ansible_common

Ansible Common Roles

Common
Firewalld
LDAP
phpLDAPAdmin
PWM : self password management web app
PostgreSQL : Use CentOS Base yum version
Ruby
Tomcat
Glassfish
Maven
http_proxy

Common

Usage
```
  roles:
    - ../ansible_common/common
```
No Argument
Abstract : Common settings for almost all servers.
1. Enable epel
2. yum update
3. install basic commands. curl wget postfix etc.
4. disable SELinux :-P
5. open mdns (avahi) ports.

Firewalld

Usage

  roles:
    - { role: ../ansible_common/firewalld, PORTS:["4848/tcp","8080/tcp"], SERVICES:["ldap"] }

Argument

Argument	Default value	Explanation
PORTS	[]	these ports are opened for client computers
SERVICES	[]	these services are opened for client computers

Abstract : make specified ports and services open

LDAP

Usage

  roles:
    - { role: ../ansible_common/ldap, ROOT_PWD: "9l!fe"}

Argument

Argument	Default value	Explanation
ROOT_PWD	secret
DOMAIN	example	DOMAIN must be the first dc of the SUFFIX.
SUFFIX	dc=example,dc=com	base dn
ORG	example co. ltd.	Organization name.

Abstract : Install OpenLDAP

install openldap
create cn=Manager,dc=example,dc=com / password=secret
install schmeas

core : basic attribute. "cn", "ou", etc.
cosine : x500/COSINE tree figure data structure
inetorgperson : name, group, email, etc.

memberof overlay : auto resolve 'memberof attributes' of inetorgperson. For example :

# admin user
dn: cn=ichiro,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
cn: ichiro
sn: suzuki
userPassword: ichiro123

# admin group
dn: cn=admin,ou=Group,dc=example,dc=com
objectClass: groupOfNames
cn: admin
member: cn=ichiro,ou=People,dc=example,dc=com

$ ldapsearch -x -D "cn=Manager,dc=example,dc=com" -W -b "cn=ichiro,ou=People,dc=example,dc=com" memberof
dn: cn=ichiro,ou=People,dc=example,dc=com
memberOf: cn=admin,ou=Group,dc=example,dc=com

create sample directory

  - dc=com
    - dc=example
      - Group (organizationalUnit)
        - admin (groupOfNames) ⇒ member = cn=ichiro,ou=People,dc=example,dc=com
      - People (organizationalUnit)
        - ichiro (inetOrgPerson) ⇒ userPassword=ichiro123
        - jiro (inetOrgPerson) ⇒ userPassword=jiro123

set access authentication

Attribute	User	Auth
userPassword	cn=Manager,dc=example,dc=com	manage
	self	write
	anonymous	auth
	* (other)	none
* (other)	cn=Manager,dc=example,dc=com	manage
	self	write
	* (other)	none

Appendix. About typical attibutes of LDAP

Attribute	Note
dn	a location of tree. Ex. cn=ichiro,ou=People,dc=example,dc=com
dc	domain component. Ex. dc=example, dc=com
c	country
o	organization. Ex. a company
ou	organization unit. Ex. a division in the company
cn	lastname (family-name)
sn	firstname (given-name)
uid	user id
userPassword	password. You shoud store hash value of password. Don't put plain text.
RDN	primary key (attribute) during brother nodes

Appendix. How can I use groupOfUniqueNames as auth group objectClass instead of groupOfNames.
- Settings for the memberof overlay is in cn=config. And default settings is following :
```
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
```
- So, to refer the uniqueMember attribute in the groupOfUniqueNames objectClass when seeking inetOrgPerson, you must overwrite these config attribute.
- more details, see man page
- But an ancient old wise man said you should not change the default setting in vain!

phpLDAPAdmin

Usage

  roles:
    - ../ansible_common/ldapadmin

No Argument
Abstract
1. install apache
2. install phpLDAPAdmin

PWM

Usage
```
  roles:
    - ../ansible_common/pwm
```
No Argument
Abstract
1. install PWM to /opt/tomcat/webapps
2. If there is apache, install mod_proxy_http settings.

PostgreSQL

Usage

  roles:
    - { role: ../ansible_common/postgres, db_name: redmine, db_passwd: "{{ db_passwd_redmine }}" }

Argument

Argument	Default value	Explanation
db_name	(none)	username for db
db_passwd	(none)	password for db

Abstract
1. install postgresql (CentOS Base yum version, not latest)
2. create user.
3. create db that {{db_name}} user has full permission.

Ruby

Usage

  roles:
    - role: ../ansible_common/ruby

Argument

Argument	Default value	Explanation
ruby_version	ruby-2.3.1	source code is published in https://cache.ruby-lang.org/pub/ruby/2.3/{{ ruby_version }}.tar.gz

Abstract
1. donwload ruby source
2. build ruby
3. install ruby

Tomcat

Usage

  roles:
    - role: ../ansible_common/tomcat

Argument

Argument	Default value	Explanation
JAVA_VERSION	1.8.0
TOMCAT_VERSION	8.5.8	source code is published in http://ftp.tsukuba.wide.ad.jp/software/apache/tomcat/tomcat-8/v{{ TOMCAT_VERSION }}/bin/apache-tomcat-{{ TOMCAT_VERSION }}.tar.gz

Abstract
1. install openjdk 1.8.0 and postgresql/mysql jdbc driver
2. donwload tomcat source
3. install tomcat
4. make symlink of jdbc drivers to /opt/tomcat/lib/
5. create systemd unit and enable it

Glassfish

Usage

  roles:
    - { role: ../ansible_common/glassfish
        , db_name: gis
        , db_passwd: password
        , db: postgis
      }

Argument

Argument	Default value	Explanation
JAVA_VERSION	1.8.0
GLASSFISH_VERSION	4.1.2	source code is published in http://download.java.net/glassfish/{{ GLASSFISH_VERSION }}/release/glassfish-{{ GLASSFISH_VERSION }}.zip
ADMIN_PASSWORD	password
db_name		Database name (it is same as the database admin user)
db_password		password for {{db_name}}
db		Database type [postgis, postgresql]

Abstract
1. install openjdk 1.8.0
2. donwload glassfish source
3. install glassfish
4. create systemd unit and enable it
5. create jms queue jms/myQueue
6. create datasource jdbc/sample
Glassfish 4.1.1 has bug at the management console in Nov-2016. see JIRA GLASSFISH-21443
JDBC Drivers would be installed.
If you want to prepare the postgis jdbc driver for the glassfish, you must call the maven role before calling this role.
The "jdbc/sample" refers the app-connection-pool. You can add another datasource for example "jdbc/activitiDS" that refers the app-connection-pool later. Or You can change the "jdbc/sample" to your favorite name.

Maven

Usage

  roles:
    - role: ../ansible_common/maven

Argument

Argument	Default value	Explanation
JAVA_VERSION	1.8.0
MAVEN_VERSION	3.3.9

Abstract
1. install openjdk 1.8.0
2. install maven 3.3.9 (yum version is too old, install from apache site)
3. create .m2/settings.xml if proxy.yml is defined.
if proxy settings is needed, write like follows :

---
http_proxy_host: proxy.foo.com
http_proxy_port: 3128
http_proxy_username: john@foo.com
http_proxy_password: password

http_proxy: http://{{ http_proxy_username | urlencode() }}:{{ http_proxy_password }}@{{ http_proxy_host }}:{{ http_proxy_port }}

proxy_env :
  no_proxy: 127.0.0.1,localhost
  http_proxy: "{{ http_proxy | default(None) }}"
  https_proxy: "{{ http_proxy | default(None) }}"

http_proxy (reverse proxy settings for apache)

Usage

  roles:
    - { role: ../ansible_common/http_proxy, REQUEST:"/pwm/", DEST:"http://localhost:8080/pwm/"}

Argument

Argument	Default value	Explanation
REQUEST	(none)	If user requests url which has {{ REQUEST }}, http_proxy will farm out the request to {{ DEST }}
DEST	(none)

ansible_common

About