Browse Source

more fixes to support debian 10

Thomas Buck 3 years ago
parent
commit
b37d78c1f9

+ 10
- 0
roles/blog/tasks/blog.yml View File

@@ -24,6 +24,16 @@
24 24
     owner=root
25 25
     group=root
26 26
   notify: restart apache
27
+  when: ansible_distribution_version == '9'
28
+
29
+- name: Setup PHP config
30
+  template:
31
+    src=etc_php_7.3_apache2_php.ini.j2
32
+    dest=/etc/php/7.3/apache2/php.ini
33
+    owner=root
34
+    group=root
35
+  notify: restart apache
36
+  when: ansible_distribution_version == '10'
27 37
 
28 38
 - name: Add custom postgres user
29 39
   postgresql_user:

+ 1918
- 0
roles/blog/templates/etc_php_7.3_apache2_php.ini.j2
File diff suppressed because it is too large
View File


+ 3
- 0
roles/common/tasks/main.yml View File

@@ -34,6 +34,9 @@
34 34
     - iotop
35 35
     - molly-guard
36 36
     - mosh
37
+    - php
38
+    - php-pgsql
39
+    - php-gd
37 40
     - python3-software-properties
38 41
     - ruby
39 42
     - screen

+ 171
- 0
roles/mailserver/files/etc_tomcat9_server.xml View File

@@ -0,0 +1,171 @@
1
+<?xml version="1.0" encoding="UTF-8"?>
2
+<!--
3
+  Licensed to the Apache Software Foundation (ASF) under one or more
4
+  contributor license agreements.  See the NOTICE file distributed with
5
+  this work for additional information regarding copyright ownership.
6
+  The ASF licenses this file to You under the Apache License, Version 2.0
7
+  (the "License"); you may not use this file except in compliance with
8
+  the License.  You may obtain a copy of the License at
9
+
10
+      http://www.apache.org/licenses/LICENSE-2.0
11
+
12
+  Unless required by applicable law or agreed to in writing, software
13
+  distributed under the License is distributed on an "AS IS" BASIS,
14
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+  See the License for the specific language governing permissions and
16
+  limitations under the License.
17
+-->
18
+<!-- Note:  A "Server" is not itself a "Container", so you may not
19
+     define subcomponents such as "Valves" at this level.
20
+     Documentation at /docs/config/server.html
21
+ -->
22
+<Server port="-1" shutdown="SHUTDOWN">
23
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
24
+  <!-- Security listener. Documentation at /docs/config/listeners.html
25
+  <Listener className="org.apache.catalina.security.SecurityListener" />
26
+  -->
27
+  <!--APR library loader. Documentation at /docs/apr.html -->
28
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
29
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
30
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
31
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
32
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
33
+
34
+  <!-- Global JNDI resources
35
+       Documentation at /docs/jndi-resources-howto.html
36
+  -->
37
+  <GlobalNamingResources>
38
+    <!-- Editable user database that can also be used by
39
+         UserDatabaseRealm to authenticate users
40
+    -->
41
+    <Resource name="UserDatabase" auth="Container"
42
+              type="org.apache.catalina.UserDatabase"
43
+              description="User database that can be updated and saved"
44
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
45
+              pathname="conf/tomcat-users.xml" />
46
+  </GlobalNamingResources>
47
+
48
+  <!-- A "Service" is a collection of one or more "Connectors" that share
49
+       a single "Container" Note:  A "Service" is not itself a "Container",
50
+       so you may not define subcomponents such as "Valves" at this level.
51
+       Documentation at /docs/config/service.html
52
+   -->
53
+  <Service name="Catalina">
54
+
55
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
56
+    <!--
57
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
58
+        maxThreads="150" minSpareThreads="4"/>
59
+    -->
60
+
61
+
62
+    <!-- A "Connector" represents an endpoint by which requests are received
63
+         and responses are returned. Documentation at :
64
+         Java HTTP Connector: /docs/config/http.html
65
+         Java AJP  Connector: /docs/config/ajp.html
66
+         APR (HTTP/AJP) Connector: /docs/apr.html
67
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
68
+    -->
69
+    <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"
70
+               connectionTimeout="20000"
71
+               redirectPort="8443" />
72
+    <!-- A "Connector" using the shared thread pool-->
73
+    <!--
74
+    <Connector executor="tomcatThreadPool"
75
+               port="8080" protocol="HTTP/1.1"
76
+               connectionTimeout="20000"
77
+               redirectPort="8443" />
78
+    -->
79
+    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
80
+         This connector uses the NIO implementation. The default
81
+         SSLImplementation will depend on the presence of the APR/native
82
+         library and the useOpenSSL attribute of the
83
+         AprLifecycleListener.
84
+         Either JSSE or OpenSSL style configuration may be used regardless of
85
+         the SSLImplementation selected. JSSE style configuration is used below.
86
+    -->
87
+    <!--
88
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
89
+               maxThreads="150" SSLEnabled="true">
90
+        <SSLHostConfig>
91
+            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
92
+                         type="RSA" />
93
+        </SSLHostConfig>
94
+    </Connector>
95
+    -->
96
+    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
97
+         This connector uses the APR/native implementation which always uses
98
+         OpenSSL for TLS.
99
+         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
100
+         configuration is used below.
101
+    -->
102
+    <!--
103
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
104
+               maxThreads="150" SSLEnabled="true" >
105
+        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
106
+        <SSLHostConfig>
107
+            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
108
+                         certificateFile="conf/localhost-rsa-cert.pem"
109
+                         certificateChainFile="conf/localhost-rsa-chain.pem"
110
+                         type="RSA" />
111
+        </SSLHostConfig>
112
+    </Connector>
113
+    -->
114
+
115
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
116
+    <!--
117
+    <Connector protocol="AJP/1.3"
118
+               address="::1"
119
+               port="8009"
120
+               redirectPort="8443" />
121
+    -->
122
+
123
+    <!-- An Engine represents the entry point (within Catalina) that processes
124
+         every request.  The Engine implementation for Tomcat stand alone
125
+         analyzes the HTTP headers included with the request, and passes them
126
+         on to the appropriate Host (virtual host).
127
+         Documentation at /docs/config/engine.html -->
128
+
129
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
130
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
131
+    -->
132
+    <Engine name="Catalina" defaultHost="localhost">
133
+
134
+      <!--For clustering, please take a look at documentation at:
135
+          /docs/cluster-howto.html  (simple how to)
136
+          /docs/config/cluster.html (reference documentation) -->
137
+      <!--
138
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
139
+      -->
140
+
141
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
142
+           via a brute-force attack -->
143
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
144
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
145
+             resources under the key "UserDatabase".  Any edits
146
+             that are performed against this UserDatabase are immediately
147
+             available for use by the Realm.  -->
148
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
149
+               resourceName="UserDatabase"/>
150
+      </Realm>
151
+
152
+      <Host name="localhost"  appBase="webapps"
153
+            unpackWARs="true" autoDeploy="true">
154
+
155
+        <!-- SingleSignOn valve, share authentication between web applications
156
+             Documentation at: /docs/config/valve.html -->
157
+        <!--
158
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
159
+        -->
160
+
161
+        <!-- Access log processes all example.
162
+             Documentation at: /docs/config/valve.html
163
+             Note: The pattern used is equivalent to using pattern="common" -->
164
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
165
+               prefix="localhost_access_log" suffix=".txt"
166
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
167
+
168
+      </Host>
169
+    </Engine>
170
+  </Service>
171
+</Server>

+ 20
- 0
roles/mailserver/tasks/solr.yml View File

@@ -26,6 +26,16 @@
26 26
     owner=root
27 27
     group=tomcat8
28 28
   notify: restart solr
29
+  when: ansible_distribution_version == '9'
30
+
31
+- name: Copy tweaked Tomcat config file into place
32
+  copy:
33
+    src=etc_tomcat9_server.xml
34
+    dest=/etc/tomcat9/server.xml
35
+    owner=root
36
+    group=tomcat
37
+  notify: restart solr
38
+  when: ansible_distribution_version == '10'
29 39
 
30 40
 - name: Copy tweaked Solr config file into place
31 41
   copy:
@@ -42,3 +52,13 @@
42 52
     owner=tomcat8
43 53
     group=tomcat8
44 54
   notify: restart solr
55
+  when: ansible_distribution_version == '9'
56
+
57
+- name: Create Solr index directory
58
+  file:
59
+    state=directory
60
+    path=/data/solr
61
+    owner=tomcat
62
+    group=tomcat
63
+  notify: restart solr
64
+  when: ansible_distribution_version == '10'

+ 19
- 0
roles/mailserver/tasks/z-push.yml View File

@@ -7,12 +7,14 @@
7 7
     state=present
8 8
   tags:
9 9
     - dependencies
10
+  when: ansible_distribution_version == '9'
10 11
 
11 12
 - name: Add Z-Push repository
12 13
   apt_repository:
13 14
     repo="deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /"
14 15
   tags:
15 16
     - dependencies
17
+  when: ansible_distribution_version == '9'
16 18
 
17 19
 - name: Install Z-Push
18 20
   apt:
@@ -30,6 +32,23 @@
30 32
     - z-push-autodiscover
31 33
   tags:
32 34
     - dependencies
35
+  when: ansible_distribution_version == '9'
36
+
37
+- name: Install Z-Push
38
+  apt:
39
+    name: "{{ packages }}"
40
+    state: present
41
+  vars:
42
+    packages:
43
+    - z-push
44
+    - z-push-common
45
+    - z-push-backend-combined
46
+    - z-push-backend-imap
47
+    - z-push-backend-carddav
48
+    - z-push-backend-caldav
49
+  tags:
50
+    - dependencies
51
+  when: ansible_distribution_version == '10'
33 52
 
34 53
 - name: Ensure Z-Push state and log directories are in place
35 54
   file:

+ 6
- 0
roles/monitoring/files/etc_monit_conf.d_pgsql_deb10 View File

@@ -0,0 +1,6 @@
1
+check process postgres with pidfile /var/run/postgresql/11-main.pid
2
+  group database
3
+  start program = "/bin/systemctl start postgresql"
4
+  stop program = "/bin/systemctl stop postgresql"
5
+  if failed host localhost port 5432 protocol pgsql then restart
6
+  if 5 restarts within 5 cycles then timeout

roles/monitoring/files/etc_monit_conf.d_pgsql → roles/monitoring/files/etc_monit_conf.d_pgsql_deb9 View File


+ 6
- 0
roles/monitoring/files/etc_monit_conf.d_tomcat_deb10 View File

@@ -0,0 +1,6 @@
1
+check process tomcat matching tomcat9
2
+  group mail
3
+  start program = "/bin/systemctl start tomcat9"
4
+  stop program = "/bin/systemctl stop tomcat9"
5
+  if failed port 8080 then alert
6
+  if failed port 8080 for 5 cycles then restart

roles/monitoring/files/etc_monit_conf.d_tomcat → roles/monitoring/files/etc_monit_conf.d_tomcat_deb9 View File


+ 16
- 2
roles/monitoring/tasks/monit.yml View File

@@ -152,12 +152,26 @@
152 152
   with_items:
153 153
     - apache2
154 154
     - dovecot
155
-    - pgsql
156 155
     - postfix
157 156
     - sshd
158
-    - tomcat
159 157
   notify: restart monit
160 158
 
159
+- name: Copy monit service config files into place
160
+  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
161
+  with_items:
162
+    - pgsql_deb9
163
+    - tomcat_deb9
164
+  notify: restart monit
165
+  when: ansible_distribution_version == '9'
166
+
167
+- name: Copy monit service config files into place
168
+  copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
169
+  with_items:
170
+    - pgsql_deb10
171
+    - tomcat_deb10
172
+  notify: restart monit
173
+  when: ansible_distribution_version == '10'
174
+
161 175
 # TODO add to fail2ban when monit_page_public == 1
162 176
 
163 177
 - name: Create the Apache monit sites config files

Loading…
Cancel
Save