 +03:00
0cd06a8298
ansible.cfg: Add option to always ask become pass
Saves having to remember to type -K during normal playbook runs.
2017-09-20 12:59:46 +03:00
3d1022cd23
ansible.cfg: Add option to ask for vault pass
One less thing to remember to type during normal invocations.
2017-09-20 12:43:53 +03:00
5867d6038c
ansible.cfg: Add inventory option
As of Ansible 2.4 the ANSIBLE_HOSTS environment variable is deprecated
so we need to specify this some other way.
2017-09-20 12:35:13 +03:00
53eade7ab1
host_vars/web12: WordPress 4.8.2 2017-09-20 07:57:42 +03:00
d124bd0dad
host_vars/web12: WordPress 4.8.1 2017-08-14 16:47:10 +03:00
02f7510f5f
Remove web08 2017-06-20 12:51:36 +03:00
d518bc51a4
Use nginx user instead of www-data on Debian 9
Using www-data was a temporary measure while I was waiting for the
official nginx.org packages to be released for Debian 9 and we had
to use Debian's own nginx package.
2017-06-19 18:36:13 +03:00
b945240756
roles/common: Harden sshd_config template for Debian 9 and Ubuntu 16.04
From: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
2017-06-19 10:13:24 +03:00
e5939c830a
Add new web server web12 2017-06-18 11:05:19 +03:00
b2d3984c5a
roles/nginx: Fix PHP-FPM socket location on Debian 9
Debian 9 and Ubuntu 16.04 use the same PHP-FPM configuration so we
can make use of that here.
2017-06-18 11:04:30 +03:00
4f22052afe
roles/common: Remove duplicate timezone task
We set it in the separate ntp.yml playbook now, as there are a few
different systems we cater to (systemd, old ntp, etc).
2017-06-18 09:30:05 +03:00
ffac0b8afd
roles/common: Update apt cache in tarsnap step
This fails on clean installs otherwise.
2017-06-18 09:27:53 +03:00
4c6e45f93b
host_vars/web08: WordPress 4.8 2017-06-12 18:29:46 +03:00
f9a0f9e6bf
roles/php-fpm: Update php7.0-php.ini.j2
Minor comment updates from the latest version from Ubuntu 16.04.
2017-05-28 15:46:15 +03:00
f85c5f3605
roles/php-fpm: Update defaults
Latest defaults from the PHP.net opcache documentation:

    https://secure.php.net/manual/en/opcache.installation.php
2017-05-28 15:45:05 +03:00
02d63d7701
host_vars/web08: WordPress 4.7.5 2017-05-28 09:34:21 +03:00
39afca4bb2
host_vars/web08: WordPress 4.7.4 2017-04-22 15:31:19 +03:00
4ff2ac1737
roles/nginx: Update comment about nginx versions
Version 1.12.x is now stable and 1.13.x is now mainline.

See: https://www.nginx.com/blog/nginx-1-12-1-13-released/
2017-04-14 16:07:33 +03:00
a7a6fa38c9
roles/nginx: Official builds for Debian Stretch
Now that there are official nginx.org builds for Debian 9 we don't
need to use Debian's own nginx packages.
2017-04-14 16:06:32 +03:00
a6034fda0c
host_vars/web08: WordPress 4.7.3 2017-03-06 22:54:05 +02:00
f53f3c8e7a
roles/php-fpm: Update php7.0-php.ini template
Sync with latest packaged version from Debian 9. Effectively this
only updates comments and disabled options, but having less changes
to look at during an apt upgrade is nice and reduces the chance of
adding errors.
2017-03-06 12:53:17 +02:00
5b51fcedc2
roles/nginx: Sort packages for Let's Encrypt deps on Ubuntu 2017-02-16 18:16:09 +02:00