Commit Graph

892 Commits

Author SHA1 Message Date
a7eb04a152
Import OS-specific vars from task in common role
We stopped being able to do dynamic includes from the playbooks around
Ansible 2.4.0.0 if I recall correctly. Instead we can create a task to
include the variables and make it always run by using the special tag.

For now the Debian and Ubuntu vars files are the same, but I will keep
them separate so that it is more flexible in the future.
2018-04-25 18:04:29 +03:00
f3403cc79a
roles/common: Remove Ubuntu partner repo from apt sources
I haven't used this in years, and it looks to only be proprietary things
like Adobe, Skype, etc.
2018-04-25 17:49:38 +03:00
c77167fc17
Pipfile: Use Ansible 2.5.1
I had been using this from the stable-2.5 branch for a few weeks in
order to work around some issues with Jinja2 and ansible-vault, but
now that version 2.5.1 has been released I can use it directly from
pip.
2018-04-23 13:45:21 +03:00
913f59ced6
group_vars/dspace: Update comment for nginx branch
NGINX 1.14.0 was released and is the current "stable" version. The
next "mainline" version should be 1.15.0.

See: https://nginx.org/en/CHANGES-1.14
2018-04-18 16:58:33 +03:00
fb1573922c
pipenv lock 2018-04-10 11:09:13 +03:00
cde6dcde74
Pipfile: Switch back to Python 3
It seems the issue with ansible-vault has been solved in the upcoming
Ansible 2.5.x so I'll switch back to using Python 3 with pipenv.
2018-04-10 11:06:57 +03:00
3c7e5415ae
README.md: Add todo about Ubuntu 18.04 packages
For testing the betas I've been using packages for the previous Ubuntu
release (17.10 "artful").
2018-04-08 13:47:25 +03:00
1a870db3af Fix a few more Jinja2 filters used as tests
I had created these earlier in this branch before rebasing it on top
of the Ansible 2.5.0 readiness branch.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-05 12:17:26 +03:00
632aa1cf14 Fix a few more Jinja2 filters used as tests
I had created these earlier in this branch before rebasing it on top
of the Ansible 2.5.0 readiness branch.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-05 12:17:26 +03:00
d1ba60e15d Use version_compare to test for Ubuntu 18.04 "bionic"
It just feels more correct, plus I usually forget the release code
name from time to time.
2018-04-05 12:17:26 +03:00
ed607aab68 roles/nginx: Use correct php-fpm socket on Ubuntu 18.04 2018-04-05 12:17:26 +03:00
3396a98aad roles/php-fpm: Update note 2018-04-05 12:17:26 +03:00
9f3ab01d48 roles/php-fpm: Use include instead of import for tasks
These tasks are conditional and mutually exclusive due to the "when"
clause. Using import_tasks means that these are imported before the
playbook execution and then skipped during evaluation of the test.

It makes sense in this case to use include_tasks so that the tasks
are only imported during playbook execution if the condition is met.
2018-04-05 12:17:26 +03:00
7fc13d6331 roles/php-fpm: Improve task for Ubuntu 16.04 and Debian 9 2018-04-05 12:17:26 +03:00
9675542f7d roles/php-fpm: Support php-fpm 7.2 on Ubuntu 18.04
Adds a separate handler for the php-fpm7.2 service and cleans up the
pool config file to remove some content that causes Jinja2 to choke.
2018-04-05 12:17:26 +03:00
975a4d3f28 roles/php-fpm: Import php-fpm 7.2 configs
From vanilla Ubuntu 18.04, diffed against current 7.0 templates.
2018-04-05 12:17:26 +03:00
28ba62a8a6 roles/common: Remove sysv-rc-conf from Ubuntu packages
I haven't used this in years and it apparently doesn't exist in Ubuntu
18.04 anyways.
2018-04-05 12:17:25 +03:00
5c3553e684 roles/nginx: Use Ubuntu 17.10's packages on Ubuntu 18.04
There are no nginx packages for Ubuntu 18.04 "bionic" yet so we
should use Ubuntu 17.10 "artful".
2018-04-05 12:17:25 +03:00
6c093801c4 roles/mariadb: Use Ubuntu 17.10's packages on Ubuntu 18.04
There are no mariadb packages for Ubuntu 18.04 "bionic" yet so we
should use Ubuntu 17.10 "artful".
2018-04-05 12:17:25 +03:00
c5bebf0336 roles/common: Use Ubuntu 17.10's tarsnap packages on Ubuntu 18.04
There are no tarsnap packages for Ubuntu 18.04 "bionic" yet so we
should use Ubuntu 17.10 "artful".
2018-04-05 12:17:25 +03:00
10668ed706 roles/common: Update comment in ntp task 2018-04-05 12:17:25 +03:00
19414041e7 roles/common: Add sshd config for Ubuntu 18.04
From the default sshd_config with some cipher settings from the Debian
9 template.
2018-04-05 12:17:25 +03:00
ab2961be61 roles/common: Update Tarsnap GPG key
See: https://www.tarsnap.com/pkg-deb.html
2018-04-05 12:17:25 +03:00
933cbfd51c
Rework pipenv
Ansible 2.5.0 currently has problems with Jinja2 expressions and vaults
so I decided to use Ansible from a source checkout of the devel branch.

I removed the old Pipfile and re-created it with Python 2 and satisfied
the dependencies from requirements.txt, then sourced Ansible:

  $ rm Pipfile*
  $ pipenv install --two -r ~/src/git/ansible/requirements.txt
  $ pipenv shell
  $ source ~/src/git/ansible/hacking/env-setup
2018-04-05 12:14:46 +03:00
a660810d3d
host_vars/web12: WordPress 4.9.5 2018-04-04 08:30:52 +03:00
57120308dc
Update with_items loops to use new-ish "loop" keyword
Ansible 2.4 and 2.5 are moving away from specialized loop functions
and the old syntax will eventually be deprecated and removed. I did
not change the with_fileglob loops because I'm not sure about their
syntax yet.

See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
2018-04-02 15:52:51 +03:00
fbf61c8e61
roles/munin: Don't use loop when installing one package 2018-04-02 15:51:29 +03:00
ffee9250ee
Use new syntax for Jinja2 filters that are used as tests
Ansible 2.5.0 uses a new syntax for Jinja2 filters that are used as
tests.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-02 15:37:37 +03:00
b4c04aa4c9
README.md: Update copyright year 2018-03-26 16:13:04 +03:00
aab49ca9d7
Update pip modules 2018-03-26 15:54:53 +03:00
d155898bb1
Use new syntax for Jinj2 filters that are used as tests
Ansible 2.5.0 uses a new syntax for Jinja2 filters that are used as
tests.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-03-21 21:17:21 +02:00
8adc1cb3bb Use ansible 2.5.0rc3 2018-03-21 20:52:45 +02:00
52b4efd3b0
roles/common: Use HTTPS for tarsnap package mirror 2018-03-17 11:51:45 +02:00
9296d78361
Pipfile.lock: Run pipenv update 2018-03-16 10:35:28 +02:00
b2566f27c0
Use Python 3 for Pipenv 2018-03-08 01:03:14 +02:00
e5b2745e36
host_vars/web12: WordPress 4.9.4 2018-02-06 21:24:45 +02:00
0d6aba43ff
host_vars/web12: WordPress 4.9.3 2018-02-06 11:05:26 +02:00
67c4320607
Add files for pipenv support
Pipenv is a new way to do Python virtual environments. I created the
virtual environment here using:

  $ pipenv --two
  $ pipenv install ansible ansible-lint

To use the virtual environment you enter the project directory and
type:

  $ pipenv shell

See: https://github.com/pypa/pipenv
2018-01-28 10:56:06 +02:00
8faf9cd4d8
host_vars/web12: WordPress 4.9.2 2018-01-17 07:54:33 +02:00
948058151a
roles/common: Fix issues raised by ansible-lint
[ANSIBLE0010] Package installs should not use latest
2017-12-29 20:11:55 +02:00
ac6b9c48af
host_vars/web12: WordPress 4.9.1 2017-11-30 09:05:59 +03:00
16fc99c46c
host_vars/web12: WordPress 4.9 2017-11-16 08:16:29 +02:00
a5e6513be3
roles/dspace: Update gzip_types formatting
From the H5BP project, see:

https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
2017-11-14 12:44:56 +02:00
97aca2cad2
roles/nginx: Remove Internet Explorer 6 gzip disable
I have zero idea if we have IE6 clients any more, but according to the
H5BP community IE6 actually did support gzip and only represents 0.1%
of Internet traffic in 2015 (!) anyways.

See: https://github.com/h5bp/server-configs-nginx/issues/125
2017-11-14 12:43:02 +02:00
92fe57a4da
Revert "Revert "roles/common: Use static imports for tasks""
This reverts commit 63c5477f85.

I'm actually still seeing this problem on Ansible 2.4.0.0 with Python
2.7.14.
2017-11-05 01:51:49 +02:00
36d6360eeb
roles/common: Fix error in conditional 2017-11-05 01:41:38 +02:00
fec081d40a
roles/common: Use deb.debian.org instead of httpredir
Seems to be the evolution of httpredir.
2017-11-05 01:31:16 +02:00
d15c9851db
roles/nginx: Use https for apt repository 2017-11-05 01:30:49 +02:00
55b464e8f7
roles/common: Add apt-transport-https to base packages
Allows fetching debian repositories over HTTPS.
2017-11-05 01:29:00 +02:00
1882ba612f
roles/munin: Remove ansible_os_family checks
We only run Debian family distributions now so there is no need to check
this case.
2017-11-05 01:20:20 +02:00