commont task to create lxc vm in separete file `prepare_lxc_host`,
avoid redundancy of statements in each vm-specific playbook file.
Playbooks updated to import `prepare_lxc_host`:
- ldap
- matrix
- nextcloud
- projects
- status
- (Icinga2) Preseed correctly all the debconf variables to have IDO db created
and populated by `icinga2-ido-pgsql` deb installation script.
- (IcingaWeb2) Use a different user, `www-data`, with lower
privileges, to access the IDO db in read-only mode.
- Use everywhere socket (local ident) authentication to PostgreSQL to
avoid local service password.
(IcingaWeb2) Configuration issues fixed:
- Missing `php-fpm` requirement.
- Migrating php7.0 -> php 7.3 in nginx config location config file.
- Fixed `rewrite` rule in nginx configuration:
When usign `/icingaweb2` as rewrite target nginx automatically
expand the redirect 302 response as
`$scheme://$remote_host:$remote_port/icingaweb2`, causing
connection to fail when behind a *reverse proxy*, because
remote_post and remote_host are incorrect.
- Remove hardcoded `status.lilik.it` in `meta/main.yaml`,
`server_fqdn` is already defined in `defaults/main.yaml` as
`{{ ansible_hostname }}.{{ domain }}`.
(IcingaWeb2) LDAP:
- procedure to automatically issue service credetinals to authenticate
with the ldap server.
- starttls secured ldap connection with service account.
- use of the variable `base_dn` instead of hard-coded values in config
files.
(IcingaWeb2) CONFIGURATION:
- fixed rsync parameters.
- resource renaming.
Make it work on Python3, even if deprecated with the new `ssh_lxc`
connection plugin.
Now you can use directly the `slurp` native module with delegation to
the lxc guest.
May be useful only in case where it is impossible to get python3 or
other ansible requirements on the lxc guest.
When using multiples server names in `server_name`, the NGINX variable
`$server_name` will always point only to the first entry. `$host`
variable, instead, point to the selected host from the user (HTTP
request or Host: header).
Do not apply tag `packages` to role `service`. Tags are already
applied inside the role. If we apply the tag `package` at the role
level handlers defined inside the role (restart, reload) are not
available in the play!