diff --git a/playbooks/production/files/nginx.conf b/playbooks/production/files/nginx.conf index d69a3e12..477b9904 100644 --- a/playbooks/production/files/nginx.conf +++ b/playbooks/production/files/nginx.conf @@ -1,4 +1,4 @@ -user nginx; +user {{ nginx_user }}; worker_processes auto; worker_rlimit_nofile 65535; diff --git a/playbooks/production/includes/setup_inputrc.yml b/playbooks/production/includes/setup_inputrc.yml new file mode 100644 index 00000000..6cf0b926 --- /dev/null +++ b/playbooks/production/includes/setup_inputrc.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + tasks: + - name: insert/update inputrc for history + blockinfile: + dest: "/home/{{ ansible_user_id }}/.inputrc" + create: yes + block: | + ## arrow up + "\e[A":history-search-backward + ## arrow down + "\e[B":history-search-forward \ No newline at end of file diff --git a/playbooks/production/install.yml b/playbooks/production/install.yml index 07f8dd7d..0f58a058 100644 --- a/playbooks/production/install.yml +++ b/playbooks/production/install.yml @@ -8,7 +8,7 @@ become: yes become_user: root vars: - - nginx_conf_file: ../files/nginx.conf + - nginx_conf_file: files/nginx.conf roles: - locale - swap @@ -26,16 +26,13 @@ - name: Start NTPD service: name=ntpd state=started + when: ansible_distribution == 'CentOS' - - name: insert/update inputrc for history - blockinfile: - dest: "/home/{{ ansible_user_id }}/.inputrc" - create: yes - block: | - ## arrow up - "\e[A":history-search-backward - ## arrow down - "\e[B":history-search-forward + - name: Start NTPD + service: name=ntp state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + + - include: includes/setup_inputrc.yml # Setup Bench for production environment - include: includes/setup_bench_production.yml diff --git a/playbooks/production/roles/fail2ban/tasks/main.yml b/playbooks/production/roles/fail2ban/tasks/main.yml index 415ffbe3..d7866036 100644 --- a/playbooks/production/roles/fail2ban/tasks/main.yml +++ b/playbooks/production/roles/fail2ban/tasks/main.yml @@ -1,6 +1,11 @@ --- - name: Install fail2ban yum: name=fail2ban state=present + when: ansible_distribution == 'CentOS' + +- name: Install fail2ban + apt: name=fail2ban state=present + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: Enable fail2ban service: name=fail2ban enabled=yes diff --git a/playbooks/production/roles/frappe_selinux/tasks/main.yml b/playbooks/production/roles/frappe_selinux/tasks/main.yml index 79c19d5b..d2ef05f7 100644 --- a/playbooks/production/roles/frappe_selinux/tasks/main.yml +++ b/playbooks/production/roles/frappe_selinux/tasks/main.yml @@ -6,24 +6,26 @@ - selinux-policy-devel when: ansible_distribution == 'CentOS' -- name: Install SELinux for Ubuntu - apt: name={{ item }} state=present - with_items: - - selinux - - selinux-policy-dev - when: ansible_distribution == 'Ubuntu' +# - name: Install SELinux for Ubuntu +# apt: name={{ item }} state=present +# with_items: +# - selinux +# - selinux-policy-dev +# when: ansible_distribution == 'Ubuntu' - name: Check enabled SELinux modules shell: semanage module -l register: enabled_modules + when: ansible_distribution == 'CentOS' - name: Copy frappe_selinux policy copy: src=frappe_selinux.te dest=/root/frappe_selinux.te register: dest_frappe_selinux_te + when: ansible_distribution == 'CentOS' - name: Compile frappe_selinux policy shell: "make -f /usr/share/selinux/devel/Makefile frappe_selinux.pp && semodule -i frappe_selinux.pp" args: chdir: /root/ - when: "enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" + when: "ansible_distribution == 'CentOS' and enabled_modules.stdout.find('frappe_selinux') == -1 or dest_frappe_selinux_te.changed" diff --git a/playbooks/production/roles/logwatch/tasks/main.yml b/playbooks/production/roles/logwatch/tasks/main.yml index 6d129c69..7d44e2bb 100644 --- a/playbooks/production/roles/logwatch/tasks/main.yml +++ b/playbooks/production/roles/logwatch/tasks/main.yml @@ -1,6 +1,12 @@ --- - name: Install logwatch yum: name=logwatch state=present + when: ansible_distribution == 'CentOS' + +- name: Install logwatch on Ubuntu or Debian + apt: name=logwatch state=present + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: Copy logwatch config - template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes \ No newline at end of file + template: src=logwatch.conf.j2 dest=/etc/logwatch/conf/logwatch.conf backup=yes + when: admin_emails is defined \ No newline at end of file diff --git a/playbooks/production/roles/nginx/tasks/main.yml b/playbooks/production/roles/nginx/tasks/main.yml index ce7b4f27..b7718107 100644 --- a/playbooks/production/roles/nginx/tasks/main.yml +++ b/playbooks/production/roles/nginx/tasks/main.yml @@ -18,6 +18,7 @@ # Replace default nginx config with nginx template - name: Rename default nginx.conf to nginx.conf.old command: mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old + when: ansible_os_family == 'Debian' # Nginx setup. - name: Copy nginx configuration in place. diff --git a/playbooks/production/roles/ntpd/tasks/main.yml b/playbooks/production/roles/ntpd/tasks/main.yml index 19881f82..9babcb45 100644 --- a/playbooks/production/roles/ntpd/tasks/main.yml +++ b/playbooks/production/roles/ntpd/tasks/main.yml @@ -4,6 +4,20 @@ with_items: - ntp - ntpdate + when: ansible_distribution == 'CentOS' - name: enable ntpd - service: name=ntpd enabled=yes state=started \ No newline at end of file + service: name=ntpd enabled=yes state=started + when: ansible_distribution == 'CentOS' + +- name: Install ntpd + apt: name="{{item}}" state=installed + with_items: + - ntp + - ntpdate + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + +- name: enable ntpd + service: name=ntp enabled=yes state=started + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' +