19 |
20 | Status of Local Logout:
21 |
22 |
23 |
24 | You MUST close your browser to complete the logout process.
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/roles/docker-shibboleth-sp/files/conf/partialLogout.html:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 | Partial Logout
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
Partial Logout
19 |
20 |
You remain logged into one or more applications accessed during your session.
21 | To complete the logout process, please close/exit your browser completely.
21 | Based on the information provided to this application about you, you are
22 | not authorized to access the resource at ""
23 |
24 |
25 |
26 | Please contact the administrator of this service or application if you
27 | believe this to be an error at
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/roles/security_checks/README.md:
--------------------------------------------------------------------------------
1 | # Ansible role: security_checks
2 |
3 | An ansible role for performing various vulnerability tests.
4 |
5 |
6 | ## CSF tests
7 |
8 | CSF tests will be run in TESTING mode. TESTING mode will be disabled after the tests complete.
9 |
10 | ### Port scan tests
11 |
12 | To enable port scan tests, define the following variables. In particular, the `check_portscan_hosts` variable should be a list of remote hosts to test.
13 |
14 | ```yaml
15 | check_portscan: yes
16 | # csf should hang connections if a portscan is detected; the port scan denial
17 | # test will wait this number of seconds before declaring a port scan denied
18 | check_portscan_timeout: 3
19 | # Remote hosts to attempt a port scan
20 | check_portscan_hosts:
21 | - 192.168.111.111
22 | ```
23 |
24 | When CSF detects a port scan, it will hang the attacker's connection. The port scan denial test in this role will attempt to do a port scan, waiting `check_portscan_timeout` seconds to find an open port. If an open port is found, the task will fail.
25 |
--------------------------------------------------------------------------------
/bastion.yml:
--------------------------------------------------------------------------------
1 | - name: Set up bastion
2 | hosts: all
3 | pre_tasks:
4 | - fail: msg="One or more tags must be specified to run this playbook"
5 | vars:
6 | docker_openvpn_name: "{{ docker_env }}_bastion_openvpn_1"
7 | # docker_openvpn_source_conf_dir: "..."
8 | docker_openvpn_conf_dir: "/opt/{{ docker_env }}_bastion_openvpn/conf/"
9 | docker_openvpn_volumes:
10 | - "{{ docker_openvpn_conf_dir }}:/etc/openvpn:rw"
11 | pre_tasks:
12 | - name: Copy openvpn configuration directory
13 | copy:
14 | src: "{{ docker_openvpn_source_conf_dir }}"
15 | dest: "{{ docker_openvpn_conf_dir }}"
16 | tags:
17 | - install
18 | - settings
19 | - upgrade
20 |
21 | - name: Set net.ipv4.ip_forward in /etc/sysctl.conf
22 | sysctl:
23 | name: net.ipv4.ip_forward
24 | value: 1
25 | state: present
26 | tags:
27 | - install
28 | - settings
29 | - upgrade
30 | roles:
31 | - role: docker-openvpn
32 | when: docker_openvpn
33 |
--------------------------------------------------------------------------------
/roles/docker-ember/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 | docker_ember_source_branch:
3 | docker_ember_source_repo: https://github.com/CenterForOpenScience/
4 | docker_ember_working_dir: //
5 |
6 | # storage
7 | docker_ember: no
8 | docker_ember_name: ember_1
9 | docker_ember_image: centerforopenscience/:latest
10 | docker_ember_command: gosu www-data ember build --env production
11 | docker_ember_source_conf_dir: roles/docker-ember/files/
12 | docker_ember_code_dir: /opt/ember/code/
13 | docker_ember_conf_dir: /opt/ember/conf/
14 | docker_ember_env:
15 | SOURCE_BRANCH: "{{ docker_ember_source_branch }}"
16 | SOURCE_REPO: "{{ docker_ember_source_repo }}"
17 | WORKDIR: "{{ docker_ember_working_dir }}"
18 | docker_ember_hostname: "{{ hostname_name }}"
19 | docker_ember_net: bridge
20 | docker_ember_links: []
21 | docker_ember_volumes:
22 | - "{{ docker_ember_code_dir }}.env:{{ docker_ember_working_dir }}:rw"
23 | - "{{ docker_ember_conf_dir }}.env:{{ docker_ember_working_dir }}.env:rw"
24 | docker_ember_volumes_from: []
25 |
--------------------------------------------------------------------------------
/roles/security_checks/tasks/main.yml:
--------------------------------------------------------------------------------
1 |
2 | # http://www.unixmen.com/9-best-practices-to-secure-your-linux-desktop-and-server/
3 |
4 | - name: Security Check | Find Form Mail
5 | shell: find / -name "[Ff]orm[mM]ai*"
6 | when: check_mailers
7 | become: yes
8 | # Failed if any files are found
9 | register: result
10 | failed_when: result.stdout
11 | ignore_errors: yes
12 |
13 | # http://www.unixmen.com/9-best-practices-to-secure-your-linux-desktop-and-server/
14 |
15 | - name: Security Check | Find CGIeMail
16 | shell: find / -name "[Cc]giemai*"
17 | when: check_mailers
18 | become: yes
19 | # Fail if any files are found
20 | register: result
21 | failed_when: result.stdout
22 | ignore_errors: yes
23 |
24 |
25 | - include: tests/deny_port_scans.yml
26 | when: check_csf
27 |
28 | - include: tests/check_configuration.yml
29 |
30 |
31 | # /etc/motd http://www.unixmen.com/9-best-practices-to-secure-your-linux-desktop-and-server/
32 |
33 | # disable telnet http://www.unixmen.com/9-best-practices-to-secure-your-linux-desktop-and-server/
34 |
--------------------------------------------------------------------------------
/roles/docker-cas/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 | docker_cas_source_branch: master
3 | docker_cas_source_repo: https://github.com/CenterForOpenScience/cas-overlay.git
4 |
5 | # servers
6 |
7 | docker_cas_server: no
8 | docker_cas_server_image: centerforopenscience/cas:4.1
9 | docker_cas_server_definitions: "-Dproject.parent.basedir=/etc/cas"
10 | docker_cas_server_source_conf_dir: etc
11 | docker_cas_server_conf_dir: /opt/cas_server/conf/
12 | docker_cas_server_hostname: "{{ hostname_name }}"
13 | docker_cas_server_name: "cas_server_1"
14 | docker_cas_server_net: bridge
15 | docker_cas_server_env:
16 | SOURCE_BRANCH: "{{ docker_cas_source_branch }}"
17 | SOURCE_REPO: "{{ docker_cas_source_repo }}"
18 | CAS_DB_USERNAME: postgres
19 | CAS_DB_PASSWORD:
20 | OSF_DB_PORT_27017_TCP_ADDR: 127.0.0.1
21 | OSF_DB_PORT_27017_TCP_PORT: 27017
22 | OSF_DB_NAME: osf20130903
23 | docker_cas_server_expose:
24 | - 8080
25 | - 8443
26 | docker_cas_server_ports: []
27 | docker_cas_server_links: []
28 | docker_cas_server_volumes:
29 | - "{{ docker_cas_server_conf_dir }}:/etc/cas/etc"
30 |
--------------------------------------------------------------------------------
/roles/docker-shibboleth-sp/files/conf/sslError.html:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 | POST Failed
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
POST Failed
19 |
20 |
21 | You have attemped to submit information without the protection
22 | of SSL to this site.
23 |
24 |
25 |
26 | For the protection of your submission and the integrity of the site,
27 | this is not permitted. Please try accessing the server with a
28 | URL starting with https:// and report this problem
29 | to
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/roles/docker-dor/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 | docker_dor_source_branch: master
3 | docker_dor_source_repo: https://github.com/CenterForOpenScience/DirectoryOfRepositories.git
4 |
5 | # server
6 | docker_dor_server: no
7 | docker_dor_server_name: dor_server_1
8 | docker_dor_server_image: centerforopenscience/dor:laster
9 | docker_dor_server_command: "uwsgi --ini /etc/uwsgi/uwsgi.ini"
10 | docker_dor_server_source_conf_file: uwsgi.ini
11 | docker_dor_server_conf_dir: /opt/dor_server/conf/
12 | docker_dor_server_conf_file: "{{ docker_dor_server_conf_dir }}uwsgi.ini"
13 | docker_dor_server_env:
14 | SOURCE_BRANCH: "{{ docker_dor_source_branch }}"
15 | SOURCE_REPO: "{{ docker_dor_source_repo }}"
16 | docker_dor_server_net: bridge
17 | docker_dor_server_hostname: "{{ hostname_name }}"
18 | docker_dor_server_expose:
19 | - 8000
20 | docker_dor_server_ports: []
21 | docker_dor_server_links: []
22 | docker_dor_server_volumes:
23 | - "{{ docker_dor_server_conf_file }}:/etc/uwsgi/uwsgi.ini"
24 | - "{{ docker_storage_conf_dir }}local.py:/code/RepoDir/settings/local.py:ro"
25 | docker_dor_server_volumes_from: []
26 |
--------------------------------------------------------------------------------
/roles/(legacy)/sentry/files/create_superuser.py:
--------------------------------------------------------------------------------
1 | import sys
2 | sys.path.append('/etc/sentry')
3 |
4 | import os
5 | os.environ['DJANGO_SETTINGS_MODULE'] = 'conf'
6 |
7 | USERNAME, PASSWORD, EMAIL = sys.argv[1:]
8 |
9 | def main():
10 | from django.contrib.auth import get_user_model
11 | User = get_user_model()
12 |
13 | super_user = User.objects.filter(username=USERNAME)
14 |
15 | if super_user:
16 | super_user = super_user[0]
17 | super_user.username = USERNAME
18 | super_user.password = PASSWORD
19 | super_user.email = EMAIL
20 | super_user.is_staff = True
21 | super_user.is_superuser = True
22 | super_user.save()
23 |
24 | sys.exit(0)
25 |
26 | for user in User.objects.filter(is_superuser=True):
27 | user.delete(save=True)
28 |
29 | super_user = User.objects.create_user(
30 | username=USERNAME,
31 | password=PASSWORD,
32 | email=EMAIL,
33 | )
34 | super_user.is_staff = True
35 | super_user.is_superuser = True
36 | super_user.save()
37 |
38 | sys.exit(0)
39 |
40 | main()
41 |
--------------------------------------------------------------------------------
/roles/docker-postgres-vacuumlo/defaults/main.yml:
--------------------------------------------------------------------------------
1 | docker_postgres_vacuumlo_name: vacuumlo_1
2 | docker_postgres_vacuumlo_image: centerforopenscience/postgres:9.4-vacuumlo
3 | docker_postgres_vacuumlo_hostname: "{{ hostname_name }}"
4 | docker_postgres_vacuumlo_schedule: 0 2 * * * # Daily @ 2 AM
5 | docker_postgres_vacuumlo_db_host:
6 | docker_postgres_vacuumlo_db_port:
7 | docker_postgres_vacuumlo_db_user:
8 | docker_postgres_vacuumlo_db_password:
9 | docker_postgres_vacuumlo_db_name: database_name
10 | docker_postgres_vacuumlo_net: bridge
11 | docker_postgres_vacuumlo_env:
12 | SCHEDULE: "{{ docker_postgres_vacuumlo_schedule }}"
13 | DB_HOST: "{{ docker_postgres_vacuumlo_db_host | default(omit) }}"
14 | DB_PORT: "{{ docker_postgres_vacuumlo_db_port | default(omit) }}"
15 | DB_USER: "{{ docker_postgres_vacuumlo_db_user | default(omit) }}"
16 | DB_PASSWORD: "{{ docker_postgres_vacuumlo_db_password | default(omit) }}"
17 | DB_NAME: "{{ docker_postgres_vacuumlo_db_name }}"
18 | docker_postgres_vacuumlo_expose: []
19 | docker_postgres_vacuumlo_ports: []
20 | docker_postgres_vacuumlo_links: []
21 | docker_postgres_vacuumlo_volumes: []
22 |
--------------------------------------------------------------------------------
/roles/(legacy)/nginx/tasks/modules/upload_progress_module.yml:
--------------------------------------------------------------------------------
1 | # file: nginx/tasks/modules/upload_progress_module.yml
2 | # configure flag: --add-module=/tmp/nginx_upload_progress
3 |
4 | # to be completed...
5 |
6 | - name: Modules | Download the upload_progress_module source
7 | get_url:
8 | url: "{{nginx_upload_progress_url}}"
9 | dest: "/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz"
10 |
11 | - name: Modules | Unpack the upload_progress_module source
12 | command: tar -xvzf /tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz chdir=/tmp creates=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}
13 |
14 | - name: Modules | Copy the upload_progress_module source folder
15 | command: sudo cp -R /tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}} /tmp/nginx_upload_progress
16 |
17 | - name: Modules | Make sure the upload_progress_module configuration is updated
18 | template:
19 | src: ../../templates/modules/upload_progress.j2
20 | dest: "{{nginx_dir}}/sites-available/upload_progress"
21 | owner: root
22 | group: root
23 | mode: 0644
24 |
--------------------------------------------------------------------------------
/roles/docker-cas/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes 2;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-cos/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-jam/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-osf/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-spa/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-scrapi/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/docker-sentry/files/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes auto;
3 |
4 | error_log /var/log/nginx/error.log warn;
5 | pid /var/run/nginx.pid;
6 |
7 | events {
8 | worker_connections 1024;
9 | }
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 |
15 | log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
16 | '$status $body_bytes_sent "$http_referer" '
17 | '"$http_user_agent" "$http_x_forwarded_for"';
18 |
19 | access_log /var/log/nginx/access.log main;
20 |
21 | sendfile on;
22 | tcp_nopush on;
23 | tcp_nodelay on;
24 | keepalive_timeout 65;
25 | types_hash_max_size 2048;
26 | server_tokens off;
27 |
28 | gzip on;
29 | gzip_disable "msie6";
30 | gzip_min_length 1400;
31 | gzip_comp_level 2;
32 | gzip_buffers 4 32k;
33 | gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
34 |
35 | include /etc/nginx/conf.d/*.conf;
36 | }
37 |
--------------------------------------------------------------------------------
/roles/rackspace-cloudmonitor/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Ensure rackspace apt repository
2 | become: yes
3 | apt_repository:
4 | repo: "deb http://stable.packages.cloudmonitoring.rackspace.com/ubuntu-14.04-x86_64 cloudmonitoring main"
5 | state: present
6 |
7 |
8 | - name: Ensure rackspace apt key
9 | become: yes
10 | apt_key:
11 | url: https://monitoring.api.rackspacecloud.com/pki/agent/linux.asc
12 | state: present
13 |
14 |
15 | - name: Update apt package cache (this can sometimes fail)
16 | become: yes
17 | apt: update_cache=yes
18 |
19 |
20 | - name: Copy rackspace agent.plugin scripts
21 | copy:
22 | src: plugins/
23 | dest: /usr/lib/rackspace-monitoring-agent/plugins
24 | mode: o+x
25 |
26 |
27 | - name: Install new rackspace cloud monitoring agent
28 | become: yes
29 | apt:
30 | state: present
31 | pkg: rackspace-monitoring-agent
32 |
33 |
34 | - name: Reminder | Setup the Rackspace Monitoring Agent
35 | debug:
36 | msg: sudo rackspace-monitoring-agent --setup
37 |
38 |
39 | - name: Reminder | Start the Rackspace Monitoring Agent
40 | debug:
41 | msg: sudo service rackspace-monitoring-agent start
42 |
--------------------------------------------------------------------------------
/roles/Ansibles.monit/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License
2 |
3 | Copyright (c) 2014 Pieterjan Vandaele
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/roles/docker-postgres-barman/files/conf/crontab:
--------------------------------------------------------------------------------
1 | # Edit this file to introduce tasks to be run by cron.
2 | #
3 | # Each task to run has to be defined through a single line
4 | # indicating with different fields when the task will be run
5 | # and what command to run for the task
6 | #
7 | # To define the time you can provide concrete values for
8 | # minute (m), hour (h), day of month (dom), month (mon),
9 | # and day of week (dow) or use '*' in these fields (for 'any').#
10 | # Notice that tasks will be started based on the cron's system
11 | # daemon's notion of time and timezones.
12 | #
13 | # Output of the crontab jobs (including errors) is sent through
14 | # email to the user the crontab file belongs to (unless redirected).
15 | #
16 | # For example, you can run a backup of all your user accounts
17 | # at 5 a.m every week with:
18 | # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
19 | #
20 | # For more information see the manual pages of crontab(5) and cron(8)
21 | #
22 | # m h dom mon dow command
23 | # * * * * * /usr/bin/barman cron <- included in debian package @ 1 min
24 | # 30 23 * * * /usr/bin/barman backup main-db-server <- example full backup @ 11:30 pm (UTC?)
25 |
--------------------------------------------------------------------------------
/roles/generic-users/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License
2 |
3 | Copyright (c) 2014 Pieterjan Vandaele
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/roles/Ansibles.timezone/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License
2 |
3 | Copyright (c) 2014 Pieterjan Vandaele
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/roles/docker-shibboleth-sp/files/conf/sp-cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC6zCCAdOgAwIBAgIJAOtPE/KVhfCGMA0GCSqGSIb3DQEBBQUAMBcxFTATBgNV
3 | BAMTDGZjZGIwYjUxMzQxMTAeFw0xNTExMDcyMTM4MjhaFw0yNTExMDQyMTM4Mjha
4 | MBcxFTATBgNVBAMTDGZjZGIwYjUxMzQxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
5 | ADCCAQoCggEBAMJRDaANHbZrNSMazVHR1m0ZBgW1WrXYnZjOF6QtiOXrpNqGsxOZ
6 | jWN7U6tyoqV06dwqx4fiGgz8TIqSnJpZlWOQa/bKLJscby4wIFRDniavBhUeFJlJ
7 | C/34dXV1Wl/rM+vjwb4GNtNxCEmQ5MCJH0ESy4DSORGo10UT2Fcnr/0Zy9tK+UBK
8 | GxU/TeAadl8LzueBzok5MxW6WpOoEyCit7sDSkSV+RFUqNrtVCGwung66arO630Z
9 | F9RETM4NziMzxvO9294zysSDqd19EfYQ28hqwpaOLiHBGbJoQ0Kptt+m3QzmfiLK
10 | +/0QHh62iDfUKoVGeIDW5YmYGLJaRF1+8eMCAwEAAaM6MDgwFwYDVR0RBBAwDoIM
11 | ZmNkYjBiNTEzNDExMB0GA1UdDgQWBBSIpSXmw+VcDrKNQ40nIHNh3NjzGTANBgkq
12 | hkiG9w0BAQUFAAOCAQEAEIxGbn32w3FT2LIs5jEa9Y+tftyzUVPZAAbJk5SvXyII
13 | Ho84BvQ2sJklXHMhVwQChnXGNXLSVVV3AwdtiFjuX0Skjn0a6LJMfI2vC+oE925N
14 | eE2QXeGFGxkh8HcimQqzxC11nWuVoG9ZphiYrsDEpcK9fNiPDaihJZRaqTGxJKki
15 | p+KH0Wmum3TuL9g0ZzGiIROVsHrO5jTi2UveVdEZaZuYAgEnDtgmwSIFeEo3RbUf
16 | BsHQzXK2Wt36Dqr86JglxMy0yH5zTJihThoBdTDiU/kFZ7QeReyDRPCG+zIfX2UI
17 | spsDYrxzjTsFCyhD1CQPtE+5cAQ8dOtAlh3f1Lx6pg==
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/roles/Ansibles.build-essential/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License
2 |
3 | Copyright (c) 2014 Pieterjan Vandaele
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/roles/(legacy)/newrelic/tasks/main.yml:
--------------------------------------------------------------------------------
1 | # Source: https://docs.newrelic.com/docs/servers/new-relic-servers-linux/installation-configuration/servers-installation-ubuntu-debian
2 |
3 | ##### Install #####
4 |
5 | - name: Ensure newrelic apt repository
6 | become: yes
7 | apt_repository:
8 | repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
9 | state: present
10 |
11 |
12 | - name: Ensure newrelic apt key
13 | become: yes
14 | apt_key:
15 | url: https://download.newrelic.com/548C16BF.gpg
16 | state: present
17 |
18 |
19 | - name: Update APT package cache
20 | apt: update_cache=yes
21 | become: yes
22 |
23 |
24 | - name: Install new relic system monitoring daemon
25 | become: yes
26 | apt:
27 | state: present
28 | pkg: newrelic-sysmond
29 |
30 |
31 | - name: Copy the newrelic system monitoring daemon configuration/license file
32 | become: yes
33 | template:
34 | group: newrelic
35 | mode: 0640
36 | src: nrsysmond.cfg.j2
37 | dest: "{{ newrelic_conf_dir }}/nrsysmond.cfg"
38 |
39 |
40 | - name: Start service newrelic system monitoring daemon
41 | become: yes
42 | service:
43 | name: newrelic-sysmond
44 | state: started
45 |
--------------------------------------------------------------------------------
/roles/(legacy)/gitlab/templates/database.j2:
--------------------------------------------------------------------------------
1 | #
2 | # PRODUCTION
3 | #
4 | production:
5 | adapter: postgresql
6 | encoding: unicode
7 | database: {{gitlab_db_name}}
8 | pool: 10
9 | username: {{gitlab_user}}
10 | password: {{gitlab_db_pass}}
11 | # host: localhost
12 | # port: 5432
13 | # socket: /tmp/postgresql.sock
14 |
15 | #
16 | # Development specific
17 | #
18 | development:
19 | adapter: postgresql
20 | encoding: unicode
21 | database: gitlabhq_development
22 | pool: 5
23 | username: postgres
24 | password:
25 | # socket: /tmp/postgresql.sock
26 |
27 | #
28 | # Staging specific
29 | #
30 | staging:
31 | adapter: postgresql
32 | encoding: unicode
33 | database: gitlabhq_staging
34 | pool: 5
35 | username: postgres
36 | password:
37 | # socket: /tmp/postgresql.sock
38 |
39 | # Warning: The database defined as "test" will be erased and
40 | # re-generated from your development database when you run "rake".
41 | # Do not set this db to the same as development or production.
42 | test: &test
43 | adapter: postgresql
44 | encoding: unicode
45 | database: gitlabhq_test
46 | pool: 5
47 | username: postgres
48 | password:
49 | # socket: /tmp/postgresql.sock
50 |
--------------------------------------------------------------------------------
/roles/docker-storage/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Perform storage copy operations
2 | become: yes
3 | copy:
4 | src: "{{ item.src | default(omit) }}"
5 | dest: "{{ item.dest | default(omit) }}"
6 | mode: "{{ item.mode | default(omit) }}"
7 | owner: "{{ item.owner | default(omit) }}"
8 | group: "{{ item.group | default(omit) }}"
9 | with_items: "{{ docker_storage_copy_ops }}"
10 | tags:
11 | - install
12 | - upgrade
13 | - settings
14 |
15 | - name: Perform storage file operations
16 | become: yes
17 | file:
18 | state: "{{ item.state | default(omit) }}"
19 | path: "{{ item.path | default(omit) }}"
20 | mode: "{{ item.mode | default(omit) }}"
21 | owner: "{{ item.owner | default(omit) }}"
22 | group: "{{ item.group | default(omit) }}"
23 | recurse: "{{ item.recurse | default(omit) }}"
24 | with_items: "{{ docker_storage_file_ops }}"
25 | tags:
26 | - install
27 | - upgrade
28 | - settings
29 |
30 |
31 | - name: Run docker storage container
32 | docker:
33 | image: busybox:latest
34 | name: "{{ docker_storage_name }}"
35 | volumes: "{{ docker_storage_volumes }}"
36 | tags:
37 | - install
38 | - upgrade
39 | - settings
40 |
--------------------------------------------------------------------------------
/roles/swap/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Set vm.swappiness in /etc/sysctl.conf
2 | sysctl:
3 | name: vm.swappiness
4 | value: "{{ swap_vm_swappiness }}"
5 | state: present
6 | tags:
7 | - install
8 |
9 |
10 | - name: Set vm.vfs_cache_pressure in /etc/sysctl.conf
11 | sysctl:
12 | name: vm.vfs_cache_pressure
13 | value: "{{ swap_vm_vfs_cache_pressure }}"
14 | state: present
15 | tags:
16 | - install
17 |
18 |
19 | - name: Create the file to be used for swap
20 | become: yes
21 | shell: fallocate -l {{ swap_swapfile_size }} /swapfile
22 | tags:
23 | - install
24 |
25 |
26 | - name: Secure swap file permissions
27 | become: yes
28 | shell: chmod 600 /swapfile
29 | tags:
30 | - install
31 |
32 |
33 | - name: Format the swapfile
34 | become: yes
35 | shell: mkswap /swapfile
36 | tags:
37 | - install
38 |
39 |
40 | - name: Add the file to the system as a swap file
41 | become: yes
42 | shell: swapon /swapfile
43 | tags:
44 | - install
45 |
46 |
47 | - name: Add the the swap file to /etc/fstab
48 | mount:
49 | src: /swapfile
50 | name: none
51 | fstype: swap
52 | opts: sw
53 | state: present
54 | tags:
55 | - install
56 |
--------------------------------------------------------------------------------
/roles/docker-mfr/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 | docker_mfr_source_branch: master
3 | docker_mfr_source_repo: https://github.com/CenterForOpenScience/modular-file-renderer.git
4 |
5 |
6 | # servers
7 |
8 | docker_mfr_server: no
9 | docker_mfr_server_name: mfr_server
10 | docker_mfr_server_image: centerforopenscience/mfr:latest
11 | docker_mfr_server_source_conf_file: settings.json
12 | docker_mfr_server_conf_dir: /opt/mfr_server/conf/
13 | docker_mfr_server_conf_file: "{{ docker_mfr_server_conf_dir }}settings.json"
14 | docker_mfr_server_ssl_cert_file: ""
15 | docker_mfr_server_ssl_key_file: ""
16 | docker_mfr_server_cert_src: ""
17 | docker_mfr_server_instances: 2
18 | docker_mfr_server_start_port: 7780
19 | docker_mfr_server_env:
20 | ENV: "{{ docker_env | default('test') }}"
21 | SOURCE_BRANCH: "{{ docker_mfr_source_branch }}"
22 | SOURCE_REPO: "{{ docker_mfr_source_repo }}"
23 | docker_mfr_server_net: bridge
24 | docker_mfr_server_links: []
25 | docker_mfr_server_expose:
26 | - 7778
27 | docker_mfr_server_ports: []
28 | docker_mfr_server_volumes:
29 | - "{{ docker_mfr_server_conf_file }}:/home/.cos/mfr-{{ docker_env | default('test') }}.json"
30 | - "{{ docker_mfr_server_conf_dir }}ssl/:/home/.cos/ssl"
31 | docker_mfr_server_volumes_from: []
32 |
--------------------------------------------------------------------------------
/docker-logentries.yml:
--------------------------------------------------------------------------------
1 | - name: Setup docker logentries
2 | hosts: all
3 | pre_tasks:
4 | - fail: msg="One or more tags must be specified to run this playbook"
5 | vars:
6 | docker_fluentd: yes
7 | docker_fluentd_name: fluentd_1
8 | docker_fluentd_source_conf_dir: "{{ root_source_conf_dir }}logentries/fluentd/"
9 | docker_fluentd_conf_dir: /opt/fluentd/conf/
10 | docker_fluentd_conf_file: "{{ docker_fluentd_conf_dir }}fluent.conf"
11 | docker_fluentd_data_dir: /opt/fluentd/data/
12 | docker_fluentd_env:
13 | FLUENTD_GEMS: "fluent-plugin-order fluent-plugin-record-reformer fluent-plugin-jsonbucket" # fluent-plugin-rewrite-tag-filter (major version incompatible, use 1.6.0), fluent-plugin-docker-format (fixed but not released on rubygems.org), fluent-plugin-logentries removed (pr in for fix)
14 | docker_fluentd_volumes:
15 | - "{{ docker_fluentd_data_dir }}:/data"
16 | - "{{ docker_fluentd_conf_dir }}:/etc/fluent:ro"
17 | - "/var/log/:/var/log:ro"
18 | - "/var/lib/docker/containers/:/var/lib/docker/containers:ro"
19 | docker_fluentd_expose:
20 | - 24224
21 | docker_fluentd_ports: []
22 | roles:
23 | - role: rsyslog
24 |
25 | - role: docker-fluentd
26 | when: docker_fluentd
27 |
--------------------------------------------------------------------------------
/roles/(legacy)/docker-haproxy/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 |
3 | docker_haproxy_name: haproxy_1
4 | docker_haproxy_env: {}
5 | docker_haproxy_conf_dir: /opt/haproxy/conf
6 | docker_haproxy_enable_https: false
7 | docker_haproxy_default_cert_src: ""
8 | docker_haproxy_certsd_dir_src: ""
9 | docker_haproxy_stats_user: User1
10 | docker_haproxy_stats_password: password
11 | docker_haproxy_backends: {}
12 | # - name: my_domain
13 | # domain: my.domain.com
14 | # servers:
15 | # - ip: "192.168.1.2"
16 | # port: 1111
17 | # - ip: "192.168.1.2"
18 | # port: 1112
19 | # - ip: "192.168.1.6"
20 | # port: 1111
21 | # - ip: "192.168.1.6"
22 | # port: 1112
23 |
24 |
25 | # support servers
26 |
27 | docker_rsyslog: no
28 | docker_rsyslog_name: haproxy_rsyslog_1
29 | docker_rsyslog_conf_dir: "{{ docker_haproxy_conf_dir }}/rsyslog"
30 | docker_rsyslog_log_dir: /var/log/haproxy
31 |
32 |
33 | # servers
34 |
35 | docker_haproxy_log_rotate_file: haproxy
36 | docker_haproxy_log_rotate_source_file: logrotate.j2
37 | docker_haproxy_hostname: "haproxy_1"
38 | docker_haproxy_links:
39 | - "{{ docker_rsyslog_name }}:rsyslog"
40 | docker_haproxy_links: []
41 | docker_haproxy_expose: []
42 | docker_haproxy_ports: []
43 |
--------------------------------------------------------------------------------
/roles/(legacy)/docker-rsyslog/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Ensure docker rsyslog logrotate config
2 | template:
3 | src: "{{ docker_rsyslog_log_rotate_source_file }}"
4 | dest: "/etc/logrotate.d/{{ docker_rsyslog_log_rotate_file }}"
5 | owner: root
6 | group: root
7 | mode: 0644
8 | tags:
9 | - install
10 | - settings
11 |
12 |
13 | - name: Restart docker rsyslog container
14 | become: yes
15 | shell: "docker restart {{ docker_rsyslog_name }}"
16 | tags:
17 | - restart
18 |
19 |
20 | - name: Ensure docker rsyslog directories exist
21 | file:
22 | state: directory
23 | path: "{{ item }}"
24 | with_items:
25 | - "{{ docker_rsyslog_conf_dir }}"
26 | - "{{ docker_rsyslog_log_dir }}"
27 | tags:
28 | - install
29 | - upgrade
30 |
31 |
32 | - name: Run docker rsyslog container
33 | docker:
34 | name: "{{ docker_rsyslog_name }}"
35 | state: running
36 | image: "centerforopenscience/rsyslog:latest"
37 | restart_policy: always
38 | hostname: "{{ hostname_name }}"
39 | env: "{{ docker_rsyslog_env }}"
40 | volumes:
41 | - "{{ docker_rsyslog_conf_dir }}/:/etc/rsyslog.d/"
42 | - "{{ docker_rsyslog_log_log_dir }}:/log"
43 | tags:
44 | - install
45 | - upgrade
46 |
--------------------------------------------------------------------------------
/roles/ssh/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # file: roles/ssh/defaults/main.yml
2 |
3 |
4 | # sshd_config settings
5 | ssh_port: "22"
6 | ssh_protocol: "2"
7 |
8 | ssh_hostkeys:
9 | - /etc/ssh/ssh_host_rsa_key
10 | - /etc/ssh/ssh_host_dsa_key
11 | - /etc/ssh/ssh_host_ecdsa_key
12 | - /etc/ssh/ssh_host_ed25519_key
13 |
14 | ssh_useprivilegeseparation: "yes"
15 | ssh_keyregenerationinterval: "3600"
16 | ssh_serverkeybits: "768"
17 | ssh_syslogfacility: "AUTH"
18 | ssh_loglevel: "INFO"
19 | ssh_logingracetime: "120"
20 | ssh_permitrootlogin: "no"
21 | ssh_strictmodes: "yes"
22 | ssh_rsaauthentication: "yes"
23 | ssh_pubkeyauthentication: "yes"
24 | ssh_rhostsrsaauthentication: "no"
25 | ssh_hostbasedauthentication: "no"
26 | ssh_challengeresponseauthentication: "no"
27 | ssh_passwordauthentication: "no"
28 | ssh_x11forwarding: "yes"
29 | ssh_x11displayoffset: "10"
30 | ssh_printmotd: "no"
31 | ssh_printlastlog: "yes"
32 | ssh_tcpkeepalive: "yes"
33 | ssh_acceptenv: "LANG LC_*"
34 | ssh_subsystem: "sftp /usr/lib/openssh/sftp-server"
35 | ssh_usepam: "yes"
36 | ssh_usedns: "no"
37 | ssh_clientaliveinterval: "1750"
38 | ssh_clientalivecountmax: "0"
39 | ssh_ignorerhosts: "no"
40 |
41 | # run tests
42 | ssh_test: yes
43 | # User for testing
44 | ssh_test_user: vagrant
45 | ssh_test_port: 2222
46 |
--------------------------------------------------------------------------------
/roles/generic-users/tasks/main.yml:
--------------------------------------------------------------------------------
1 | # file: generic-users/tasks/main.yml
2 |
3 | - name: Make sure zsh is installed
4 | apt: name=zsh state=present
5 |
6 | - name: Make sure all groups are present
7 | group:
8 | name: "{{item.name}}"
9 | # gid: "{{item.gid}}"
10 | state: present
11 | with_items: genericusers_groups
12 |
13 | - name: Make sure all removed groups are not present
14 | group:
15 | name: "{{item.name}}"
16 | state: absent
17 | with_items: genericusers_groups_removed
18 |
19 | - name: Make sure the users are present
20 | user:
21 | name: "{{item.name}}"
22 | groups: "{{','.join(item.groups)}}"
23 | append: "{{item.append}}"
24 | password: "{{item.pass}}"
25 | comment: ""
26 | shell: "{{item.shell}}"
27 | state: present
28 | with_items: genericusers_users
29 |
30 | - name: Make sure all removed users are not present
31 | user:
32 | name: "{{item.name}}"
33 | state: absent
34 | remove: yes
35 | with_items: genericusers_users_removed
36 |
37 | - name: Install the ssh keys for the users
38 | authorized_key:
39 | user: "{{item.0.name}}"
40 | key: "{{item.1}}"
41 | key_options: "{{item.0.ssh_key_options | default(omit)}}"
42 | with_subelements:
43 | - genericusers_users
44 | - ssh_keys
45 |
--------------------------------------------------------------------------------
/roles/docker-redis/tasks/main.yml:
--------------------------------------------------------------------------------
1 | - name: Ensure docker redis directories exist
2 | become: yes
3 | file:
4 | state: directory
5 | path: "{{ item }}"
6 | with_items:
7 | - "{{ docker_redis_conf_dir }}"
8 | - "{{ docker_redis_data_dir }}"
9 | tags:
10 | - install
11 | - upgrade
12 |
13 |
14 | - name: Copy docker redis configuration settings
15 | copy:
16 | src: "{{ docker_redis_source_conf_file }}"
17 | dest: "{{ docker_redis_conf_file }}"
18 | mode: 0644
19 | tags:
20 | - install
21 | - settings
22 | - upgrade
23 |
24 |
25 | - name: Restart docker redis container
26 | become: yes
27 | shell: "docker restart {{ docker_redis_name }}"
28 | tags:
29 | - restart
30 |
31 |
32 | - name: Run docker redis container
33 | docker:
34 | command: "{{ docker_redis_command }}"
35 | env: "{{ docker_redis_env }}"
36 | expose: "{{ docker_redis_expose }}"
37 | name: "{{ docker_redis_name }}"
38 | hostname: "{{ docker_redis_hostname }}"
39 | net: "{{ docker_redis_net }}"
40 | ports: "{{ docker_redis_ports }}"
41 | pull: always
42 | restart_policy: always
43 | image: "{{ docker_redis_image }}"
44 | state: reloaded
45 | volumes: "{{ docker_redis_volumes }}"
46 | tags:
47 | - install
48 | - upgrade
49 |
--------------------------------------------------------------------------------
/roles/docker-waterbutler/tasks/celery.yml:
--------------------------------------------------------------------------------
1 | - name: Restart docker waterbutler celery container
2 | become: yes
3 | shell: "docker restart {{ docker_waterbutler_celery_name }}_{{ item }}"
4 | with_sequence: count={{ docker_waterbutler_celery_instances }}
5 | when: docker_waterbutler_celery_instances > 0
6 | tags:
7 | - restart
8 |
9 |
10 | - name: Run docker waterbutler celery container
11 | docker:
12 | command: "{{ docker_waterbutler_celery_command }}"
13 | env: "{{ docker_waterbutler_celery_env }}"
14 | expose: "{{ docker_waterbutler_celery_expose }}"
15 | hostname: "{{ docker_waterbutler_celery_hostname }}"
16 | image: "{{ docker_waterbutler_celery_image }}"
17 | links: "{{ docker_waterbutler_celery_links }}"
18 | name: "{{ docker_waterbutler_celery_name }}_{{ item }}"
19 | net: "{{ docker_waterbutler_celery_net }}"
20 | ports: "{{ docker_waterbutler_celery_ports }}"
21 | pull: always
22 | restart_policy: always
23 | state: reloaded
24 | tty: yes
25 | volumes: "{{ docker_waterbutler_celery_volumes }}"
26 | volumes_from: "{{ docker_waterbutler_celery_volumes_from }}"
27 | with_sequence: count={{ docker_waterbutler_celery_instances }}
28 | when: docker_waterbutler_celery_instances > 0
29 | tags:
30 | - install
31 | - upgrade
32 |
--------------------------------------------------------------------------------
/roles/docker-nginx/files/conf/conf.d/default.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80;
3 | server_name localhost;
4 |
5 | #charset koi8-r;
6 | #access_log /var/log/nginx/log/host.access.log main;
7 |
8 | location / {
9 | root /usr/share/nginx/html;
10 | index index.html index.htm;
11 | }
12 |
13 | #error_page 404 /404.html;
14 |
15 | # redirect server error pages to the static page /50x.html
16 | #
17 | error_page 500 502 503 504 /50x.html;
18 | location = /50x.html {
19 | root /usr/share/nginx/html;
20 | }
21 |
22 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80
23 | #
24 | #location ~ \.php$ {
25 | # proxy_pass http://127.0.0.1;
26 | #}
27 |
28 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
29 | #
30 | #location ~ \.php$ {
31 | # root html;
32 | # fastcgi_pass 127.0.0.1:9000;
33 | # fastcgi_index index.php;
34 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
35 | # include fastcgi_params;
36 | #}
37 |
38 | # deny access to .htaccess files, if Apache's document root
39 | # concurs with nginx's one
40 | #
41 | #location ~ /\.ht {
42 | # deny all;
43 | #}
44 | }
45 |
--------------------------------------------------------------------------------
/roles/docker-cos/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # variables
2 | docker_cos_source_branch: master
3 | docker_cos_source_repo: https://github.com/centerforopenscience/cos.io.git
4 |
5 | # servers
6 |
7 | docker_cos_server: no
8 | docker_cos_server_name: cos_server_1
9 | docker_cos_server_image: centerforopenscience/cos:latest
10 | docker_cos_server_command: "uwsgi --ini /etc/uwsgi/uwsgi.ini"
11 | docker_cos_server_source_conf_file: server/uwsgi.ini
12 | docker_cos_server_source_app_file: server/local.py
13 | docker_cos_server_conf_dir: /opt/cos_server/conf/
14 | docker_cos_server_conf_file: "{{ docker_cos_server_conf_dir }}uwsgi.ini"
15 | docker_cos_server_app_file: "{{ docker_cos_server_conf_dir }}local.py"
16 | docker_cos_server_data_dir: /opt/cos_server/data/
17 | docker_cos_server_env:
18 | SOURCE_BRANCH: "{{ docker_cos_source_branch }}"
19 | SOURCE_REPO: "{{ docker_cos_source_repo }}"
20 | docker_cos_server_net: bridge
21 | docker_cos_server_hostname: "{{ hostname_name }}"
22 | docker_cos_server_expose:
23 | - 8000
24 | docker_cos_server_ports: []
25 | docker_cos_server_links: []
26 | docker_cos_server_volumes:
27 | - "{{ docker_cos_server_conf_file }}:/etc/uwsgi/uwsgi.ini"
28 | - "{{ docker_cos_server_app_file }}:/code/mysite/local_settings.py"
29 | - "{{ docker_cos_server_data_dir }}:/data"
30 | docker_cos_server_volumes_from: []
31 |
--------------------------------------------------------------------------------
/roles/docker-shibboleth-sp/files/conf/metadataError.html:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 | Unknown Identity Provider
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
Unknown or Unusable Identity Provider
19 |
20 |
The identity provider supplying your login credentials is not authorized
21 | for use with this service or does not support the necessary capabilities.
22 |
23 |
To report this problem, please contact the site administrator at
24 | .
25 |
26 |
27 |
Please include the following error message in any email: