From c5d4613dd73f68e73abaa6f59186ad46aabb1ae0 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 16:27:53 +0100 Subject: [PATCH 01/61] Altering workflow in GitHub Actions for building wiki2pages files. --- .../workflows/ce-provision-publish-docs.yml | 67 ++++++------------- ce-dev/ce-dev.compose.yml | 1 - 2 files changed, 21 insertions(+), 47 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 2ba8cbc66..b8709a883 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -1,60 +1,35 @@ -name: Build docs - -# Run this workflow when a PR to 1.x gets merged +# Run this workflow on demand and every time a new commit pushed to your repository on: pull_request: - types: [closed] - branches: - - 1.x + workflow_dispatch: jobs: # Set the job key. The key is displayed as the job name # when a job name is not provided - build-docs: + public-docs: + if: ${{ github.event.pull_request.head.ref != 'documentation' }} # Name the Job - name: Build the documentation + name: Publish the ce-provision docs to GitHub # Set the type of machine to run on - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest - steps: - # Checks out a copy of your repository on the ubuntu-latest machine - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 + # Use our ce-dev Debian base container + container: + image: codeenigma/ce-dev-controller:2.x + volumes: + - ${{ github.workspace }}:/home/controller - # Configures global Git variables for committing - - name: Configure Git - run: | - git config --global user.email "sysadm@codeenigma.com" - git config --global user.name "Code Enigma CI" - git config --global pull.rebase false - - # Installs the ce-dev stack - - name: Install ce-dev + steps: + - name: Install wiki2pages run: | - cd /tmp - wget https://golang.org/dl/go1.15.8.linux-amd64.tar.gz - sudo tar -C /usr/local -xzf go1.15.8.linux-amd64.tar.gz - export PATH=$PATH:/usr/local/go/bin - git clone https://github.com/FiloSottile/mkcert && cd mkcert - go build -ldflags "-X main.Version=$(git describe --tags)" - sudo mv ./mkcert /usr/local/bin && cd ../ - sudo chmod +x /usr/local/bin/mkcert - rm -Rf mkcert - curl -sL https://raw.githubusercontent.com/codeenigma/ce-dev/1.x/install.sh | /bin/sh -s -- linux + /usr/bin/git clone https://github.com/codeenigma/wikis2pages.git - # Uses the ce-dev stack to run Hugo to format and deploy the docs - - name: Publish documentation + - name: Run wiki2pages against ce-provision 2.x run: | - cd - git clone https://github.com/codeenigma/wikis2pages.git cd wikis2pages - /bin/bash init.sh https://${{ secrets.GITHUB_TOKEN }}@github.com/codeenigma/ce-provision.git 1.x - /bin/sh set-current.sh ce-provision-1.x - docker exec --user ce-dev --workdir /home/ce-dev/deploy/live.local wikis2pages-hugo hugo - /bin/sh .github-actions-push.sh - cd /home/runner/wikis2pages/public/ce-provision-1.x - git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git - git push ci master - shell: bash + /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev + /home/ce-dev/ansible/bin/ansible-playbook ce-dev/ansible/provision.yml + /bin/sh set-current.sh ce-provision-2.x --no-ce-dev + /home/ce-dev/ansible/bin/ansible-playbook ce-dev/ansible/deploy.yml + ls -la public/ + ls -la public/ce-provision-2.x/ diff --git a/ce-dev/ce-dev.compose.yml b/ce-dev/ce-dev.compose.yml index f512e6176..c4a4e2188 100644 --- a/ce-dev/ce-dev.compose.yml +++ b/ce-dev/ce-dev.compose.yml @@ -1,4 +1,3 @@ -version: "3.7" x-ce_dev: version: 1.x registry: localhost:5000 From 84761013444e61909cfe7ef9f01f4c2cf16fc07b Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 16:55:07 +0100 Subject: [PATCH 02/61] Attempting to set a hosts file for Ansible in CI. --- .github/workflows/ce-provision-publish-docs.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index b8709a883..260d7d1d2 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -21,10 +21,14 @@ jobs: steps: - name: Install wiki2pages + run: /usr/bin/git clone https://github.com/codeenigma/wikis2pages.git + + - name: Set up Ansible hosts file run: | - /usr/bin/git clone https://github.com/codeenigma/wikis2pages.git + mkdir -p /home/ce-dev/ansible/bin/hosts + echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts - - name: Run wiki2pages against ce-provision 2.x + - name: Initialise wiki2pages for ce-provision 2.x run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev From 327db083cc817177f3d2de18429d3173a2a4b807 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:00:11 +0100 Subject: [PATCH 03/61] Trying to force Ansible host. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 260d7d1d2..757d40a42 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -32,8 +32,8 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook ce-dev/ansible/provision.yml + /home/ce-dev/ansible/bin/ansible-playbook -i localhost ce-dev/ansible/provision.yml /bin/sh set-current.sh ce-provision-2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook ce-dev/ansible/deploy.yml + /home/ce-dev/ansible/bin/ansible-playbook -i localhost ce-dev/ansible/deploy.yml ls -la public/ ls -la public/ce-provision-2.x/ From b5d201a05b28ecdbaa44dfa1f8e3ea4ec30bdb47 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:02:30 +0100 Subject: [PATCH 04/61] Trying to force Ansible host. --- .github/workflows/ce-provision-publish-docs.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 757d40a42..0551e3d4f 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -28,12 +28,15 @@ jobs: mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts + - name: Start SSHD + run: /usr/sbin/sshd& + - name: Initialise wiki2pages for ce-provision 2.x run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i localhost ce-dev/ansible/provision.yml + /home/ce-dev/ansible/bin/ansible-playbook -i "wikis2pages-hugo ansible_ssh_host=127.0.0.1" ce-dev/ansible/provision.yml /bin/sh set-current.sh ce-provision-2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i localhost ce-dev/ansible/deploy.yml + /home/ce-dev/ansible/bin/ansible-playbook -i "wikis2pages-hugo ansible_ssh_host=127.0.0.1" ce-dev/ansible/deploy.yml ls -la public/ ls -la public/ce-provision-2.x/ From 64530b15bd5a661987b1512e87f76027b1ee6d42 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:05:29 +0100 Subject: [PATCH 05/61] Trying with an inventory file instead. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 0551e3d4f..bfd1cd14b 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -35,8 +35,8 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i "wikis2pages-hugo ansible_ssh_host=127.0.0.1" ce-dev/ansible/provision.yml + /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/provision.yml /bin/sh set-current.sh ce-provision-2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i "wikis2pages-hugo ansible_ssh_host=127.0.0.1" ce-dev/ansible/deploy.yml + /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ ls -la public/ce-provision-2.x/ From a8ba1c46da2b71390534162e0115d91350fbb11a Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:12:11 +0100 Subject: [PATCH 06/61] Running Ansible as the 'ce-dev' user. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index bfd1cd14b..075ba5efc 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -35,7 +35,7 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/provision.yml + /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From 9d8b47cd84594a327db36ffa82ad982a17236b0a Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:14:48 +0100 Subject: [PATCH 07/61] Fixing path to playbook. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 075ba5efc..890220c7c 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -35,7 +35,7 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From c87bbd0577cd8aa41ec78f5a5f32db7e7c9fc50f Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:17:18 +0100 Subject: [PATCH 08/61] Disabling host key checking. --- .github/workflows/ce-provision-publish-docs.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 890220c7c..5bed4743f 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -1,3 +1,5 @@ +name: Publish docs + # Run this workflow on demand and every time a new commit pushed to your repository on: pull_request: @@ -35,7 +37,7 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -e ANSIBLE_HOST_KEY_CHECKING=False -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From 5bd801e18819e99aacd360bb1e795d3db1c9b96a Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:23:09 +0100 Subject: [PATCH 09/61] Disabling host checking in SSH. --- .github/workflows/ce-provision-publish-docs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 5bed4743f..59df23cfc 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -29,6 +29,7 @@ jobs: run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts + echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config - name: Start SSHD run: /usr/sbin/sshd& @@ -37,7 +38,7 @@ jobs: run: | cd wikis2pages /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -e ANSIBLE_HOST_KEY_CHECKING=False -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From 7f0821961fac007a1d63ea683d12dbc72cb575d4 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:50:43 +0100 Subject: [PATCH 10/61] Trying to use ce-dev user instead of root. --- .github/workflows/ce-provision-publish-docs.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 59df23cfc..3283d916f 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -23,22 +23,23 @@ jobs: steps: - name: Install wiki2pages - run: /usr/bin/git clone https://github.com/codeenigma/wikis2pages.git + run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/wiki2pages" - name: Set up Ansible hosts file run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config + chown ce-dev:ce-dev /home/ce-dev/.ssh/config + chmod 700 /home/ce-dev/.ssh/config - name: Start SSHD run: /usr/sbin/sshd& - name: Initialise wiki2pages for ce-provision 2.x run: | - cd wikis2pages - /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev - /usr/bin/su - ce-dev -c "/home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /__w/ce-provision/ce-provision/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd wikis2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd wikis2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From f9e29fc04819d4eb98ee549f4f6bbb8b541001b6 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:52:41 +0100 Subject: [PATCH 11/61] Fixing path to scripts. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 3283d916f..1e5faaffe 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -38,8 +38,8 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - /usr/bin/su - ce-dev -c "cd wikis2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd wikis2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From c120476bc476175856215a759e480ca64a2598c6 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:56:54 +0100 Subject: [PATCH 12/61] Adding some debug lines to check playbooks. --- .github/workflows/ce-provision-publish-docs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 1e5faaffe..732518f29 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -39,6 +39,9 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + ls -l /home/ce-dev/wiki2pages/ + ls -l /home/ce-dev/wiki2pages/ce-dev/ + ls -l /home/ce-dev/wiki2pages/ce-dev/ansible/ /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml From caa1b90d9de9a7fdcf35c8e0923148d77e327a37 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 17:57:38 +0100 Subject: [PATCH 13/61] Fixing workspace volume mount point. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 732518f29..54fdfd92e 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,7 +19,7 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/home/controller + - ${{ github.workspace }}:/home/ce-dev steps: - name: Install wiki2pages From 63667015068ddf23f7d46927cdf8a1f35f61f773 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:01:20 +0100 Subject: [PATCH 14/61] Trying a whole new /build location. --- .github/workflows/ce-provision-publish-docs.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 54fdfd92e..5477135fd 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,11 +19,11 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/home/ce-dev + - ${{ github.workspace }}:/build steps: - name: Install wiki2pages - run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/wiki2pages" + run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /build/wiki2pages" - name: Set up Ansible hosts file run: | @@ -38,11 +38,11 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - ls -l /home/ce-dev/wiki2pages/ - ls -l /home/ce-dev/wiki2pages/ce-dev/ - ls -l /home/ce-dev/wiki2pages/ce-dev/ansible/ - /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + ls -l /build/wiki2pages/ + ls -l /build/wiki2pages/ce-dev/ + ls -l /build/wiki2pages/ce-dev/ansible/ + /usr/bin/su - ce-dev -c "cd /build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /build/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From 15af1c3366e49cb65df9aef8dd14bf9046998f52 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:05:19 +0100 Subject: [PATCH 15/61] Setting permissions on mounted disk. --- .github/workflows/ce-provision-publish-docs.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 5477135fd..032258990 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,11 +19,14 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/build + - ${{ github.workspace }}:/home/ce-dev steps: + - name: Set permissions + run: chown -Rf ce-dev:ce-dev /home/ce-dev + - name: Install wiki2pages - run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /build/wiki2pages" + run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/wiki2pages" - name: Set up Ansible hosts file run: | @@ -38,11 +41,11 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - /usr/bin/su - ce-dev -c "cd /build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - ls -l /build/wiki2pages/ - ls -l /build/wiki2pages/ce-dev/ - ls -l /build/wiki2pages/ce-dev/ansible/ - /usr/bin/su - ce-dev -c "cd /build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /build/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + ls -l /home/ce-dev/wiki2pages/ + ls -l /home/ce-dev/wiki2pages/ce-dev/ + ls -l /home/ce-dev/wiki2pages/ce-dev/ansible/ + /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From a5f04ded4dfdc00141eef92ab0d4383379ebaaf8 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:07:53 +0100 Subject: [PATCH 16/61] Checking ce-dev dir contents. --- .github/workflows/ce-provision-publish-docs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 032258990..40f2854ab 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -32,6 +32,7 @@ jobs: run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts + ls -la /home/ce-dev/ echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config chown ce-dev:ce-dev /home/ce-dev/.ssh/config chmod 700 /home/ce-dev/.ssh/config From 6bc2055794762386951dba6fdfcea14113a2f1c4 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:10:53 +0100 Subject: [PATCH 17/61] Changing mount point to not destroy ce-dev files. --- .github/workflows/ce-provision-publish-docs.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 40f2854ab..ec0e28917 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,14 +19,14 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/home/ce-dev + - ${{ github.workspace }}:/home/ce-dev/wiki2pages steps: - name: Set permissions - run: chown -Rf ce-dev:ce-dev /home/ce-dev + run: chown -Rf ce-dev:ce-dev /home/ce-dev/build - name: Install wiki2pages - run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/wiki2pages" + run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" - name: Set up Ansible hosts file run: | @@ -42,11 +42,11 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - ls -l /home/ce-dev/wiki2pages/ - ls -l /home/ce-dev/wiki2pages/ce-dev/ - ls -l /home/ce-dev/wiki2pages/ce-dev/ansible/ - /usr/bin/su - ce-dev -c "cd /home/ce-dev/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/wikis2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + ls -l /home/ce-dev/build/wiki2pages/ + ls -l /home/ce-dev/build/wiki2pages/ce-dev/ + ls -l /home/ce-dev/build/wiki2pages/ce-dev/ansible/ + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wikis2pages/ce-dev/ansible/provision.yml" /bin/sh set-current.sh ce-provision-2.x --no-ce-dev /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml ls -la public/ From c5626076e3d07d8ad33a9307e5f4f5cbd0213638 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:13:14 +0100 Subject: [PATCH 18/61] Commenting permissions line. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index ec0e28917..0c4e5a8e7 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -22,8 +22,8 @@ jobs: - ${{ github.workspace }}:/home/ce-dev/wiki2pages steps: - - name: Set permissions - run: chown -Rf ce-dev:ce-dev /home/ce-dev/build + #- name: Set permissions + # run: chown -Rf ce-dev:ce-dev /home/ce-dev/build - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" From 9502efe143928c25ae1143b3dbca2705a48d7618 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:18:02 +0100 Subject: [PATCH 19/61] Fixing playbook paths. --- .github/workflows/ce-provision-publish-docs.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 0c4e5a8e7..a5b9f03bd 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -22,9 +22,6 @@ jobs: - ${{ github.workspace }}:/home/ce-dev/wiki2pages steps: - #- name: Set permissions - # run: chown -Rf ce-dev:ce-dev /home/ce-dev/build - - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" @@ -43,11 +40,8 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - ls -l /home/ce-dev/build/wiki2pages/ - ls -l /home/ce-dev/build/wiki2pages/ce-dev/ - ls -l /home/ce-dev/build/wiki2pages/ce-dev/ansible/ - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wikis2pages/ce-dev/ansible/provision.yml" - /bin/sh set-current.sh ce-provision-2.x --no-ce-dev - /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts ce-dev/ansible/deploy.yml + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la public/ ls -la public/ce-provision-2.x/ From 88a7b127127f86eae586d792aa5b0fadcfe61697 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:23:47 +0100 Subject: [PATCH 20/61] Outputting hosts and SSH config for debug. --- .github/workflows/ce-provision-publish-docs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index a5b9f03bd..8bf52024f 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -40,6 +40,8 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + cat /home/ce-dev/ansible/bin/hosts/hosts + cat /home/ce-dev/.ssh/config /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" From 084eaa367835401ca2635b9426b98759d6bd4d26 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:26:07 +0100 Subject: [PATCH 21/61] Checking SSH settings. --- .github/workflows/ce-provision-publish-docs.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 8bf52024f..320e88616 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -29,7 +29,6 @@ jobs: run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts - ls -la /home/ce-dev/ echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config chown ce-dev:ce-dev /home/ce-dev/.ssh/config chmod 700 /home/ce-dev/.ssh/config @@ -40,8 +39,8 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - cat /home/ce-dev/ansible/bin/hosts/hosts - cat /home/ce-dev/.ssh/config + ls -la /home/ce-dev/.ssh + cat /home/ce-dev/.ssh/authorized_keys /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" From 53b00d7c8b0f328a67e11eee0ad1551c3d4a5017 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:33:36 +0100 Subject: [PATCH 22/61] Manually creating authorized_keys. --- .github/workflows/ce-provision-publish-docs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 320e88616..6c6b2eb40 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -30,8 +30,11 @@ jobs: mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config + cat /home/ce-dev/.ssh/id_rsa.pub > /home/ce-dev/.ssh/authorized_keys chown ce-dev:ce-dev /home/ce-dev/.ssh/config chmod 700 /home/ce-dev/.ssh/config + chown ce-dev:ce-dev /home/ce-dev/.ssh/authorized_keys + chmod 700 /home/ce-dev/.ssh/authorized_keys - name: Start SSHD run: /usr/sbin/sshd& From 4e029374519811f23cbb1356191282acfa0aa636 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:38:26 +0100 Subject: [PATCH 23/61] Fixing path to set-current. --- .github/workflows/ce-provision-publish-docs.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 6c6b2eb40..6215b0436 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -42,10 +42,8 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - ls -la /home/ce-dev/.ssh - cat /home/ce-dev/.ssh/authorized_keys /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la public/ ls -la public/ce-provision-2.x/ From 36c0aeb338a1b62bb35c9156d5935341ed420729 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:41:55 +0100 Subject: [PATCH 24/61] Refactoring SSH set-up and looking at set-current script. --- .github/workflows/ce-provision-publish-docs.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 6215b0436..8830544c8 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,7 +19,7 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/home/ce-dev/wiki2pages + - ${{ github.workspace }}:/home/ce-dev/build steps: - name: Install wiki2pages @@ -29,6 +29,9 @@ jobs: run: | mkdir -p /home/ce-dev/ansible/bin/hosts echo "wikis2pages-hugo ansible_host=127.0.0.1" > /home/ce-dev/ansible/bin/hosts/hosts + + - name: Set up SSH config + run: | echo "StrictHostKeyChecking=no" > /home/ce-dev/.ssh/config cat /home/ce-dev/.ssh/id_rsa.pub > /home/ce-dev/.ssh/authorized_keys chown ce-dev:ce-dev /home/ce-dev/.ssh/config @@ -43,6 +46,7 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" + cat /home/ce-dev/deploy/live.local/set-current.sh /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la public/ From 5c4d4eb80bea1cd96cc6834484e81aa28351dbbe Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:44:08 +0100 Subject: [PATCH 25/61] Trying to fix mount point. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 8830544c8..35189a963 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -19,7 +19,7 @@ jobs: container: image: codeenigma/ce-dev-controller:2.x volumes: - - ${{ github.workspace }}:/home/ce-dev/build + - ${{ github.workspace }}:/home/controller steps: - name: Install wiki2pages From a16ec18b8086a3a67e3a50604b8d504d462eaf40 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 18:55:50 +0100 Subject: [PATCH 26/61] Updating paths to generated docs. --- .github/workflows/ce-provision-publish-docs.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 35189a963..aa81e3997 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -49,5 +49,7 @@ jobs: cat /home/ce-dev/deploy/live.local/set-current.sh /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - ls -la public/ - ls -la public/ce-provision-2.x/ + ls -la /home/ce-dev/deploy/live.local/public/ + ls -la /home/ce-dev/deploy/live.local/public/ce-provision-2.x/ + ls -la /home/ce-dev/deploy/live.local/content/ + ls -la /home/ce-dev/deploy/live.local/content/ce-provision-2.x/ From 5c83f82379bbecb67379c33997a6fb1e7fd02bf8 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 19:12:49 +0100 Subject: [PATCH 27/61] Trying to pass in path to wiki2pages. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index aa81e3997..3a3b5d54e 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -45,10 +45,10 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" cat /home/ce-dev/deploy/live.local/set-current.sh /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la /home/ce-dev/deploy/live.local/public/ ls -la /home/ce-dev/deploy/live.local/public/ce-provision-2.x/ ls -la /home/ce-dev/deploy/live.local/content/ From a077a5fa05527046f6dae9fc3d30e210c1b8ccb0 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 19:14:25 +0100 Subject: [PATCH 28/61] Removing obsolete debug line. --- .github/workflows/ce-provision-publish-docs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 3a3b5d54e..47dd1031c 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -46,7 +46,6 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - cat /home/ce-dev/deploy/live.local/set-current.sh /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la /home/ce-dev/deploy/live.local/public/ From 9ce237e7cb79cc45a00b7a01d5eb3bc3cdaaa12c Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 19:16:17 +0100 Subject: [PATCH 29/61] Correcting path to script. --- .github/workflows/ce-provision-publish-docs.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 47dd1031c..127bafeb5 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -46,9 +46,10 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/deploy/live.local/set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/build/wiki2pages/set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - ls -la /home/ce-dev/deploy/live.local/public/ - ls -la /home/ce-dev/deploy/live.local/public/ce-provision-2.x/ - ls -la /home/ce-dev/deploy/live.local/content/ - ls -la /home/ce-dev/deploy/live.local/content/ce-provision-2.x/ + ls -la /home/ce-dev/build/wiki2pages/ + ls -la /home/ce-dev/build/wiki2pages/public/ + ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ + ls -la /home/ce-dev/build/wiki2pages/content/ + ls -la /home/ce-dev/build/wiki2pages/content/ce-provision-2.x/ From 06c8b08ec931fff1da3ca6d37c59300a3de13014 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 3 Jan 2025 19:24:13 +0100 Subject: [PATCH 30/61] Changing path we execute from. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 127bafeb5..e6b7435ed 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -46,7 +46,7 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/build/wiki2pages/set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" ls -la /home/ce-dev/build/wiki2pages/ ls -la /home/ce-dev/build/wiki2pages/public/ From 0f8be8be244675ef3b200cc677336a2b850f5a1c Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 14:26:35 +0100 Subject: [PATCH 31/61] Adding first pass at docs publish step. --- .github/workflows/ce-provision-publish-docs.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index e6b7435ed..4adb93b91 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -53,3 +53,10 @@ jobs: ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ ls -la /home/ce-dev/build/wiki2pages/content/ ls -la /home/ce-dev/build/wiki2pages/content/ce-provision-2.x/ + + - name: Publish documentation + run: | + /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x/" + /usr/bin/su - ce-dev -c "/usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" + /usr/bin/su - ce-dev -c "/usr/bin/git push ci master" From cdb28c2b3797d50cd46b20c047ea56b627fcf39f Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 15:19:37 +0100 Subject: [PATCH 32/61] Repairing working dir paths. --- .github/workflows/ce-provision-publish-docs.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 4adb93b91..4d9b1c6c6 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -56,7 +56,6 @@ jobs: - name: Publish documentation run: | - /usr/bin/su - ce-dev -c "/bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x/" - /usr/bin/su - ce-dev -c "/usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" - /usr/bin/su - ce-dev -c "/usr/bin/git push ci master" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x && /usr/bin/git push ci master" From 93751a481c6f88750c99f8e4d5729ec39ffa9a02 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 15:26:59 +0100 Subject: [PATCH 33/61] Incorrect repo path. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 4d9b1c6c6..a11043df0 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -57,5 +57,5 @@ jobs: - name: Publish documentation run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-2.x && /usr/bin/git push ci master" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git push ci master" From d8f39080b27f7c6fcbfd7ceff756f82807655370 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 16:03:48 +0100 Subject: [PATCH 34/61] Removing most of the debug lines. --- .github/workflows/ce-provision-publish-docs.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index a11043df0..e3ef2ca95 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -48,11 +48,7 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - ls -la /home/ce-dev/build/wiki2pages/ - ls -la /home/ce-dev/build/wiki2pages/public/ ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - ls -la /home/ce-dev/build/wiki2pages/content/ - ls -la /home/ce-dev/build/wiki2pages/content/ce-provision-2.x/ - name: Publish documentation run: | From 932234e6c7fca18210cf8015b3c4112e32893a4f Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 16:31:53 +0100 Subject: [PATCH 35/61] Catching up devel. (#2163) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bug fixes 2.x pr 2.x (#1395) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Ansible install perms pr 2.x (#1398) * 2.x (#1363) * Devel 2.x (#1216) * R62347 fix postfix mail delivery pr devel (#791) * GitHub Actions - Rebuilt documentation. * Need to check if is_local is defined in webserver meta dependencies. (#522) * Ce dev refactor pr 1.x (#518) * Making it easier to test with provision-target and ce-dev. * Moving the provision forcing var back to plays so _init has it. * Adding defaults vars and test script extra options. * Adding a web server test to CI. * examples string needs to be in quotes. * Making sure is_local and _ce_provision_force_play are available to the _init role. * Adding SSH keys to the provision user. * Adding a --force to the test script. * Explicitly adding vars to role. * Fixing _init behaviour and adding SSH key for web role. * Setting default PHP version to 7.4. * Looking up the generated ce-dev SSH key instead of hard-coding one. * We cannot run the ssh_server role locally, so excluding for tests of webserver role. * Trying to remove user_root.yml in case it's breaking CI. * Adding a verbose mode to the test script. * Exposing the command in the test script. * Trying hard-coded keys again. * Changing location of data dir for test containers. * Putting vars back and restricting CI to the 'web' example. * Adding backup handling to ldap_server. (#525) * Adding backup handling to ldap_server. * Improving SSL docs and handling perms for openldap and letsencrypt. * Cron user must be specified with file. * Running as root, do not need a 'sudo' in this cron. * Allowing 'gitLab' to disable Prometheus. (#530) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * GitHub Actions - Rebuilt documentation. (#526) Co-authored-by: Code Enigma CI * Prometheus pr 1.x (#533) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description. * Add private files support for Drupal in Nginx. (#535) * Prometheus pr 1.x (#539) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description. * Adding a firewall config preset to open port 80 for LetsEncrypt. * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. * Moving key servers to a variable so we can set them. (#555) * Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name. * Adding a reboot option to the patching role. (#557) * Add minimal support for Aurora RDS instances (#567) * Attempt to create an RDS read replica. * Use new task to create Aurora RDS instances. * Try and fix linting issues. * Don't pass max_storage variable for Aurora instances. * Remove more storage related vars from Aurora RDS instance creation task. * Add profile and region to read replica creation. * Try creating the Aurora read replica another way. * Add some debug info. * Work around the silly registering of variables in Ansible. * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. * Add some Aurora info to aws_rds README file. * Use reader instead of replica for Aurora readers. * Remove db_cluster_identifier variable from non-Aurora RDS task. * Gpg servers fix pr 1.x (#571) * Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name. * Using a pipe to grep with 'command' cannot work, refactoring. * Making CI use the meta deploy role to test gitlab. * We mustn't assume AWS servers for deploy and controller. * Support termination protection in EC2. (#573) * Support termination protection in EC2. * Fixing CI vars. * Fixing CI vars. * Fix managed SSL key perms and the variable used for the private key. (#575) * Ec2 subnet lookup pr 1.x (#583) * First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name. * Ec2 subnet lookup pr 1.x (#589) * First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name. * Changing subnet lookup order to check for defined subnet first. * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) * Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force. * Gitlab runner service override pr 1.x (#591) * Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force. * Debugging gitlab-runner directory creation issues in CI. * Fixing linting error. * Removing verbosity again but leaving 'stat' command in. * Pass db_cluster_identifier for RDS instance during ASG build (#600) * Pass RDS db_cluster_identifier, if present, during an ASG build. * Use correct variable name for RDS db_cluster_identifier. * Add a commented variable to ASG role for db_cluster_identifier so it's documented. * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) * Removing obsolete MySQL config option log_syslog from template. (#607) * GitHub Actions - Rebuilt documentation. (#536) Co-authored-by: Code Enigma CI * Consistent default region pr 1.x (#611) * Moving all region settings to _aws_region var and adding README update. * Documentation update. * No need for region, IAM SAML setup is global, (#617) * Support ebs encryption pr 1.x (#609) * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. * Setting more sane default instance sizes. * Adding more EBS options for ASGs. * Setting encryption to match AMI settings. * Setting encryption to match AMI settings. * We also need to dynamically set the ASGs own encrypt_boot var. * We need to merge the new branch changes before we can rebuild the docs. * Fixing merge command in CI. * Not sure toc.sh is actually executing. * Refactoring encrypt EBS flags to avoid detected loop condition in vars. * Safer CI, only adds .md files. * Trying to figure out CI logic for building docs. * Trying to figure out CI logic for building docs. * Trying to figure out CI logic for building docs. * Trying adding a git pull. * Setting git pull config options. * Reordering things. * Adding --allow-unrelated-histories to the git pull. * Trying a feature branch approach. * Forcing the GitHub action to fetch all git history. * Bad whitespace, naughty whitespace. * Trying a different PR action. * Do not merge the branch in, we only want the markdown changes. * Keeping the documentation branch clean. * We need to push a detached HEAD. * Do we need the checkout at all? * Adding a docs pull. * Allow install|update scripts in Drupal8+ (#599) * Add some flexibility to Packer (#633) * Add ability to pass on-error and force to Packer. * Add new Packer options to the ASG role as well. * Packer build options need to be declared before the file that is being built. * Allow Packer ssh_username to be set. * Making PHP >= 8.0 compatible (#634) * Packer VPC filtering (#638) * Add ability to set vpc_filter and subnet AZ for Packer builds. * Add fqcn-builtins to .ansible-lint warn_list for now. * GitHub Actions seemingly ignores warn_list. * Use simplified variables for Packer VPC stuff. * Only use one filter when filtering VPCs for Packer. * Cert management pr 1.x (#640) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Cert management pr 1.x (#642) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * Cert management pr 1.x (#644) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Cert management pr 1.x (#647) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Allowing ce-provision to set the basic auth message for Nginx. * Supporting SAN certs and tags on ACM certificates. * Fixing namespacing. * Auto-generating SSL certs for ALB and CloudFront. * More namespace fixes. * Fixing CI issue with missing AWS region var. * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. * Adding public IP option to LC config for ASGs. * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. * Fixing mistake in domains set_fact. * Fixing AnsibleUndefined bug caused by skipped task. * Fix Nginx auth_message in vhost (#653) * Revert auth_message change in Nginx role for now. * Revert "Revert auth_message change in Nginx role for now." This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. * Add default for Nginx auth_message. * Cert management pr 1.x (#655) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Allowing ce-provision to set the basic auth message for Nginx. * Supporting SAN certs and tags on ACM certificates. * Fixing namespacing. * Auto-generating SSL certs for ALB and CloudFront. * More namespace fixes. * Fixing CI issue with missing AWS region var. * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. * Adding public IP option to LC config for ASGs. * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. * Fixing mistake in domains set_fact. * Fixing AnsibleUndefined bug caused by skipped task. * Handling multiple domain validations for SAN certs. * Fixing bad variable name. * Fixing ASG DNS entries so it adds entries for SAN cert domains too. * For DNS validation we should not use --domain-validation-options at all. * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. * Bad dict structure. * Improving multi domain handling for ASG DNS. * Supporting multiple CloudFront aliases for an ASG. * Adding options to disable sign-up, sign-in and private projects. (#663) * Making ALB healthchecks optional and defaulting to disabled. (#670) * Making ALB healthchecks optional and defaulting to disabled. * Defaulting back to ELB health checks. * Remove alb healthchecks pr 1.x (#673) * Making ALB healthchecks optional and defaulting to disabled. * Defaulting back to ELB health checks. * Making sure new clusters won't fail because no ALB yet. * Allow user to set cachetool version in the opcache role. (#665) * Allow user to set cachetool version in the opcache role. * Adding a comment for a future improvement. * Adding a 'repack' option for AMIs and ASGs. (#675) * Adding a 'repack' option for AMIs and ASGs. * Adding an option to force a Packer rebuild in an ASG. * Fixing EC2 instance look-up to use cluster name. * Separating AMI provisioning tasks into a tasks file that can be included. * Refactoring AMI operation to allow current behaviour to remain default. * Trying to delegate tasks to target repack instance. * Switching from import_tasks to include_tasks. * Fixing the instance DNS name var. * Changing approach to make a standalone machine to generate AMI from. * Gah! Typo! * AMI generation requires region and profile. * Didn't wrap instance_id lookup properly. * Fixing some missing namespaces. * Missed a bad var when fixing. * Adding full set of variables for EC2 instance. * Fixing AWS SSH key name. * Decided not to use the EC2 + EIP role. * Trying to add a pause after instance launch. * Passing the target branch to Ansible as a var. * Support absolute paths to playbooks. * Refactoring to make ce-provision call itself for AMI packing tasks. * Doubled up the script path. * Switching to base dir var for ce-provision call. * Moving temp EC2 instances for AMI creation to subnet with IGW. * State of EC2 instance needs to be started instead of running. * We need to delete the AMI we created before making another one. * Refactoring AMI repack variables for readability and removing volume size. * Missed a refactored var. * Defending against AMI volume size issues for ASGs. * Refactoring extra vars handling. * For some reason Packer seems to double the brackets. * Revert "For some reason Packer seems to double the brackets." This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. * Fixing packer.json white space. * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. * Slight refactor to move the extra vars building to the relevant included tasks. * Slight documentation change. * Moved config extra vars to ce-provision as they are globally sane. * Error in jinja list building for RDS. * Ami repack option pr 1.x (#707) * Adding a 'repack' option for AMIs and ASGs. * Adding an option to force a Packer rebuild in an ASG. * Fixing EC2 instance look-up to use cluster name. * Separating AMI provisioning tasks into a tasks file that can be included. * Refactoring AMI operation to allow current behaviour to remain default. * Trying to delegate tasks to target repack instance. * Switching from import_tasks to include_tasks. * Fixing the instance DNS name var. * Changing approach to make a standalone machine to generate AMI from. * Gah! Typo! * AMI generation requires region and profile. * Didn't wrap instance_id lookup properly. * Fixing some missing namespaces. * Missed a bad var when fixing. * Adding full set of variables for EC2 instance. * Fixing AWS SSH key name. * Decided not to use the EC2 + EIP role. * Trying to add a pause after instance launch. * Passing the target branch to Ansible as a var. * Support absolute paths to playbooks. * Refactoring to make ce-provision call itself for AMI packing tasks. * Doubled up the script path. * Switching to base dir var for ce-provision call. * Moving temp EC2 instances for AMI creation to subnet with IGW. * State of EC2 instance needs to be started instead of running. * We need to delete the AMI we created before making another one. * Refactoring AMI repack variables for readability and removing volume size. * Missed a refactored var. * Defending against AMI volume size issues for ASGs. * Refactoring extra vars handling. * For some reason Packer seems to double the brackets. * Revert "For some reason Packer seems to double the brackets." This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. * Fixing packer.json white space. * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. * Slight refactor to move the extra vars building to the relevant included tasks. * Slight documentation change. * Moved config extra vars to ce-provision as they are globally sane. * Error in jinja list building for RDS. * Trailing VPC ID fields using the wrong variable. * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) * Add a task in ASG role to add an Aurora RDS endpoint. (#714) * Ssl le fixes pr 1.x (#725) * Allow multiple domains to be passed. * Ensuring we don't break older implementations. * First pass at a bash script we can run on cron for LE renewals. * Place the autorenewal script and create a cron entry. * Allowing the HTTP-01 listen port to be set to something other than 80. * Need single quotes within our double quotes. * Adding optional proxy for LE. * Revert "Adding optional proxy for LE." This reverts commit cf5720b450744915872eacafee82164300df90aa. * Adding support for apache and nginx plugins for certbot. * Fixing quote error. * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. * Fixing issue with selecting first domain. * Correcting variable names. * LE cron template missing an endfor. * Missing carriage return in LE cron script. * Turns out you can't alter facts passed in via vars by include_role. * Fixing SSL defaults. * Realised if there are multiple different LE runs each needs it's own renewal cron. * Ensure builds don't fail if ssl.web_server isn't provided. * Defending against empty SSL services list. * Improving vhost template LE handling. * Adjusting SSL cert and key var names. * Adding a temporary vhost so newly added domains can request LE certs. * Tabbing error. * Fixing possible 'resolver' errors in Nginx if you use localhost. * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. * Tweaking Nginx LE handling and making certbot commands customisable. * Fixing minor typo. * Trying giving include_role the public flag. * Documentation updates. * Adding default value to Nginx vhost template. * Move drupal8 install/update config to drupal_common under if local block. (#733) * WIP: 58848 apache role pr 1.x (#667) * Catching up devel. (#243) * Devel (#175) * Wrong filter for efs info * Fix indentation error * Do not purge tags on existing EFS * Wrong name for updating EFS targets * Remove leftover loop * Fix error in subnet gathering * Split EFS creation * Use subnet ids * Wrong var name * Remove dead code * Wrong var * Missing subnet ids * Try not to loose existing SGs * Try to dedupe targets * Wrong syntax for combine * Typo in combining tupples * Wrong var name for append items * Fix appending subnets * Wrong list transformation * Switch to community module for efs * Remove unecessary complexity * Update documentation * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. * Remove replace_batch_size from ASG creation task, so it now defaults to 1. * Wrap Postfix handler commands in quotes. (#26) * Try using shell instead of command in Postfix handlers. * GitHub Actions integration (#29) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) Co-authored-by: Emlyn Kinzett * Fix alb health check (#31) * It's traffic-port, not target-port. Doh. * Update documentation. Co-authored-by: Emlyn Kinzett * Adding note on existence of 'config' directory for de-deploy to work. * Adding link to provided example config directory. * Generate saml sso requirements (#33) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. Co-authored-by: EmlynK * Generate saml sso requirements devel (#36) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * Cleaning variables to be generic and improving LDAP role handling. Co-authored-by: EmlynK * Generate saml sso requirements devel (#37) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Adding note on existence of 'config' directory for de-deploy to work. * Adding link to provided example config directory. Co-authored-by: EmlynK * phpfpm variables (#38) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. Co-authored-by: Greg Harvey * Generate saml sso requirements devel (#39) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Fixing conflict with ce-dev/README.md. * Adding a template for SimpleSAMLphp account SPs. * Renaming template file for SAML and adding an include file for SAML admins. * Renaming template file for SAML admins. * Adding tasks for handling SimpleSAMLphp repo actions. * Refactoring git commits to defend against existing files causing commit fails. * Moving X509Certificate to a variable. Co-authored-by: EmlynK * Override fastcgi_read_timeout in Nginx (#41) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) * Add ability to override Nginx fastcgi_read_timeout value. Co-authored-by: Greg Harvey * Generate saml sso requirements devel (#42) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Fixing conflict with ce-dev/README.md. * Adding a template for SimpleSAMLphp account SPs. * Renaming template file for SAML and adding an include file for SAML admins. * Renaming template file for SAML admins. * Adding tasks for handling SimpleSAMLphp repo actions. * Refactoring git commits to defend against existing files causing commit fails. * Moving X509Certificate to a variable. * Wrapping the LinOTP code in the SAML template in an 'if' statement. Co-authored-by: EmlynK * Generate saml sso requirements devel (#43) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Fixing conflict with ce-dev/README.md. * Adding a template for SimpleSAMLphp account SPs. * Renaming template file for SAML and adding an include file for SAML admins. * Renaming template file for SAML admins. * Adding tasks for handling SimpleSAMLphp repo actions. * Refactoring git commits to defend against existing files causing commit fails. * Moving X509Certificate to a variable. * Wrapping the LinOTP code in the SAML template in an 'if' statement. * Extending the check to make sure LinOTP var isn't empty. * Removing references to LDAP in SAML groups attribute config, no need to assume. * Adding docs for the aws_iam_saml role. Co-authored-by: EmlynK * Adding aws_iam_saml docs (#45) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) * Generate saml sso requirements 1x (#44) * Wrong filter for efs info * Fix indentation error * Do not purge tags on existing EFS * Wrong name for updating EFS targets * Remove leftover loop * Fix error in subnet gathering * Split EFS creation * Use subnet ids * Wrong var name * Remove dead code * Wrong var * Missing subnet ids * Try not to loose existing SGs * Try to dedupe targets * Wrong syntax for combine * Typo in combining tupples * Wrong var name for append items * Fix appending subnets * Wrong list transformation * Switch to community module for efs * Remove unecessary complexity * Update documentation * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. * Remove replace_batch_size from ASG creation task, so it now defaults to 1. * Wrap Postfix handler commands in quotes. (#26) * Try using shell instead of command in Postfix handlers. * GitHub Actions integration (#29) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) Co-authored-by: Emlyn Kinzett * Fix alb health check (#31) * It's traffic-port, not target-port. Doh. * Update documentation. Co-authored-by: Emlyn Kinzett * Adding note on existence of 'config' directory for de-deploy to work. * Adding link to provided example config directory. * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * Generate saml sso requirements (#33) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Generate saml sso requirements devel (#36) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * Cleaning variables to be generic and improving LDAP role handling. Co-authored-by: EmlynK * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Generate saml sso requirements devel (#37) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Adding note on existence of 'config' directory for de-deploy to work. * Adding link to provided example config directory. Co-authored-by: EmlynK * Fixing conflict with ce-dev/README.md. * Adding a template for SimpleSAMLphp account SPs. * Renaming template file for SAML and adding an include file for SAML admins. * Renaming template file for SAML admins. * phpfpm variables (#38) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. Co-authored-by: Greg Harvey * Adding tasks for handling SimpleSAMLphp repo actions. * Refactoring git commits to defend against existing files causing commit fails. * Moving X509Certificate to a variable. * Generate saml sso requirements devel (#39) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Adding AWS CLI and credentials files to local ce-dev. * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. * GitHub actions into v1. (#30) * Adding Super Linter workflow for GitHub Actions. * Adding the documentation checker. * Getting GitHub Actions to continue on failure. * Seeing if Git exists. * Missing space. * Re-adding the checkout and the git commands. * Trying Pascal's script. * Adding both lines to the same 'run' command. * GitHub Actions wtf - splitting into two steps. * Trying steps on branch name. * Trying steps on branch name AGAIN. * Would be good to get the syntax right. * Trying different quotes. * Checking the contents of the github.ref variable. * Trying to add in Pascal's testing step. * Adding in /bin/sh to hopefully make test.sh run. * Google says try it with /bin/bash. * Trying a different Ubuntu version. * Installing net-tools to have ifconfig. * Updating testing shell (#28) * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) * Fixing test.sh to explicitly call bash. GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. Co-authored-by: EmlynK * We probably don't need /bin/bash * Making test.sh executable. * Checking shell. * Explicitly setting shell to bash in provision.sh. * Trying ubuntu-16.04 as Travis used this. * Putting shell back. * Update provision.sh * Making /bin/bash the shell. * Making /bin/bash the shell for provision. * Explicitly stating bash again in YML. * Turns out the mkcert binary is out of date. * Compiled mkcert from source. * Fixing curl error. * Switching to wget. * Starting the linter again and renaming job. * Only lint changed files. * Linting a non-existent branch! * Tidying the documentation check. * Revert "Making /bin/bash the shell for provision." This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. * Revert "Making /bin/bash the shell." This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. * Revert "Tidying the documentation check." This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. * Swapping Super-Linter for ansible-lint. * Running ansible-lint directly in the container. * Updating to latest Ubuntu. * Revert "Fixing test.sh to explicitly call bash." This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. * Fixing ansible-lint issues. * Revert "Fixing ansible-lint issues." This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. * Removing old travis config. * Spacing issue fix. * Running tests on pull_request only. Co-authored-by: EmlynK * Cleaning variables to be generic and improving LDAP role handling. * Adding modified iam_alis module found on GitHub. * Adding management of IAM account alias. * Revert "Merge branch 'devel' into generate_saml_sso_requirements" This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. * Fixing conflict with ce-dev/README.md. * Adding a template for Si
 * Bug fixes 2.x pr 2.x (#1400) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * updating-aws-cloudfront-distribution-to-enable-logging-2.x-branch (#1404) Co-authored-by: Matej Stajduhar * Adding default value if logging not defined 2.x (#1407) * adding-default-value-if-logging-not-defined-2.x * adding-example-for-logging --------- Co-authored-by: Matej Stajduhar * Cleaner-pipeline-output-2.x (#1412) Co-authored-by: Matej Stajduhar * Updating-extra-packages-2x (#1414) * updating-cloudfront-role-2.x (#1418) Co-authored-by: Matej Stajduhar * r68152-secure-symfony-app-for-prod 2.x (#1429) * r68152-put-new-prod-symfony-template 2.x (#1433) * Adding-wazuh-role-2x (#1441) * Fixing-wazuh (#1445) * Fixing wazuh pr 2.x (#1447) * Fixing-wazuh * Fixing-wazuh * Fixing wazuh pr 2.x (#1449) * Fixing-wazuh * Fixing-wazuh * Adding-ansible-builtin-modules * Adding-debug * Fixing-vars * Adding clamdscan package to clamav role. (#1452) * Bug fixes 2.x pr 2.x (#1454) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Fixing-wazuh-vars (#1456) * Fixing wazuh vars pr 2.x (#1460) * Fixing-wazuh-vars * Fixing-linting * Updating-sury-keys (#1463) * Replace ssl certs pr 2.x (#1467) * Documentation updates. * Tidying SSL role and allowing option to replace a cert. * Bug fixes 2.x pr 2.x (#1469) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Fixing-wazuh-variables (#1473) * Adding-wazuh-path-defaults (#1480) * Adding-wazuh-path-defaults * Changing-wazuh-path-location * Updating wazuh path2x pr 2.x (#1482) * Updating-wazuh-path2x * Updating-all-roles-path * Making Varnish template handling more flexible. (#1485) * Making Varnish template handling more flexible. * Adding empty line. * Varnish config pr 2.x (#1491) * Making Varnish template handling more flexible. * Adding empty line. * Minor template changes. * Tls for postfix pr 2.x (#1493) * Some Apache docs updates. * Sorting TLS for SMTP in Postfix config. * Left bad domain in example cert paths. * Setting-port-change-option-for-nginx (#1487) * Setting-port-change-option-for-nginx * Update main.yml * Update nginx.conf.j2 --------- Co-authored-by: Matej Stajduhar * Tls for postfix pr 2.x (#1498) * Some Apache docs updates. * Sorting TLS for SMTP in Postfix config. * Left bad domain in example cert paths. * Typo in template var names. * Changing-LE-default-vhost (#1500) * Handling allowing client config template for ovpn to have an FQDN. (#1502) * Openvpn client fqdn pr 2.x (#1504) * Supporting a fixed PHP version with a fixed port number. * Accidently re-added the old VPN role - re-deleting! * Handling allowing client config template for ovpn to have an FQDN. * Let's not assume port 1194 for ovpn. * Openvpn client fqdn pr 2.x (#1506) * Supporting a fixed PHP version with a fixed port number. * Accidently re-added the old VPN role - re-deleting! * Handling allowing client config template for ovpn to have an FQDN. * Let's not assume port 1194 for ovpn. * Tweaking FQDN handling in ovpn. * Adding volume handling options for Packer. (#1508) * Packer volume handling pr 2.x (#1510) * Adding volume handling options for Packer. * Missed a comma in the template, plus adding docs. * Upading-ssl-vars (#1512) * Upading-ssl-vars * Building-docs * Fixing-ldap-role-ssl-task (#1514) * r68725-Updating-ACL-role-to-include-ALB-2x (#1518) Co-authored-by: Matej Stajduhar * Changing import_role to include_vars for vars only Wazuh roles. (#1524) * Wazuh fixes pr 2.x (#1526) * Changing import_role to include_vars for vars only Wazuh roles. * We cannot use the _domain_name var in this context. * Adding cipher to client template and fixing default push route. (#1528) * Switching key server pr 2.x (#1531) * Switching-key-server * Switching-key-server-mysql * Fixing-empty-line * Fixing-mysql-role (#1534) * Fixing-mysql-role * Fixing-linting * Fixing-broken-mysql-role (#1536) * R68801 gzip nginx cloudfront pr 2.x (#1544) * r68801-r67628-gzip-nginx-cloudfront * r68801-r67628-gzip-nginx-cloudfront * remove test tasks * remove test tasks * remove test tasks * Making Duplicity use venvs. (#1547) * Making Duplicity use venvs. * Installing venvs as the correct user. * Setting Duplicity user back to root and installing 'fasteners' in the venv. * Duplicity --s3-european-buckets option deprecated. * Ansible in init pr 2.x (#1554) * Adding new Python pip package role. * Updating NGINX and Boto3 roles to use the new Python pip role. * Moving Ansible install to _init. * Detecting connection type before installing Ansible. * The _init role should not generate SSH keys and ce_provision should optionally install a new user. * Updating documentation. * Switching to using the user_provision role for controller user in _init. * Allowing for ce_provision to install Ansible in another location. * Passing vars to the core Ansible install. * We will need linters if the system didn't install them. * Duplicity role doesn't need to ensure permissions, it's done in python_pip_packages already. * Allowing ce-provision to set a different UID from the system user. * Mailpit role pr 2.x (#1522) * Stopping NGINX dropping a proxy vhost for LE if we have a services[] list. * Adding the new Mailpit role. * Updating docs. * Variable name typo. * Adding a mailpit_open firewall rule to make life easier in containers. * Final pass of Mailpit role, now works straight away in containers. * Acm san cert replacement pr 2.x (#1561) * Minor docs update for ASG role. * Adding logic to check if extra domains are in our SAN certificate already. * Fixing SAN cert list creation. * Simplying SAN look-up, sticking to selected certificate. * Ensure we have a SAN domains list before trying to loop over it. * Moving post-create ACM actions to a block. * Adding variable to store obsolete ARN in, could be useful. * Fixing bug with ACM certificate lookup, using ARN instead of domain to avoid multiple responses. * Making Bookworm the default base distro. (#1565) * Making Bookworm the default base distro. * Updating default volume type for EC2 instances to gp3. * Allow the setting of base AMI filter for Packer in ASG role. * Updating ASG docs. * Nginx domain handling pr 2.x (#1568) * Moving SSL handling to a separate tasks file. * Making more NGINX settings available for modification. * Allowing more variables to be set for PHP-FPM and the cli. * Adding template line-break for NGINX _common config for style. * Fixing timer backup job for LDAP servers. (#1574) * Ldap server schedule fixes pr 2.x (#1578) * Fixing timer backup job for LDAP servers. * Setting path to LDAP server backup log. * Adding-ami-cleanup-role (#1580) Co-authored-by: Matej Stajduhar * Adding ami cleanup role 2.x pr 2.x (#1582) * Adding-ami-cleanup-role * adding-domain-name-in-scheduler-to-differ-if-multiple-ASGs-are-in-same-region --------- Co-authored-by: Matej Stajduhar * r68801-improve-caching-behavior-and-some-nginx-fixes (#1572) * r68801-improve-caching-behavior-and-some-nginx-fixes * r68801-improve-caching-behavior-and-some-nginx-fixes * add_header to variable * add_header to variable * remove extra ; * MOAR blocks * moving-assume-role-to-files-folder (#1588) * moving-assume-role-to-files-folder * Changing-lookup-function * Changing-lookup-function-2 --------- Co-authored-by: Matej Stajduhar * Adding-retry-and-delay-on-lambda-creation-due-to-IAM-role-creation (#1593) Co-authored-by: Matej Stajduhar * Adding-wait-task-prior-to-lambda-creation (#1595) Co-authored-by: Matej Stajduhar * nginx-config-backup-and-cleaup-vhosts-on-rebuild (#1590) * nginx-config-backup-and-cleaup-vhosts-on-rebuild * change module from command to unarchive * change module from command to unarchive * Adding-CF-S3-logging (#1596) Co-authored-by: Matej Stajduhar * php clear_env config option (#1599) * move ssl to domain.yml to fix the loop; remove checking for existing vhost as the LE proxy handling may not be there if SSL wasn not configured before, and the vhost will not be there as we are recreating them by default (#1601) * Allowing multiple clamscan wrapper scripts and timers per server. (#1538) * Allowing multiple clamscan wrapper scripts and timers per server. * Updating docs.! * Giving the timer a consistent name. * r69219-Updating-Scheduler-json-target (#1603) Co-authored-by: Matej Stajduhar * R68069 alb healthchecks and nginx pr 2.x (#1609) * r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-nice-indentation * R69332 le cron mail alerts pr 2.x (#1605) * r69332-le-cron-mail-alerts * Changing-recipient-to-var * Changing-recipient-to-var-2 * Fixing-email-var * Fixing-email-var-2 * Aws acl defaults pr 2.x (#1614) * Fixing AWS ACL role defaults. * Docs update. * Punctuation fix! * Small-changes-to-roles (#1617) Co-authored-by: Matej Stajduhar * Updating-aws-acl-role (#1626) Co-authored-by: Matej Stajduhar * Apt repo role pr 2.x (#1620) * First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Apt repo role pr 2.x (#1631) * First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name. * required_paramater_for_gp3_storage_type_tidying_up_and_refactoring (#1641) * required_paramater_for_gp3_storage_type_tidying_up_and_refactoring * fix vars * fixing more vars * fixing more vars * fixing loop in template * fixing_rds_vars (#1652) * Fixing-aws-acl-condition (#1654) Co-authored-by: Matej Stajduhar * Apt repo role pr 2.x (#1661) * First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name. * Making timer name dynamic. * Adding missing repo format var to all APT repo handling. * Updating docs. * Bug fixes 2.x pr 2.x (#1662) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * fix(scripts): Fix git checkout to fetch any new branches (#1655) * Apt repo role pr 2.x (#1666) * First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name. * Making timer name dynamic. * Adding missing repo format var to all APT repo handling. * Updating docs. * Fixing bug where list is passed instead of dict for systemd timer. * Bug fixes 2.x pr 2.x (#1667) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Bug fixes 2.x pr 2.x (#1670) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Updating-waf-acl-role (#1672) Co-authored-by: Matej Stajduhar * Setting up proxy vhost pr 2.x (#1674) * Setting-up-proxy-vhost * Setting-up-proxy-vhost-2 * Fixing-typo (#1676) * New-version-of-aws-acl-role (#1683) * New-version-of-aws-acl-role * Fixing-jinja-linting --------- Co-authored-by: Matej Stajduhar * Updating-nginx-template (#1688) * Updating-aws_backup-to-register-iam-arn-2 (#1696) Co-authored-by: Matej Stajduhar * Updating-nginx-htpasswd-task-2 (#1698) Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#1702) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * r69424-Adding-resource-group-task (#1706) Co-authored-by: Matej Stajduhar * Adding lock file behaviour to ce-provision. (#1708) * Adding lock file behaviour to ce-provision. * Updating documentation. * Adding extra lock file handling for ASG EC2 machines. * Moving lock file paths to variables. * Adding docs about connection management. * Fixing placement of lock files on ASGs. * Removing the 'Remove lock file' task for ASGs as it is doomed to fail (machine is gone). * Adding in a lock file removal if we do not replace the ASG. * Bug fixes 2.x pr 2.x (#1715) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Bug fixes 2.x pr 2.x (#1717) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Creating a ce-provision installer script. (#1724) * Installer pr 2.x (#1726) * Creating a ce-provision installer script. * Updating installation docs. * Bug fixes 2.x pr 2.x (#1730) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Installer pr 2.x (#1732) * Creating a ce-provision installer script. * Updating installation docs. * Adding pip upgrade line and python-debian. * Installing certbot in a python venv. (#1659) * Installing certbot in a python venv. * Changing default location for Python packages. * Allowing the ansible role to override venv settings. * Preventing ce_deploy from installing in an entirely separate venv by default. * Updating certbot installation to use _init venv variables. * Updating duplicity role to use _init venv variables by default. * Ordering pip docs. * Update documentation. * Fixing Ansible path in installer. * Fixing occurrences of path to venv. * Installer pr 2.x (#1735) * Creating a ce-provision installer script. * Updating installation docs. * Adding pip upgrade line and python-debian. * Updating docs. * Some minor installer bug fixes. * Bug fixes 2.x pr 2.x (#1737) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Bug fixes 2.x pr 2.x (#1738) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Fixing-ACM-SAN-behaviour (#1739) * Bug fixes 2.x pr 2.x (#1742) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Bug fixes 2.x pr 2.x (#1749) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Bug fixes 2.x pr 2.x (#1752) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Bug fixes 2.x pr 2.x (#1754) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Bug fixes 2.x pr 2.x (#1756) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Redoing-changes-for-aws-acl-role (#1728) * Redoing-changes-for-aws-acl-role * retrigger checks * Fixing-conflicts-4 --------- Co-authored-by: Matej Stajduhar * Remvoing-scp-extra-args-temporary (#1761) Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#1765) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Bug fixes 2.x pr 2.x (#1767) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Bug fixes 2.x pr 2.x (#1769) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Bug fixes 2.x pr 2.x (#1771) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Managing-mime-types-nginx (#1773) * Whitelisting ce vpn ip wazuh pr 2.x (#1775) * Whitelisting-CE-VPN-IP-wazuh * Fixing-wazuh-whitelist-variable * Updating-wazuh-vars (#1777) * add community.postgresql collection and remove varnish master release (#1779) * Updating wazuh vars pr 2.x (#1781) * Updating-wazuh-vars * Updating-manager-vars * Updating wazuh vars pr 2.x (#1783) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Updating wazuh vars pr 2.x (#1785) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Updating wazuh vars pr 2.x (#1787) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Tweaking-wazuh-vars * r68065 mattermost role first commit (#1789) * r68065 mattermost role first commit * fixing linting/syntax * reload systemd with ansible.builtin.systemd_service * handler for postgresql reloads * default systemd unit file for mattermost role * r68065 install python psycopg2 (#1791) * r68065 use psycopg binary package as compiling creates depsolve issues (#1793) * permissions for postgres setup (#1795) * r68065 add mattermost group before user (#1797) * Updating-duplicity (#1804) * enable mattermost systemd unit (#1810) * nginx include for mattermost (#1812) * nginx include for mattermost * add mattermost project type * ssl on handled by nginx role (#1814) * fix mattermost nginx include (#1822) * remove unsupported nginx option (#1824) * Restore testing update pr 2.x (#1832) * Restore-testing-update * Restore-testing-update-2 --------- Co-authored-by: Matej Stajduhar * Resolving conflicts pr 2.x (#1834) * Fixing-conflicts-and-updating-docs * Fixed-conflicts * Fixed-conflicts-2 --------- Co-authored-by: Matej Stajduhar * initial commit - mattermost local backups (#1838) * r69995-Updating-vhost-for-LE-validation (#1843) Co-authored-by: Matej Stajduhar * Changing priority flexibility pr 2.x (#1841) * Changing-priority-flexibility * Changing-priority-flexibility-2 * Adding-aws-acl-to-meta * Adding-cast-to-int-for-priority --------- Co-authored-by: Matej Stajduhar * Aws acl role changes for ip set pr 2.x (#1848) * aws_acl-role-changes-for-ip-set * aws_acl-role-changes-for-ip-set-docs-update --------- Co-authored-by: Matej Stajduhar * add_php_repo_before_apt_extra_packages_task_from_common_base (#1850) * fix_opensearch_vars (#1852) * wait_timeout_for_opensearch_domain_creation (#1854) * wait_timeout_for_opensearch_domain_creation * remove trailing space * Updating-aws-acl-task (#1856) Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#1859) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Bug fixes 2.x pr 2.x (#1860) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Small-changes-on-aws-acl-and-RDS-validation (#1863) Co-authored-by: Matej Stajduhar * Updating-user-ansible-vars (#1864) * Updating user ansible vars pr 2.x (#1867) * Updating-user-ansible-vars * Fixing-syntax * add_vars_to_user_deploy_user_provision (#1869) * Disabling-general-log-mariadb (#1871) * Updating-aws_acl-role (#1873) Co-authored-by: Matej Stajduhar * r70260-rkhunter-whitelist (#1877) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting * Wazuh-var-update (#1903) * Wazuh-agent-vars-more-readable (#1905) * Filebeat-restart-task-wazuh (#1907) * Filebeat restart task wazuh pr 2.x (#1909) * Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart * Adding-gawk-to-extra-packages (#1910) * Updating-filebeat-restart-task (#1913) * Adding motd to exit role pr 2.x (#1915) * Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar * Fixing-motd-task (#1917) * Motd-switch-egrep-with-awk (#1919) * Motd-task-update (#1922) * Motd-task-update * Restoring-deleted-task * Fixing motd task when running on localhost pr 2.x (#1924) * Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar * Apt bug workaround pr 2.x (#1935) * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic * Pushing-aws-backup-validation-role (#1944) * Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar * fix(redis): Convert maxmemory setting to int before comparing (#1897) * Reverting-nginx-username (#1945) * Reverting nginx username pr 2.x (#1947) * Reverting-nginx-username * Minor-fix-nginx-username * Updating-nginx-vars (#1950) * Bug fixes 2.x pr 2.x (#1952) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * r70597 new system role for ipv6 disablement (#1954) * r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role * Fixing-json-file-for-restore-testing (#1956) Co-authored-by: Matej Stajduhar * Fixing json file for restore testing pr 2.x (#1957) * Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar * updating asg role to support custom rule on http and https (#1959) Co-authored-by: filip * Bug fixes 2.x pr 2.x (#1962) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Bug fixes 2.x pr 2.x (#1966) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * r70596 create swap directory (#1968) * r70596 create swap directory * remove stat check * 70325 adding asg redirect pr 2.x (#1963) * updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip * swapfile path and clamav exclusion (#1970) * Galaxy role pr 2.x (#1974) * Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong. * Bug fixes 2.x pr 2.x (#1975) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Bug fixes 2.x pr 2.x (#1978) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Bug fixes 2.x pr 2.x (#1980) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating defaults pr 2.x (#1982) * Updated-defaults-for-aws_acl-role * Removing-Identity-search --------- Co-authored-by: Matej Stajduhar * Updating defaults pr 2.x (#1984) * Updated-defaults-for-aws_acl-role * Removing-Identity-search * Removing-undefined-variable --------- Co-authored-by: Matej Stajduhar * Removing-gawk-apt (#1985) * Adding-gawk-removing-gawk-csh (#1987) * Adding-when-statement-for-assigning-instance (#1990) * Adding-when-statement-for-assigning-instance * Adding-check-prior-to-assigning-resources * Adding-check-prior-to-assigning-resources * Adding-region-to-aws-cli-command * Print-protected-resource * Adding-resource-type-definition * Resolved-conflicts * Removing-empty-line * Disabling-assigning-instance-to-restore-testing-plan --------- Co-authored-by: Matej Stajduhar * Matching-2.x-and-devel-branches (#1999) Co-authored-by: Matej Stajduhar * Adding-aws-ses-role (#2003) * Adding-aws-ses-role * Removing-python-script * Changing-domain-name * Using-variable-for-domain-name --------- Co-authored-by: Matej Stajduhar * Resolving-conflicts (#2015) Co-authored-by: Matej Stajduhar * Resolving-conflicts (#2018) Co-authored-by: Matej Stajduhar * Updating nginx ssl le roles pr 2.x (#2021) * Updating-nginx-SSL-LE-roles * Updating-nginx-vars * r70260 Option to ignore false-positive shared memory segment warnings (#2023) * Adding-wazuh-ossec-from-enigma00a (#2027) * Updating-gitlab-runner-env (#2031) * r70987-decom-vpn-guest (#2034) * r70797 nodhcp module in system role for hetzner cloud systems (#2036) * r70797 nodhcp module in system role for hetzner cloud systems * fix syntax * r70797 set pipefail to resolve linting failure * fix pipefail with bash (#2038) * fix var in templ (#2040) * R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042) * r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains * Changing-LE-cron * Changing-script-from-sh-to-bash --------- Co-authored-by: Matej Stajduhar * Updating-local-ossec-rules (#2045) * Updating-local-ossec-rules * Fixing-syntax * Updating-wazuh-vars (#2048) * Updating-wazuh-vars * Changing-var-defaults * Removing-wrong-variables * r70260-rkhunter-tested-good-tweaks (#2051) * Fixing-LE-renew-timer (#2052) Co-authored-by: Matej Stajduhar * R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055) * r70260-rkhunter-tweak-portpathwhitelist TEST * sanitise portpath items * Updating-system-role-condition (#2056) * Updating system role condition pr 2.x (#2059) * Updating-system-role-condition * Updating-system-role-condition-v2 * r71121-tweak-nohetznerdhcp-condition (#2061) * Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar * Updating-postfix-default-transport-maps (#2092) * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * efs_version_fix_for_old_debian_workaround (#2151) * fix(duplicity): Fix file name of include/exclude list (#2152) * Bug fixes 2.x pr 2.x (#2120) * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. * Allowing script to skip iptables. * Misnamed flag. * Adding user_provision role to configure controller user. * Wrapping cleanup so it doesn't break GitHub Actions. * Completing variables for user_provisin. * Missed the sudoers var. * Quoting vars. * GitLab installer needs _domain_name. * Logic error in clean-up script. * Fixing paths to ce-provision in container. * Trying to fix CI perms issues. * Git dubious ownership error. * Git dubious ownership error. * Running the web server test as the controller user. * Missed a controller var. * Commenting out the CE container to test. * Adding a separate step for Git actions. * Need sudo for Ubuntu. * Using a volume to persist data between steps. * Adding debug commands to test volumes. * Tweaking volumes. * Adding the checkout command back in. * Trying a different approach. * ls command looks good, so putting web build back in. * More Ansible Galaxy debug. * Trying to make ansible-galaxy detect installed roles. * Run galaxy command as controller. * Trying galaxy command and cd wrapped in su. * Specifically checking the contents of galaxy/roles. * Trying a double-tap install process. * Quick refactor and debug of SSH. * Adding OpenSSH server package. * Checking for a firewall. * Checking listening packages. * Starting SSHD especially. * Starting SSHD without systemd. * Pre-empting config a bit more. * More galaxy path debug. * Running a find to see if we can find the missing roles. * More verbosity. * Checking for missing requirements file. * Removing eroneous when clause. * Tidying up redundant debug lines. * Creating a separate ci.yml play targeting localhost. * Making sure sshd is running. * Tidying up GitLab CI file and installing SSHD. * Installing SSHD as a separate step. * SSHD already installed, starting it instead. * Don't create systemd timers in containers. * Preparing a test GitLab build. * Making builds nightly and fixing GitLab role bug. * Ensuring is_local var exists and making lock behaviour optional. * Fixing location and owner of Blackfire config so it is configurable. * Documentation update. * Removing all is defined checks for is_local since it is now always defined. * Letting GitLab know it's on Docker earlier. * Trying to run runsvdir-start to avoid container freezing. * Temporarily skipping reconfigure of GitLab to test the rest. * Trying to move GitLab reconfigure commands to CI. * Fixing service namespace for runner and reinstating GitLab tasks. * Trying to get config script working for GitLab in CI. * No systemd, do not try to restart gitlab-runner. * Removing firewall role from CI GitLab test, don't need it and it breaks CI. * Outputting PostGreSQL logs to see if there are errors. * Outputting PostGreSQL logs to see if there are errors. * Trying the config script for GitLab again. * Suppressing extra GitLab config for CI runs. * Setting Blackfire CLI defaults to use ce-dev user. * Update .wikis2pages.yml * Nightly builds (#2153) * Create ce-provision-test-nightly.yml * Remove nightly check from GitLab test. * Remove nightly check from web server test. * Removing branch references. * Updating installer config branch to 2.x * Removing config branch, default is fine now * Updating-wazuh-template (#2154) * Updating le template (#2156) * Updating-le-template * Updating-le-template * Reworking-nodejs-for-older-versions (#2157) * Reworking nodejs for older versions pr 2.x (#2159) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Reworking nodejs for older versions pr 2.x (#2160) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Reworking nodejs for older versions pr 2.x (#2161) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Separating-node-tasks-for-older-node * Publish docs pr 2.x (#2164) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. --------- Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com> Co-authored-by: Code Enigma CI Co-authored-by: EmlynK Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Dionisio Co-authored-by: pascal Co-authored-by: Jamie Wiseman Co-authored-by: mdecorniquet <43240244+mdecorniquet@users.noreply.github.com> Co-authored-by: Matthieu Decorniquet Co-authored-by: Dionisio Co-authored-by: Jean Pierre Dentone Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> Co-authored-by: tim Co-authored-by: Nick Fawbert Co-authored-by: Miro Michalicka Co-authored-by: Miro Michalicka Co-authored-by: Matej Stajduhar Co-authored-by: Sunil Odedra <122627205+sunilodedra@users.noreply.github.com> Co-authored-by: Sunny Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com> Co-authored-by: Matej Å tajduhar <30931414+matej5@users.noreply.github.com> Co-authored-by: Klaus Purer Co-authored-by: Klaus Purer Co-authored-by: Filip Rupic <123341158+filiprupic@users.noreply.github.com> Co-authored-by: filip --- .github/workflows/ce-provision-test-gitlab.yml | 4 +--- .github/workflows/ce-provision-test-web.yml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ce-provision-test-gitlab.yml b/.github/workflows/ce-provision-test-gitlab.yml index bd50e7233..9e5b46a30 100644 --- a/.github/workflows/ce-provision-test-gitlab.yml +++ b/.github/workflows/ce-provision-test-gitlab.yml @@ -1,9 +1,7 @@ name: Run GitLab server test build -# Run this workflow nightly and every time a new commit pushed to your repository +# Run this workflow every time a new commit is pushed to your repository on: - schedule: - - cron: '30 4 * * *' pull_request: jobs: diff --git a/.github/workflows/ce-provision-test-web.yml b/.github/workflows/ce-provision-test-web.yml index 54421cd40..595905064 100644 --- a/.github/workflows/ce-provision-test-web.yml +++ b/.github/workflows/ce-provision-test-web.yml @@ -1,9 +1,7 @@ name: Run web server test build -# Run this workflow nightly and every time a new commit pushed to your repository +# Run this every time a new commit is pushed to your repository on: - schedule: - - cron: '30 4 * * *' pull_request: jobs: From 4475d2c1b60032933274e5328f5f04d37a29c486 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 17:35:55 +0100 Subject: [PATCH 36/61] Adding more debug to try to find where 1.x is coming from. --- .github/workflows/ce-provision-publish-docs.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index e3ef2ca95..ac18e1fcc 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -3,13 +3,15 @@ name: Publish docs # Run this workflow on demand and every time a new commit pushed to your repository on: pull_request: +# branches: +# - 1.x +# - 2.x workflow_dispatch: jobs: # Set the job key. The key is displayed as the job name # when a job name is not provided public-docs: - if: ${{ github.event.pull_request.head.ref != 'documentation' }} # Name the Job name: Publish the ce-provision docs to GitHub # Set the type of machine to run on @@ -44,10 +46,15 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | + grep -r "1\.x" /home/ce-dev/ /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + cat /home/ce-dev/build/wiki2pages/ce-dev/ansible/wikis/ce-provision-2.x.yml /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" + cat /opt/hugo-daemon.sh + cat /home/ce-dev/build/wiki2pages/set-current.sh /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + grep -r "1\.x" /home/ce-dev/ ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From 106eba2e12ab9a1ab00073c8ac4ed485e0af5889 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 17:38:14 +0100 Subject: [PATCH 37/61] Moving the hugo script check. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index ac18e1fcc..4a0b18009 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -50,10 +50,10 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" cat /home/ce-dev/build/wiki2pages/ce-dev/ansible/wikis/ce-provision-2.x.yml /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - cat /opt/hugo-daemon.sh cat /home/ce-dev/build/wiki2pages/set-current.sh /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + cat /opt/hugo-daemon.sh grep -r "1\.x" /home/ce-dev/ ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ From 6046249c2ab439a18d5dc48c01c7e9ff0731f6ad Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 17:53:38 +0100 Subject: [PATCH 38/61] More debug. --- .github/workflows/ce-provision-publish-docs.yml | 8 +++----- roles/aws/aws_ec2_autoscale_cluster/README.md | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 4a0b18009..494bc01cc 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -46,15 +46,13 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - grep -r "1\.x" /home/ce-dev/ + grep -r "1\.x" /home/ce-dev/build/ /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" - cat /home/ce-dev/build/wiki2pages/ce-dev/ansible/wikis/ce-provision-2.x.yml /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - cat /home/ce-dev/build/wiki2pages/set-current.sh + cat /home/ce-dev/build/wiki2pages/config.toml /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - cat /opt/hugo-daemon.sh - grep -r "1\.x" /home/ce-dev/ + grep -r "2\.x" /home/ce-dev/build/ ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation diff --git a/roles/aws/aws_ec2_autoscale_cluster/README.md b/roles/aws/aws_ec2_autoscale_cluster/README.md index a9b957ac3..1a030e1e5 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/README.md +++ b/roles/aws/aws_ec2_autoscale_cluster/README.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. From 45bdf53288fffe4fa3d41aabd780c3654a3a619d Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 17:56:55 +0100 Subject: [PATCH 39/61] Moving the config.toml debug line. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 494bc01cc..4d5ca56ca 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -49,9 +49,9 @@ jobs: grep -r "1\.x" /home/ce-dev/build/ /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - cat /home/ce-dev/build/wiki2pages/config.toml /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + cat /home/ce-dev/build/wiki2pages/config.toml grep -r "2\.x" /home/ce-dev/build/ ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ From ab4fb33c756f369fbab8d911e15c4083e2c044e7 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:01:18 +0100 Subject: [PATCH 40/61] Checking the entire disk for 2.x. --- .github/workflows/ce-provision-publish-docs.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 4d5ca56ca..e6f8c7494 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -46,13 +46,11 @@ jobs: - name: Initialise wiki2pages for ce-provision 2.x run: | - grep -r "1\.x" /home/ce-dev/build/ /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - cat /home/ce-dev/build/wiki2pages/config.toml - grep -r "2\.x" /home/ce-dev/build/ + grep -r "2\.x" / ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From 2ca4c86dadf16d39e512ae3b26547f187549d423 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:06:16 +0100 Subject: [PATCH 41/61] Trying a find instead of a grep. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index e6f8c7494..ab734970e 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -50,7 +50,7 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - grep -r "2\.x" / + find / -name 2.x ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From c0c4ecb9cb04a8fcbffab6886a09d4c428ce0ebc Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:11:08 +0100 Subject: [PATCH 42/61] Trying to update ce-provision and ce-deploy. --- .github/workflows/ce-provision-publish-docs.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index ab734970e..41f2634c8 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -27,6 +27,11 @@ jobs: - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" + - name: Update local applications + run: | + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x" + - name: Set up Ansible hosts file run: | mkdir -p /home/ce-dev/ansible/bin/hosts @@ -50,7 +55,6 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - find / -name 2.x ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From 1a3a477362edc9d871a5232c0491e385b9cb2a5d Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:17:44 +0100 Subject: [PATCH 43/61] Getting more debug info. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 41f2634c8..12770b6a7 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -24,6 +24,9 @@ jobs: - ${{ github.workspace }}:/home/controller steps: + - name: Where do we start? + run: pwd -P + - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" @@ -31,6 +34,7 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x" /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x" + cat /home/ce-dev/ce-provision/.wikis2pages.yml - name: Set up Ansible hosts file run: | From 3d28ca974936cb53c4473f541ce8181c49b836fe Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:22:36 +0100 Subject: [PATCH 44/61] Adding --verbose to Ansible. --- .github/workflows/ce-provision-publish-docs.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 12770b6a7..82b2a7225 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -24,9 +24,6 @@ jobs: - ${{ github.workspace }}:/home/controller steps: - - name: Where do we start? - run: pwd -P - - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" @@ -34,7 +31,6 @@ jobs: run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x" /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x" - cat /home/ce-dev/ce-provision/.wikis2pages.yml - name: Set up Ansible hosts file run: | @@ -58,7 +54,7 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml --verbose" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From 552afeeef4c98ae70f3d802bf6c3ccc6a48407aa Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:43:15 +0100 Subject: [PATCH 45/61] Trying running Hugo directly. --- .github/workflows/ce-provision-publish-docs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 82b2a7225..53e213736 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -56,6 +56,9 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml --verbose" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ + cat /home/ce-dev/build/wiki2pages/config.toml + /usr/local/bin/hugo serve --cleanDestinationDir --renderToDisk --config /home/ce-dev/build/wiki2pages/config.toml + ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation run: | From 60c41d50041b7b9819d72e3861e9dd87c646119d Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 18:58:50 +0100 Subject: [PATCH 46/61] Changed the Hugo start script. --- .github/workflows/ce-provision-publish-docs.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 53e213736..82b2a7225 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -56,9 +56,6 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml --verbose" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - cat /home/ce-dev/build/wiki2pages/config.toml - /usr/local/bin/hugo serve --cleanDestinationDir --renderToDisk --config /home/ce-dev/build/wiki2pages/config.toml - ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation run: | From e6fe66076f2001d1803dd2ad457d6f468fb002c6 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 19:18:47 +0100 Subject: [PATCH 47/61] Trying just running 'hugo' in the right directory. --- .github/workflows/ce-provision-publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 82b2a7225..14eedec15 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -54,7 +54,7 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml --verbose" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation From df6648fa7d0d258e1a2916b96598a3730274fb90 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Mon, 6 Jan 2025 19:28:37 +0100 Subject: [PATCH 48/61] Adding ce-deploy back in with option to not run Hugo. --- .github/workflows/ce-provision-publish-docs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 14eedec15..edee7af4d 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -54,6 +54,10 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + + - name: Run Hugo + run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ From d93a1ce49c0f5bbe252987ea76ab7b388c9b83ba Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 12:50:53 +0100 Subject: [PATCH 49/61] Updating docs to make _Sidebar.md lose the starting slash. --- docs/_Sidebar.md | 196 ++++++++++---------- docs/roles/aws/aws_ec2_autoscale_cluster.md | 2 +- docs/roles/debian/nodejs.md | 2 +- roles/debian/nodejs/README.md | 2 +- 4 files changed, 101 insertions(+), 101 deletions(-) diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 3522de3bc..8e8a2e4bf 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -3,101 +3,101 @@ - [Install](/install) - [Usage](/scripts) - [Roles](roles) - - [AWS Infrastructure](/roles/aws) - - [AWS ACL](/roles/aws/aws_acl) - - [AWS Certificate Manager](/roles/aws/aws_acm) - - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup) - - [AWS AMI](/roles/aws/aws_ami) - - [AWS Backup](/roles/aws/aws_backup) - - [AWS Backup Validation](/roles/aws/aws_backup_validation) - - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution) - - [Cloudwatch log group](/roles/aws/aws_cloudwatch_log_group) - - [Amazon credentials](/roles/aws/aws_credentials) - - [Autoscale cluster](/roles/aws/aws_ec2_autoscale_cluster) - - [EC2 CloudWatch Metric Alarm](/roles/aws/aws_ec2_metric_alarm) - - [EC2 instance with EIP](/roles/aws/aws_ec2_with_eip) - - [AWS EFS](/roles/aws/aws_efs) - - [AWS ElastiCache](/roles/aws/aws_elasticache) - - [AWS IAM EC2](/roles/aws/aws_iam_role) - - [AWS IAM SAML](/roles/aws/aws_iam_saml) - - [AWS Network Info](/roles/aws/_aws_network_info) - - [AWS OpenSearch](/roles/aws/aws_opensearch) - - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair) - - [AWS RDS](/roles/aws/aws_rds) - - [AWS Resource Group.](/roles/aws/aws_resource_group) - - [AWS S3 Bucket](/roles/aws/aws_s3_bucket) - - [AWS Security Groups](/roles/aws/aws_security_groups) - - [AWS SG/firewall role](/roles/aws/aws_sg_iptables) - - [AWS SNS](/roles/aws/aws_sns) - - [VPC](/roles/aws/aws_vpc) - - [Update main route for a given VPC](/roles/aws/aws_vpc_route) - - [VPC](/roles/aws/aws_vpc_subnet) - - [Contributed roles](/roles/contrib) - - [Debian Packages](/roles/debian) - - [Ansible Galaxy](/roles/debian/ansible_galaxy) - - [Ansible](/roles/debian/ansible) - - [APACHE](/roles/debian/apache) - - [Apparmor](/roles/debian/apparmor) - - [Extra packages](/roles/debian/apt_extra_packages) - - [APT Repository](/roles/debian/apt_repository) - - [APT Unattended Upgrades](/roles/debian/apt_unattended_upgrades) - - [AWS CLI](/roles/debian/aws_cli) - - [AWS Cloudwatch agent](/roles/debian/aws_cloudwatch_agent) - - [EFS client](/roles/debian/aws_efs_client) - - [AWS SSM agent](/roles/debian/aws_ssm_agent) - - [ce-deploy](/roles/debian/ce_deploy) - - [Extra packages](/roles/debian/ce_dev) - - [Automated patching](/roles/debian/ce_patcher) - - [ce-provision](/roles/debian/ce_provision) - - [ClamAV](/roles/debian/clamav) - - [Docker CE](/roles/debian/docker_ce) - - [Docker Registry](/roles/debian/docker_registry) - - [Duplicity](/roles/debian/duplicity) - - [Firewall Config](/roles/debian/firewall_config) - - [Frontail](/roles/debian/frontail) - - [Gitlab](/roles/debian/gitlab) - - [Gitlab Runner](/roles/debian/gitlab_runner) - - [GPG Key](/roles/debian/gpg_key) - - [HA Proxy](/roles/debian/haproxy) - - [Managed /etc/hosts](/roles/debian/hosts) - - [Jenkins](/roles/debian/jenkins) - - [Jitsi](/roles/debian/jitsi) - - [LDAP Server](/roles/debian/ldap_server) - - [LHCI](/roles/debian/lhci) - - [Mailpit](/roles/debian/mailpit) - - [Mount sync](/roles/debian/mount_sync) - - [MariaDB Client](/roles/debian/mysql_client) - - [MySQL Server - Oracle Community Edition](/roles/debian/mysql_server_oracle_ce) - - [NGINX](/roles/debian/nginx) - - [NodeJS](/roles/debian/nodejs) - - [OpenVPN](/roles/debian/openvpn) - - [Packer](/roles/debian/packer) - - [PAM LinOTP](/roles/debian/pam_linotp) - - [PHP terminal client](/roles/debian/php-cli) - - [PHP common components](/roles/debian/php-common) - - [PHP Composer](/roles/debian/php_composer) - - [PHP-FPM](/roles/debian/php-fpm) - - [phpMyAdmin](/roles/debian/phpmyadmin) - - [PHP XDebug](/roles/debian/php_xdebug) - - [Postfix](/roles/debian/postfix) - - [Process Manager](/roles/debian/process_manager) - - [Python Boto](/roles/debian/python_boto) - - [Python Common](/roles/debian/python_common) - - [Python Pip Packages](/roles/debian/python_pip_packages) - - [rkhunter](/roles/debian/rkhunter) - - [Rsyslog](/roles/debian/rsyslog) - - [solr](/roles/debian/solr) - - [SSHD](/roles/debian/ssh_server) - - [SSL](/roles/debian/ssl) - - [sudo config](/roles/debian/sudo_config) - - [Swap](/roles/debian/swap) - - [System](/roles/debian/system) - - [User Ansible](/roles/debian/user_ansible) - - [varnish_config](/roles/debian/varnish_config) - - [wazuh](/roles/debian/wazuh) - - [Init role](/roles/_init) - - ["Meta" roles that group individual roles together.](/roles/_meta) - - [AWS account](/roles/_meta/aws_account) - - [AWS client](/roles/_meta/aws_client_instance) - - [AWS region](/roles/_meta/aws_region) - - [\_overrides.](/roles/_overrides) + - [AWS Infrastructure](roles/aws) + - [AWS ACL](roles/aws/aws_acl) + - [AWS Certificate Manager](roles/aws/aws_acm) + - [AWS AMI ASG Cleanup](roles/aws/aws_ami_asg_cleanup) + - [AWS AMI](roles/aws/aws_ami) + - [AWS Backup](roles/aws/aws_backup) + - [AWS Backup Validation](roles/aws/aws_backup_validation) + - [AWS CloudFront distribution](roles/aws/aws_cloudfront_distribution) + - [Cloudwatch log group](roles/aws/aws_cloudwatch_log_group) + - [Amazon credentials](roles/aws/aws_credentials) + - [Autoscale cluster](roles/aws/aws_ec2_autoscale_cluster) + - [EC2 CloudWatch Metric Alarm](roles/aws/aws_ec2_metric_alarm) + - [EC2 instance with EIP](roles/aws/aws_ec2_with_eip) + - [AWS EFS](roles/aws/aws_efs) + - [AWS ElastiCache](roles/aws/aws_elasticache) + - [AWS IAM EC2](roles/aws/aws_iam_role) + - [AWS IAM SAML](roles/aws/aws_iam_saml) + - [AWS Network Info](roles/aws/_aws_network_info) + - [AWS OpenSearch](roles/aws/aws_opensearch) + - [AWS key pair.](roles/aws/aws_provision_ec2_keypair) + - [AWS RDS](roles/aws/aws_rds) + - [AWS Resource Group.](roles/aws/aws_resource_group) + - [AWS S3 Bucket](roles/aws/aws_s3_bucket) + - [AWS Security Groups](roles/aws/aws_security_groups) + - [AWS SG/firewall role](roles/aws/aws_sg_iptables) + - [AWS SNS](roles/aws/aws_sns) + - [VPC](roles/aws/aws_vpc) + - [Update main route for a given VPC](roles/aws/aws_vpc_route) + - [VPC](roles/aws/aws_vpc_subnet) + - [Contributed roles](roles/contrib) + - [Debian Packages](roles/debian) + - [Ansible Galaxy](roles/debian/ansible_galaxy) + - [Ansible](roles/debian/ansible) + - [APACHE](roles/debian/apache) + - [Apparmor](roles/debian/apparmor) + - [Extra packages](roles/debian/apt_extra_packages) + - [APT Repository](roles/debian/apt_repository) + - [APT Unattended Upgrades](roles/debian/apt_unattended_upgrades) + - [AWS CLI](roles/debian/aws_cli) + - [AWS Cloudwatch agent](roles/debian/aws_cloudwatch_agent) + - [EFS client](roles/debian/aws_efs_client) + - [AWS SSM agent](roles/debian/aws_ssm_agent) + - [ce-deploy](roles/debian/ce_deploy) + - [Extra packages](roles/debian/ce_dev) + - [Automated patching](roles/debian/ce_patcher) + - [ce-provision](roles/debian/ce_provision) + - [ClamAV](roles/debian/clamav) + - [Docker CE](roles/debian/docker_ce) + - [Docker Registry](roles/debian/docker_registry) + - [Duplicity](roles/debian/duplicity) + - [Firewall Config](roles/debian/firewall_config) + - [Frontail](roles/debian/frontail) + - [Gitlab](roles/debian/gitlab) + - [Gitlab Runner](roles/debian/gitlab_runner) + - [GPG Key](roles/debian/gpg_key) + - [HA Proxy](roles/debian/haproxy) + - [Managed /etc/hosts](roles/debian/hosts) + - [Jenkins](roles/debian/jenkins) + - [Jitsi](roles/debian/jitsi) + - [LDAP Server](roles/debian/ldap_server) + - [LHCI](roles/debian/lhci) + - [Mailpit](roles/debian/mailpit) + - [Mount sync](roles/debian/mount_sync) + - [MariaDB Client](roles/debian/mysql_client) + - [MySQL Server - Oracle Community Edition](roles/debian/mysql_server_oracle_ce) + - [NGINX](roles/debian/nginx) + - [NodeJS](roles/debian/nodejs) + - [OpenVPN](roles/debian/openvpn) + - [Packer](roles/debian/packer) + - [PAM LinOTP](roles/debian/pam_linotp) + - [PHP terminal client](roles/debian/php-cli) + - [PHP common components](roles/debian/php-common) + - [PHP Composer](roles/debian/php_composer) + - [PHP-FPM](roles/debian/php-fpm) + - [phpMyAdmin](roles/debian/phpmyadmin) + - [PHP XDebug](roles/debian/php_xdebug) + - [Postfix](roles/debian/postfix) + - [Process Manager](roles/debian/process_manager) + - [Python Boto](roles/debian/python_boto) + - [Python Common](roles/debian/python_common) + - [Python Pip Packages](roles/debian/python_pip_packages) + - [rkhunter](roles/debian/rkhunter) + - [Rsyslog](roles/debian/rsyslog) + - [solr](roles/debian/solr) + - [SSHD](roles/debian/ssh_server) + - [SSL](roles/debian/ssl) + - [sudo config](roles/debian/sudo_config) + - [Swap](roles/debian/swap) + - [System](roles/debian/system) + - [User Ansible](roles/debian/user_ansible) + - [varnish_config](roles/debian/varnish_config) + - [wazuh](roles/debian/wazuh) + - [Init role](roles/_init) + - ["Meta" roles that group individual roles together.](roles/_meta) + - [AWS account](roles/_meta/aws_account) + - [AWS client](roles/_meta/aws_client_instance) + - [AWS region](roles/_meta/aws_region) + - [\_overrides.](roles/_overrides) diff --git a/docs/roles/aws/aws_ec2_autoscale_cluster.md b/docs/roles/aws/aws_ec2_autoscale_cluster.md index a9b957ac3..1a030e1e5 100644 --- a/docs/roles/aws/aws_ec2_autoscale_cluster.md +++ b/docs/roles/aws/aws_ec2_autoscale_cluster.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. diff --git a/docs/roles/debian/nodejs.md b/docs/roles/debian/nodejs.md index c121efb58..0e4624ee1 100644 --- a/docs/roles/debian/nodejs.md +++ b/docs/roles/debian/nodejs.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg diff --git a/roles/debian/nodejs/README.md b/roles/debian/nodejs/README.md index c121efb58..0e4624ee1 100644 --- a/roles/debian/nodejs/README.md +++ b/roles/debian/nodejs/README.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg From c103b43ea4633aede4a64e3e0981a090c78a2aa8 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 12:58:31 +0100 Subject: [PATCH 50/61] Publish docs pr devel 2.x (#2165) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bug fixes 2.x pr 2.x (#1730) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Installer pr 2.x (#1732) * Creating a ce-provision installer script. * Updating installation docs. * Adding pip upgrade line and python-debian. * Installing certbot in a python venv. (#1659) * Installing certbot in a python venv. * Changing default location for Python packages. * Allowing the ansible role to override venv settings. * Preventing ce_deploy from installing in an entirely separate venv by default. * Updating certbot installation to use _init venv variables. * Updating duplicity role to use _init venv variables by default. * Ordering pip docs. * Update documentation. * Fixing Ansible path in installer. * Fixing occurrences of path to venv. * Installer pr 2.x (#1735) * Creating a ce-provision installer script. * Updating installation docs. * Adding pip upgrade line and python-debian. * Updating docs. * Some minor installer bug fixes. * Bug fixes 2.x pr 2.x (#1737) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Bug fixes 2.x pr 2.x (#1738) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Fixing-ACM-SAN-behaviour (#1739) * Bug fixes 2.x pr 2.x (#1742) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Bug fixes 2.x pr 2.x (#1749) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Bug fixes 2.x pr 2.x (#1752) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Bug fixes 2.x pr 2.x (#1754) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Bug fixes 2.x pr 2.x (#1756) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Redoing-changes-for-aws-acl-role (#1728) * Redoing-changes-for-aws-acl-role * retrigger checks * Fixing-conflicts-4 --------- Co-authored-by: Matej Stajduhar * Remvoing-scp-extra-args-temporary (#1761) Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#1765) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Bug fixes 2.x pr 2.x (#1767) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Bug fixes 2.x pr 2.x (#1769) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Bug fixes 2.x pr 2.x (#1771) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Managing-mime-types-nginx (#1773) * Whitelisting ce vpn ip wazuh pr 2.x (#1775) * Whitelisting-CE-VPN-IP-wazuh * Fixing-wazuh-whitelist-variable * Updating-wazuh-vars (#1777) * add community.postgresql collection and remove varnish master release (#1779) * Updating wazuh vars pr 2.x (#1781) * Updating-wazuh-vars * Updating-manager-vars * Updating wazuh vars pr 2.x (#1783) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Updating wazuh vars pr 2.x (#1785) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Updating wazuh vars pr 2.x (#1787) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Tweaking-wazuh-vars * r68065 mattermost role first commit (#1789) * r68065 mattermost role first commit * fixing linting/syntax * reload systemd with ansible.builtin.systemd_service * handler for postgresql reloads * default systemd unit file for mattermost role * r68065 install python psycopg2 (#1791) * r68065 use psycopg binary package as compiling creates depsolve issues (#1793) * permissions for postgres setup (#1795) * r68065 add mattermost group before user (#1797) * Updating-duplicity (#1804) * enable mattermost systemd unit (#1810) * nginx include for mattermost (#1812) * nginx include for mattermost * add mattermost project type * ssl on handled by nginx role (#1814) * fix mattermost nginx include (#1822) * remove unsupported nginx option (#1824) * Restore testing update pr 2.x (#1832) * Restore-testing-update * Restore-testing-update-2 --------- Co-authored-by: Matej Stajduhar * Resolving conflicts pr 2.x (#1834) * Fixing-conflicts-and-updating-docs * Fixed-conflicts * Fixed-conflicts-2 --------- Co-authored-by: Matej Stajduhar * initial commit - mattermost local backups (#1838) * r69995-Updating-vhost-for-LE-validation (#1843) Co-authored-by: Matej Stajduhar * Changing priority flexibility pr 2.x (#1841) * Changing-priority-flexibility * Changing-priority-flexibility-2 * Adding-aws-acl-to-meta * Adding-cast-to-int-for-priority --------- Co-authored-by: Matej Stajduhar * Aws acl role changes for ip set pr 2.x (#1848) * aws_acl-role-changes-for-ip-set * aws_acl-role-changes-for-ip-set-docs-update --------- Co-authored-by: Matej Stajduhar * add_php_repo_before_apt_extra_packages_task_from_common_base (#1850) * fix_opensearch_vars (#1852) * wait_timeout_for_opensearch_domain_creation (#1854) * wait_timeout_for_opensearch_domain_creation * remove trailing space * Updating-aws-acl-task (#1856) Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#1859) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Bug fixes 2.x pr 2.x (#1860) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Small-changes-on-aws-acl-and-RDS-validation (#1863) Co-authored-by: Matej Stajduhar * Updating-user-ansible-vars (#1864) * Updating user ansible vars pr 2.x (#1867) * Updating-user-ansible-vars * Fixing-syntax * add_vars_to_user_deploy_user_provision (#1869) * Disabling-general-log-mariadb (#1871) * Updating-aws_acl-role (#1873) Co-authored-by: Matej Stajduhar * r70260-rkhunter-whitelist (#1877) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting * Wazuh-var-update (#1903) * Wazuh-agent-vars-more-readable (#1905) * Filebeat-restart-task-wazuh (#1907) * Filebeat restart task wazuh pr 2.x (#1909) * Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart * Adding-gawk-to-extra-packages (#1910) * Updating-filebeat-restart-task (#1913) * Adding motd to exit role pr 2.x (#1915) * Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar * Fixing-motd-task (#1917) * Motd-switch-egrep-with-awk (#1919) * Motd-task-update (#1922) * Motd-task-update * Restoring-deleted-task * Fixing motd task when running on localhost pr 2.x (#1924) * Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar * Apt bug workaround pr 2.x (#1935) * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic * Pushing-aws-backup-validation-role (#1944) * Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar * fix(redis): Convert maxmemory setting to int before comparing (#1897) * Reverting-nginx-username (#1945) * Reverting nginx username pr 2.x (#1947) * Reverting-nginx-username * Minor-fix-nginx-username * Updating-nginx-vars (#1950) * Bug fixes 2.x pr 2.x (#1952) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * r70597 new system role for ipv6 disablement (#1954) * r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role * Fixing-json-file-for-restore-testing (#1956) Co-authored-by: Matej Stajduhar * Fixing json file for restore testing pr 2.x (#1957) * Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar * updating asg role to support custom rule on http and https (#1959) Co-authored-by: filip * Bug fixes 2.x pr 2.x (#1962) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Bug fixes 2.x pr 2.x (#1966) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * r70596 create swap directory (#1968) * r70596 create swap directory * remove stat check * 70325 adding asg redirect pr 2.x (#1963) * updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip * swapfile path and clamav exclusion (#1970) * Galaxy role pr 2.x (#1974) * Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong. * Bug fixes 2.x pr 2.x (#1975) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Bug fixes 2.x pr 2.x (#1978) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Bug fixes 2.x pr 2.x (#1980) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating defaults pr 2.x (#1982) * Updated-defaults-for-aws_acl-role * Removing-Identity-search --------- Co-authored-by: Matej Stajduhar * Updating defaults pr 2.x (#1984) * Updated-defaults-for-aws_acl-role * Removing-Identity-search * Removing-undefined-variable --------- Co-authored-by: Matej Stajduhar * Removing-gawk-apt (#1985) * Adding-gawk-removing-gawk-csh (#1987) * Adding-when-statement-for-assigning-instance (#1990) * Adding-when-statement-for-assigning-instance * Adding-check-prior-to-assigning-resources * Adding-check-prior-to-assigning-resources * Adding-region-to-aws-cli-command * Print-protected-resource * Adding-resource-type-definition * Resolved-conflicts * Removing-empty-line * Disabling-assigning-instance-to-restore-testing-plan --------- Co-authored-by: Matej Stajduhar * Matching-2.x-and-devel-branches (#1999) Co-authored-by: Matej Stajduhar * Adding-aws-ses-role (#2003) * Adding-aws-ses-role * Removing-python-script * Changing-domain-name * Using-variable-for-domain-name --------- Co-authored-by: Matej Stajduhar * Resolving-conflicts (#2015) Co-authored-by: Matej Stajduhar * Resolving-conflicts (#2018) Co-authored-by: Matej Stajduhar * Updating nginx ssl le roles pr 2.x (#2021) * Updating-nginx-SSL-LE-roles * Updating-nginx-vars * r70260 Option to ignore false-positive shared memory segment warnings (#2023) * Adding-wazuh-ossec-from-enigma00a (#2027) * Updating-gitlab-runner-env (#2031) * r70987-decom-vpn-guest (#2034) * r70797 nodhcp module in system role for hetzner cloud systems (#2036) * r70797 nodhcp module in system role for hetzner cloud systems * fix syntax * r70797 set pipefail to resolve linting failure * fix pipefail with bash (#2038) * fix var in templ (#2040) * R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042) * r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains * Changing-LE-cron * Changing-script-from-sh-to-bash --------- Co-authored-by: Matej Stajduhar * Updating-local-ossec-rules (#2045) * Updating-local-ossec-rules * Fixing-syntax * Updating-wazuh-vars (#2048) * Updating-wazuh-vars * Changing-var-defaults * Removing-wrong-variables * r70260-rkhunter-tested-good-tweaks (#2051) * Fixing-LE-renew-timer (#2052) Co-authored-by: Matej Stajduhar * R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055) * r70260-rkhunter-tweak-portpathwhitelist TEST * sanitise portpath items * Updating-system-role-condition (#2056) * Updating system role condition pr 2.x (#2059) * Updating-system-role-condition * Updating-system-role-condition-v2 * r71121-tweak-nohetznerdhcp-condition (#2061) * Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar * Updating-postfix-default-transport-maps (#2092) * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * efs_version_fix_for_old_debian_workaround (#2151) * fix(duplicity): Fix file name of include/exclude list (#2152) * Bug fixes 2.x pr 2.x (#2120) * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. * Allowing script to skip iptables. * Misnamed flag. * Adding user_provision role to configure controller user. * Wrapping cleanup so it doesn't break GitHub Actions. * Completing variables for user_provisin. * Missed the sudoers var. * Quoting vars. * GitLab installer needs _domain_name. * Logic error in clean-up script. * Fixing paths to ce-provision in container. * Trying to fix CI perms issues. * Git dubious ownership error. * Git dubious ownership error. * Running the web server test as the controller user. * Missed a controller var. * Commenting out the CE container to test. * Adding a separate step for Git actions. * Need sudo for Ubuntu. * Using a volume to persist data between steps. * Adding debug commands to test volumes. * Tweaking volumes. * Adding the checkout command back in. * Trying a different approach. * ls command looks good, so putting web build back in. * More Ansible Galaxy debug. * Trying to make ansible-galaxy detect installed roles. * Run galaxy command as controller. * Trying galaxy command and cd wrapped in su. * Specifically checking the contents of galaxy/roles. * Trying a double-tap install process. * Quick refactor and debug of SSH. * Adding OpenSSH server package. * Checking for a firewall. * Checking listening packages. * Starting SSHD especially. * Starting SSHD without systemd. * Pre-empting config a bit more. * More galaxy path debug. * Running a find to see if we can find the missing roles. * More verbosity. * Checking for missing requirements file. * Removing eroneous when clause. * Tidying up redundant debug lines. * Creating a separate ci.yml play targeting localhost. * Making sure sshd is running. * Tidying up GitLab CI file and installing SSHD. * Installing SSHD as a separate step. * SSHD already installed, starting it instead. * Don't create systemd timers in containers. * Preparing a test GitLab build. * Making builds nightly and fixing GitLab role bug. * Ensuring is_local var exists and making lock behaviour optional. * Fixing location and owner of Blackfire config so it is configurable. * Documentation update. * Removing all is defined checks for is_local since it is now always defined. * Letting GitLab know it's on Docker earlier. * Trying to run runsvdir-start to avoid container freezing. * Temporarily skipping reconfigure of GitLab to test the rest. * Trying to move GitLab reconfigure commands to CI. * Fixing service namespace for runner and reinstating GitLab tasks. * Trying to get config script working for GitLab in CI. * No systemd, do not try to restart gitlab-runner. * Removing firewall role from CI GitLab test, don't need it and it breaks CI. * Outputting PostGreSQL logs to see if there are errors. * Outputting PostGreSQL logs to see if there are errors. * Trying the config script for GitLab again. * Suppressing extra GitLab config for CI runs. * Setting Blackfire CLI defaults to use ce-dev user. * Update .wikis2pages.yml * Nightly builds (#2153) * Create ce-provision-test-nightly.yml * Remove nightly check from GitLab test. * Remove nightly check from web server test. * Removing branch references. * Updating installer config branch to 2.x * Removing config branch, default is fine now * Updating-wazuh-template (#2154) * Updating le template (#2156) * Updating-le-template * Updating-le-template * Reworking-nodejs-for-older-versions (#2157) * Reworking nodejs for older versions pr 2.x (#2159) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Reworking nodejs for older versions pr 2.x (#2160) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Reworking nodejs for older versions pr 2.x (#2161) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Separating-node-tasks-for-older-node * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Publish docs pr 2.x (#2164) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Adding more debug to try to find where 1.x is coming from. * Moving the hugo script check. * More debug. * Moving the config.toml debug line. * Checking the entire disk for 2.x. * Trying a find instead of a grep. * Trying to update ce-provision and ce-deploy. * Getting more debug info. * Adding --verbose to Ansible. * Trying running Hugo directly. * Changed the Hugo start script. * Trying just running 'hugo' in the right directory. * Adding ce-deploy back in with option to not run Hugo. * Updating docs to make _Sidebar.md lose the starting slash. --------- Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com> Co-authored-by: Matej Å tajduhar <30931414+matej5@users.noreply.github.com> Co-authored-by: Matej Stajduhar Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com> Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> Co-authored-by: Klaus Purer Co-authored-by: Filip Rupic <123341158+filiprupic@users.noreply.github.com> Co-authored-by: filip --- .../workflows/ce-provision-publish-docs.yml | 15 +- docs/_Sidebar.md | 196 +++++++++--------- docs/roles/aws/aws_ec2_autoscale_cluster.md | 2 +- docs/roles/debian/nodejs.md | 2 +- roles/aws/aws_ec2_autoscale_cluster/README.md | 2 +- roles/debian/nodejs/README.md | 2 +- 6 files changed, 115 insertions(+), 104 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index e3ef2ca95..edee7af4d 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -3,13 +3,15 @@ name: Publish docs # Run this workflow on demand and every time a new commit pushed to your repository on: pull_request: +# branches: +# - 1.x +# - 2.x workflow_dispatch: jobs: # Set the job key. The key is displayed as the job name # when a job name is not provided public-docs: - if: ${{ github.event.pull_request.head.ref != 'documentation' }} # Name the Job name: Publish the ce-provision docs to GitHub # Set the type of machine to run on @@ -25,6 +27,11 @@ jobs: - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" + - name: Update local applications + run: | + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-provision && /usr/bin/git pull origin 2.x" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/ce-deploy && /usr/bin/git pull origin 1.x" + - name: Set up Ansible hosts file run: | mkdir -p /home/ce-dev/ansible/bin/hosts @@ -47,7 +54,11 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + + - name: Run Hugo + run: | + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo" ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ - name: Publish documentation diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 3522de3bc..8e8a2e4bf 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -3,101 +3,101 @@ - [Install](/install) - [Usage](/scripts) - [Roles](roles) - - [AWS Infrastructure](/roles/aws) - - [AWS ACL](/roles/aws/aws_acl) - - [AWS Certificate Manager](/roles/aws/aws_acm) - - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup) - - [AWS AMI](/roles/aws/aws_ami) - - [AWS Backup](/roles/aws/aws_backup) - - [AWS Backup Validation](/roles/aws/aws_backup_validation) - - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution) - - [Cloudwatch log group](/roles/aws/aws_cloudwatch_log_group) - - [Amazon credentials](/roles/aws/aws_credentials) - - [Autoscale cluster](/roles/aws/aws_ec2_autoscale_cluster) - - [EC2 CloudWatch Metric Alarm](/roles/aws/aws_ec2_metric_alarm) - - [EC2 instance with EIP](/roles/aws/aws_ec2_with_eip) - - [AWS EFS](/roles/aws/aws_efs) - - [AWS ElastiCache](/roles/aws/aws_elasticache) - - [AWS IAM EC2](/roles/aws/aws_iam_role) - - [AWS IAM SAML](/roles/aws/aws_iam_saml) - - [AWS Network Info](/roles/aws/_aws_network_info) - - [AWS OpenSearch](/roles/aws/aws_opensearch) - - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair) - - [AWS RDS](/roles/aws/aws_rds) - - [AWS Resource Group.](/roles/aws/aws_resource_group) - - [AWS S3 Bucket](/roles/aws/aws_s3_bucket) - - [AWS Security Groups](/roles/aws/aws_security_groups) - - [AWS SG/firewall role](/roles/aws/aws_sg_iptables) - - [AWS SNS](/roles/aws/aws_sns) - - [VPC](/roles/aws/aws_vpc) - - [Update main route for a given VPC](/roles/aws/aws_vpc_route) - - [VPC](/roles/aws/aws_vpc_subnet) - - [Contributed roles](/roles/contrib) - - [Debian Packages](/roles/debian) - - [Ansible Galaxy](/roles/debian/ansible_galaxy) - - [Ansible](/roles/debian/ansible) - - [APACHE](/roles/debian/apache) - - [Apparmor](/roles/debian/apparmor) - - [Extra packages](/roles/debian/apt_extra_packages) - - [APT Repository](/roles/debian/apt_repository) - - [APT Unattended Upgrades](/roles/debian/apt_unattended_upgrades) - - [AWS CLI](/roles/debian/aws_cli) - - [AWS Cloudwatch agent](/roles/debian/aws_cloudwatch_agent) - - [EFS client](/roles/debian/aws_efs_client) - - [AWS SSM agent](/roles/debian/aws_ssm_agent) - - [ce-deploy](/roles/debian/ce_deploy) - - [Extra packages](/roles/debian/ce_dev) - - [Automated patching](/roles/debian/ce_patcher) - - [ce-provision](/roles/debian/ce_provision) - - [ClamAV](/roles/debian/clamav) - - [Docker CE](/roles/debian/docker_ce) - - [Docker Registry](/roles/debian/docker_registry) - - [Duplicity](/roles/debian/duplicity) - - [Firewall Config](/roles/debian/firewall_config) - - [Frontail](/roles/debian/frontail) - - [Gitlab](/roles/debian/gitlab) - - [Gitlab Runner](/roles/debian/gitlab_runner) - - [GPG Key](/roles/debian/gpg_key) - - [HA Proxy](/roles/debian/haproxy) - - [Managed /etc/hosts](/roles/debian/hosts) - - [Jenkins](/roles/debian/jenkins) - - [Jitsi](/roles/debian/jitsi) - - [LDAP Server](/roles/debian/ldap_server) - - [LHCI](/roles/debian/lhci) - - [Mailpit](/roles/debian/mailpit) - - [Mount sync](/roles/debian/mount_sync) - - [MariaDB Client](/roles/debian/mysql_client) - - [MySQL Server - Oracle Community Edition](/roles/debian/mysql_server_oracle_ce) - - [NGINX](/roles/debian/nginx) - - [NodeJS](/roles/debian/nodejs) - - [OpenVPN](/roles/debian/openvpn) - - [Packer](/roles/debian/packer) - - [PAM LinOTP](/roles/debian/pam_linotp) - - [PHP terminal client](/roles/debian/php-cli) - - [PHP common components](/roles/debian/php-common) - - [PHP Composer](/roles/debian/php_composer) - - [PHP-FPM](/roles/debian/php-fpm) - - [phpMyAdmin](/roles/debian/phpmyadmin) - - [PHP XDebug](/roles/debian/php_xdebug) - - [Postfix](/roles/debian/postfix) - - [Process Manager](/roles/debian/process_manager) - - [Python Boto](/roles/debian/python_boto) - - [Python Common](/roles/debian/python_common) - - [Python Pip Packages](/roles/debian/python_pip_packages) - - [rkhunter](/roles/debian/rkhunter) - - [Rsyslog](/roles/debian/rsyslog) - - [solr](/roles/debian/solr) - - [SSHD](/roles/debian/ssh_server) - - [SSL](/roles/debian/ssl) - - [sudo config](/roles/debian/sudo_config) - - [Swap](/roles/debian/swap) - - [System](/roles/debian/system) - - [User Ansible](/roles/debian/user_ansible) - - [varnish_config](/roles/debian/varnish_config) - - [wazuh](/roles/debian/wazuh) - - [Init role](/roles/_init) - - ["Meta" roles that group individual roles together.](/roles/_meta) - - [AWS account](/roles/_meta/aws_account) - - [AWS client](/roles/_meta/aws_client_instance) - - [AWS region](/roles/_meta/aws_region) - - [\_overrides.](/roles/_overrides) + - [AWS Infrastructure](roles/aws) + - [AWS ACL](roles/aws/aws_acl) + - [AWS Certificate Manager](roles/aws/aws_acm) + - [AWS AMI ASG Cleanup](roles/aws/aws_ami_asg_cleanup) + - [AWS AMI](roles/aws/aws_ami) + - [AWS Backup](roles/aws/aws_backup) + - [AWS Backup Validation](roles/aws/aws_backup_validation) + - [AWS CloudFront distribution](roles/aws/aws_cloudfront_distribution) + - [Cloudwatch log group](roles/aws/aws_cloudwatch_log_group) + - [Amazon credentials](roles/aws/aws_credentials) + - [Autoscale cluster](roles/aws/aws_ec2_autoscale_cluster) + - [EC2 CloudWatch Metric Alarm](roles/aws/aws_ec2_metric_alarm) + - [EC2 instance with EIP](roles/aws/aws_ec2_with_eip) + - [AWS EFS](roles/aws/aws_efs) + - [AWS ElastiCache](roles/aws/aws_elasticache) + - [AWS IAM EC2](roles/aws/aws_iam_role) + - [AWS IAM SAML](roles/aws/aws_iam_saml) + - [AWS Network Info](roles/aws/_aws_network_info) + - [AWS OpenSearch](roles/aws/aws_opensearch) + - [AWS key pair.](roles/aws/aws_provision_ec2_keypair) + - [AWS RDS](roles/aws/aws_rds) + - [AWS Resource Group.](roles/aws/aws_resource_group) + - [AWS S3 Bucket](roles/aws/aws_s3_bucket) + - [AWS Security Groups](roles/aws/aws_security_groups) + - [AWS SG/firewall role](roles/aws/aws_sg_iptables) + - [AWS SNS](roles/aws/aws_sns) + - [VPC](roles/aws/aws_vpc) + - [Update main route for a given VPC](roles/aws/aws_vpc_route) + - [VPC](roles/aws/aws_vpc_subnet) + - [Contributed roles](roles/contrib) + - [Debian Packages](roles/debian) + - [Ansible Galaxy](roles/debian/ansible_galaxy) + - [Ansible](roles/debian/ansible) + - [APACHE](roles/debian/apache) + - [Apparmor](roles/debian/apparmor) + - [Extra packages](roles/debian/apt_extra_packages) + - [APT Repository](roles/debian/apt_repository) + - [APT Unattended Upgrades](roles/debian/apt_unattended_upgrades) + - [AWS CLI](roles/debian/aws_cli) + - [AWS Cloudwatch agent](roles/debian/aws_cloudwatch_agent) + - [EFS client](roles/debian/aws_efs_client) + - [AWS SSM agent](roles/debian/aws_ssm_agent) + - [ce-deploy](roles/debian/ce_deploy) + - [Extra packages](roles/debian/ce_dev) + - [Automated patching](roles/debian/ce_patcher) + - [ce-provision](roles/debian/ce_provision) + - [ClamAV](roles/debian/clamav) + - [Docker CE](roles/debian/docker_ce) + - [Docker Registry](roles/debian/docker_registry) + - [Duplicity](roles/debian/duplicity) + - [Firewall Config](roles/debian/firewall_config) + - [Frontail](roles/debian/frontail) + - [Gitlab](roles/debian/gitlab) + - [Gitlab Runner](roles/debian/gitlab_runner) + - [GPG Key](roles/debian/gpg_key) + - [HA Proxy](roles/debian/haproxy) + - [Managed /etc/hosts](roles/debian/hosts) + - [Jenkins](roles/debian/jenkins) + - [Jitsi](roles/debian/jitsi) + - [LDAP Server](roles/debian/ldap_server) + - [LHCI](roles/debian/lhci) + - [Mailpit](roles/debian/mailpit) + - [Mount sync](roles/debian/mount_sync) + - [MariaDB Client](roles/debian/mysql_client) + - [MySQL Server - Oracle Community Edition](roles/debian/mysql_server_oracle_ce) + - [NGINX](roles/debian/nginx) + - [NodeJS](roles/debian/nodejs) + - [OpenVPN](roles/debian/openvpn) + - [Packer](roles/debian/packer) + - [PAM LinOTP](roles/debian/pam_linotp) + - [PHP terminal client](roles/debian/php-cli) + - [PHP common components](roles/debian/php-common) + - [PHP Composer](roles/debian/php_composer) + - [PHP-FPM](roles/debian/php-fpm) + - [phpMyAdmin](roles/debian/phpmyadmin) + - [PHP XDebug](roles/debian/php_xdebug) + - [Postfix](roles/debian/postfix) + - [Process Manager](roles/debian/process_manager) + - [Python Boto](roles/debian/python_boto) + - [Python Common](roles/debian/python_common) + - [Python Pip Packages](roles/debian/python_pip_packages) + - [rkhunter](roles/debian/rkhunter) + - [Rsyslog](roles/debian/rsyslog) + - [solr](roles/debian/solr) + - [SSHD](roles/debian/ssh_server) + - [SSL](roles/debian/ssl) + - [sudo config](roles/debian/sudo_config) + - [Swap](roles/debian/swap) + - [System](roles/debian/system) + - [User Ansible](roles/debian/user_ansible) + - [varnish_config](roles/debian/varnish_config) + - [wazuh](roles/debian/wazuh) + - [Init role](roles/_init) + - ["Meta" roles that group individual roles together.](roles/_meta) + - [AWS account](roles/_meta/aws_account) + - [AWS client](roles/_meta/aws_client_instance) + - [AWS region](roles/_meta/aws_region) + - [\_overrides.](roles/_overrides) diff --git a/docs/roles/aws/aws_ec2_autoscale_cluster.md b/docs/roles/aws/aws_ec2_autoscale_cluster.md index a9b957ac3..1a030e1e5 100644 --- a/docs/roles/aws/aws_ec2_autoscale_cluster.md +++ b/docs/roles/aws/aws_ec2_autoscale_cluster.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. diff --git a/docs/roles/debian/nodejs.md b/docs/roles/debian/nodejs.md index c121efb58..0e4624ee1 100644 --- a/docs/roles/debian/nodejs.md +++ b/docs/roles/debian/nodejs.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg diff --git a/roles/aws/aws_ec2_autoscale_cluster/README.md b/roles/aws/aws_ec2_autoscale_cluster/README.md index a9b957ac3..1a030e1e5 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/README.md +++ b/roles/aws/aws_ec2_autoscale_cluster/README.md @@ -4,7 +4,7 @@ Supports either AWS EC2 Autoscaling Groups (ASGs) or AWS ECS clusters. Note, thi * https://github.com/codeenigma/ce-deploy/tree/1.x/roles/deploy_code (EC2) Note also that the `deploy_code` role needs to be used in tandem with this `ce-provision` role, which ensures there is a `cloud-init` script in place to install the code in the event of an instance replacement: -* https://github.com/codeenigma/ce-provision/tree/1.x/roles/mount_sync +* https://github.com/codeenigma/ce-provision/tree/2.x/roles/debian/mount_sync ## Networking Regardless of the scenario, ECS or EC2, if you decide to use a private subnet instead of giving your instances or containers public IP addresses, you will need at least one NAT gateway (more than one for resilience). When you are creating NAT gateways they must be in a *public* subnet and your routing tables in the private subnets should use the NAT gateway as the default route. Do not put the NAT gateways on the private subnets, it cannot possibly work and your containers or instances will not have internet access. diff --git a/roles/debian/nodejs/README.md b/roles/debian/nodejs/README.md index c121efb58..0e4624ee1 100644 --- a/roles/debian/nodejs/README.md +++ b/roles/debian/nodejs/README.md @@ -8,7 +8,7 @@ Installs NodeJS from official repos. --- nodejs: # Used by apt_unattended_upgrades - apt_origin_nodejs: "origin=. nodistro,codename=nodistro,label=. nodistro" # nodejs repo + apt_origin_nodejs: "origin=Node Source,codename=nodistro,label=Node Source" # nodejs repo apt_signed_by_nodejs: https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key apt_origin_yarn: "origin=yarn,codename=stable,label=yarn-stable" # yarn repo apt_signed_by_yarn: https://dl.yarnpkg.com/debian/pubkey.gpg From eacd10b33f5726b487b81b8cd032add57edfd21b Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 13:08:50 +0100 Subject: [PATCH 51/61] Changing sidebar paths didn't fix Hugo. --- contribute/toc.sh | 2 +- docs/_Sidebar.md | 196 +++++++++++++++++++++++----------------------- 2 files changed, 99 insertions(+), 99 deletions(-) diff --git a/contribute/toc.sh b/contribute/toc.sh index face006c9..8c108c60f 100755 --- a/contribute/toc.sh +++ b/contribute/toc.sh @@ -137,4 +137,4 @@ generate_roles_toc cp_single_page install cp_single_page contribute -cp_single_page scripts \ No newline at end of file +cp_single_page scripts diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 8e8a2e4bf..3522de3bc 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -3,101 +3,101 @@ - [Install](/install) - [Usage](/scripts) - [Roles](roles) - - [AWS Infrastructure](roles/aws) - - [AWS ACL](roles/aws/aws_acl) - - [AWS Certificate Manager](roles/aws/aws_acm) - - [AWS AMI ASG Cleanup](roles/aws/aws_ami_asg_cleanup) - - [AWS AMI](roles/aws/aws_ami) - - [AWS Backup](roles/aws/aws_backup) - - [AWS Backup Validation](roles/aws/aws_backup_validation) - - [AWS CloudFront distribution](roles/aws/aws_cloudfront_distribution) - - [Cloudwatch log group](roles/aws/aws_cloudwatch_log_group) - - [Amazon credentials](roles/aws/aws_credentials) - - [Autoscale cluster](roles/aws/aws_ec2_autoscale_cluster) - - [EC2 CloudWatch Metric Alarm](roles/aws/aws_ec2_metric_alarm) - - [EC2 instance with EIP](roles/aws/aws_ec2_with_eip) - - [AWS EFS](roles/aws/aws_efs) - - [AWS ElastiCache](roles/aws/aws_elasticache) - - [AWS IAM EC2](roles/aws/aws_iam_role) - - [AWS IAM SAML](roles/aws/aws_iam_saml) - - [AWS Network Info](roles/aws/_aws_network_info) - - [AWS OpenSearch](roles/aws/aws_opensearch) - - [AWS key pair.](roles/aws/aws_provision_ec2_keypair) - - [AWS RDS](roles/aws/aws_rds) - - [AWS Resource Group.](roles/aws/aws_resource_group) - - [AWS S3 Bucket](roles/aws/aws_s3_bucket) - - [AWS Security Groups](roles/aws/aws_security_groups) - - [AWS SG/firewall role](roles/aws/aws_sg_iptables) - - [AWS SNS](roles/aws/aws_sns) - - [VPC](roles/aws/aws_vpc) - - [Update main route for a given VPC](roles/aws/aws_vpc_route) - - [VPC](roles/aws/aws_vpc_subnet) - - [Contributed roles](roles/contrib) - - [Debian Packages](roles/debian) - - [Ansible Galaxy](roles/debian/ansible_galaxy) - - [Ansible](roles/debian/ansible) - - [APACHE](roles/debian/apache) - - [Apparmor](roles/debian/apparmor) - - [Extra packages](roles/debian/apt_extra_packages) - - [APT Repository](roles/debian/apt_repository) - - [APT Unattended Upgrades](roles/debian/apt_unattended_upgrades) - - [AWS CLI](roles/debian/aws_cli) - - [AWS Cloudwatch agent](roles/debian/aws_cloudwatch_agent) - - [EFS client](roles/debian/aws_efs_client) - - [AWS SSM agent](roles/debian/aws_ssm_agent) - - [ce-deploy](roles/debian/ce_deploy) - - [Extra packages](roles/debian/ce_dev) - - [Automated patching](roles/debian/ce_patcher) - - [ce-provision](roles/debian/ce_provision) - - [ClamAV](roles/debian/clamav) - - [Docker CE](roles/debian/docker_ce) - - [Docker Registry](roles/debian/docker_registry) - - [Duplicity](roles/debian/duplicity) - - [Firewall Config](roles/debian/firewall_config) - - [Frontail](roles/debian/frontail) - - [Gitlab](roles/debian/gitlab) - - [Gitlab Runner](roles/debian/gitlab_runner) - - [GPG Key](roles/debian/gpg_key) - - [HA Proxy](roles/debian/haproxy) - - [Managed /etc/hosts](roles/debian/hosts) - - [Jenkins](roles/debian/jenkins) - - [Jitsi](roles/debian/jitsi) - - [LDAP Server](roles/debian/ldap_server) - - [LHCI](roles/debian/lhci) - - [Mailpit](roles/debian/mailpit) - - [Mount sync](roles/debian/mount_sync) - - [MariaDB Client](roles/debian/mysql_client) - - [MySQL Server - Oracle Community Edition](roles/debian/mysql_server_oracle_ce) - - [NGINX](roles/debian/nginx) - - [NodeJS](roles/debian/nodejs) - - [OpenVPN](roles/debian/openvpn) - - [Packer](roles/debian/packer) - - [PAM LinOTP](roles/debian/pam_linotp) - - [PHP terminal client](roles/debian/php-cli) - - [PHP common components](roles/debian/php-common) - - [PHP Composer](roles/debian/php_composer) - - [PHP-FPM](roles/debian/php-fpm) - - [phpMyAdmin](roles/debian/phpmyadmin) - - [PHP XDebug](roles/debian/php_xdebug) - - [Postfix](roles/debian/postfix) - - [Process Manager](roles/debian/process_manager) - - [Python Boto](roles/debian/python_boto) - - [Python Common](roles/debian/python_common) - - [Python Pip Packages](roles/debian/python_pip_packages) - - [rkhunter](roles/debian/rkhunter) - - [Rsyslog](roles/debian/rsyslog) - - [solr](roles/debian/solr) - - [SSHD](roles/debian/ssh_server) - - [SSL](roles/debian/ssl) - - [sudo config](roles/debian/sudo_config) - - [Swap](roles/debian/swap) - - [System](roles/debian/system) - - [User Ansible](roles/debian/user_ansible) - - [varnish_config](roles/debian/varnish_config) - - [wazuh](roles/debian/wazuh) - - [Init role](roles/_init) - - ["Meta" roles that group individual roles together.](roles/_meta) - - [AWS account](roles/_meta/aws_account) - - [AWS client](roles/_meta/aws_client_instance) - - [AWS region](roles/_meta/aws_region) - - [\_overrides.](roles/_overrides) + - [AWS Infrastructure](/roles/aws) + - [AWS ACL](/roles/aws/aws_acl) + - [AWS Certificate Manager](/roles/aws/aws_acm) + - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup) + - [AWS AMI](/roles/aws/aws_ami) + - [AWS Backup](/roles/aws/aws_backup) + - [AWS Backup Validation](/roles/aws/aws_backup_validation) + - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution) + - [Cloudwatch log group](/roles/aws/aws_cloudwatch_log_group) + - [Amazon credentials](/roles/aws/aws_credentials) + - [Autoscale cluster](/roles/aws/aws_ec2_autoscale_cluster) + - [EC2 CloudWatch Metric Alarm](/roles/aws/aws_ec2_metric_alarm) + - [EC2 instance with EIP](/roles/aws/aws_ec2_with_eip) + - [AWS EFS](/roles/aws/aws_efs) + - [AWS ElastiCache](/roles/aws/aws_elasticache) + - [AWS IAM EC2](/roles/aws/aws_iam_role) + - [AWS IAM SAML](/roles/aws/aws_iam_saml) + - [AWS Network Info](/roles/aws/_aws_network_info) + - [AWS OpenSearch](/roles/aws/aws_opensearch) + - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair) + - [AWS RDS](/roles/aws/aws_rds) + - [AWS Resource Group.](/roles/aws/aws_resource_group) + - [AWS S3 Bucket](/roles/aws/aws_s3_bucket) + - [AWS Security Groups](/roles/aws/aws_security_groups) + - [AWS SG/firewall role](/roles/aws/aws_sg_iptables) + - [AWS SNS](/roles/aws/aws_sns) + - [VPC](/roles/aws/aws_vpc) + - [Update main route for a given VPC](/roles/aws/aws_vpc_route) + - [VPC](/roles/aws/aws_vpc_subnet) + - [Contributed roles](/roles/contrib) + - [Debian Packages](/roles/debian) + - [Ansible Galaxy](/roles/debian/ansible_galaxy) + - [Ansible](/roles/debian/ansible) + - [APACHE](/roles/debian/apache) + - [Apparmor](/roles/debian/apparmor) + - [Extra packages](/roles/debian/apt_extra_packages) + - [APT Repository](/roles/debian/apt_repository) + - [APT Unattended Upgrades](/roles/debian/apt_unattended_upgrades) + - [AWS CLI](/roles/debian/aws_cli) + - [AWS Cloudwatch agent](/roles/debian/aws_cloudwatch_agent) + - [EFS client](/roles/debian/aws_efs_client) + - [AWS SSM agent](/roles/debian/aws_ssm_agent) + - [ce-deploy](/roles/debian/ce_deploy) + - [Extra packages](/roles/debian/ce_dev) + - [Automated patching](/roles/debian/ce_patcher) + - [ce-provision](/roles/debian/ce_provision) + - [ClamAV](/roles/debian/clamav) + - [Docker CE](/roles/debian/docker_ce) + - [Docker Registry](/roles/debian/docker_registry) + - [Duplicity](/roles/debian/duplicity) + - [Firewall Config](/roles/debian/firewall_config) + - [Frontail](/roles/debian/frontail) + - [Gitlab](/roles/debian/gitlab) + - [Gitlab Runner](/roles/debian/gitlab_runner) + - [GPG Key](/roles/debian/gpg_key) + - [HA Proxy](/roles/debian/haproxy) + - [Managed /etc/hosts](/roles/debian/hosts) + - [Jenkins](/roles/debian/jenkins) + - [Jitsi](/roles/debian/jitsi) + - [LDAP Server](/roles/debian/ldap_server) + - [LHCI](/roles/debian/lhci) + - [Mailpit](/roles/debian/mailpit) + - [Mount sync](/roles/debian/mount_sync) + - [MariaDB Client](/roles/debian/mysql_client) + - [MySQL Server - Oracle Community Edition](/roles/debian/mysql_server_oracle_ce) + - [NGINX](/roles/debian/nginx) + - [NodeJS](/roles/debian/nodejs) + - [OpenVPN](/roles/debian/openvpn) + - [Packer](/roles/debian/packer) + - [PAM LinOTP](/roles/debian/pam_linotp) + - [PHP terminal client](/roles/debian/php-cli) + - [PHP common components](/roles/debian/php-common) + - [PHP Composer](/roles/debian/php_composer) + - [PHP-FPM](/roles/debian/php-fpm) + - [phpMyAdmin](/roles/debian/phpmyadmin) + - [PHP XDebug](/roles/debian/php_xdebug) + - [Postfix](/roles/debian/postfix) + - [Process Manager](/roles/debian/process_manager) + - [Python Boto](/roles/debian/python_boto) + - [Python Common](/roles/debian/python_common) + - [Python Pip Packages](/roles/debian/python_pip_packages) + - [rkhunter](/roles/debian/rkhunter) + - [Rsyslog](/roles/debian/rsyslog) + - [solr](/roles/debian/solr) + - [SSHD](/roles/debian/ssh_server) + - [SSL](/roles/debian/ssl) + - [sudo config](/roles/debian/sudo_config) + - [Swap](/roles/debian/swap) + - [System](/roles/debian/system) + - [User Ansible](/roles/debian/user_ansible) + - [varnish_config](/roles/debian/varnish_config) + - [wazuh](/roles/debian/wazuh) + - [Init role](/roles/_init) + - ["Meta" roles that group individual roles together.](/roles/_meta) + - [AWS account](/roles/_meta/aws_account) + - [AWS client](/roles/_meta/aws_client_instance) + - [AWS region](/roles/_meta/aws_region) + - [\_overrides.](/roles/_overrides) From e0537aa85e12a11bbe9f78008ef4905d845c18f9 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 13:59:48 +0100 Subject: [PATCH 52/61] Re-removing opening slash to fix Hugo. --- contribute/toc.sh | 2 +- docs/_Sidebar.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contribute/toc.sh b/contribute/toc.sh index 8c108c60f..8dc9a1c8f 100755 --- a/contribute/toc.sh +++ b/contribute/toc.sh @@ -114,7 +114,7 @@ parse_roles_toc(){ "# "*) if [ "$WRITE" = "true" ]; then TITLE=$(echo "$LINE" | cut -c 3-) - echo "$INDENT"" - [$TITLE](/$RELATIVE)" >> "$TMP_SIDEBAR" + echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR" WRITE="false" fi ;; diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 8e8a2e4bf..db7194657 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -1,7 +1,7 @@   -- [Home](/) - - [Install](/install) - - [Usage](/scripts) +- [Home]() + - [Install](install) + - [Usage](scripts) - [Roles](roles) - [AWS Infrastructure](roles/aws) - [AWS ACL](roles/aws/aws_acl) From 1a0c962e116a2b7209bb3831a00f729349eda72b Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 14:03:50 +0100 Subject: [PATCH 53/61] Fixing Sidebar merge issues. --- docs/_Sidebar.md | 196 +++++++++++++++++++++++------------------------ 1 file changed, 98 insertions(+), 98 deletions(-) diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index f6637bbc3..db7194657 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -3,101 +3,101 @@ - [Install](install) - [Usage](scripts) - [Roles](roles) - - [AWS Infrastructure](/roles/aws) - - [AWS ACL](/roles/aws/aws_acl) - - [AWS Certificate Manager](/roles/aws/aws_acm) - - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup) - - [AWS AMI](/roles/aws/aws_ami) - - [AWS Backup](/roles/aws/aws_backup) - - [AWS Backup Validation](/roles/aws/aws_backup_validation) - - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution) - - [Cloudwatch log group](/roles/aws/aws_cloudwatch_log_group) - - [Amazon credentials](/roles/aws/aws_credentials) - - [Autoscale cluster](/roles/aws/aws_ec2_autoscale_cluster) - - [EC2 CloudWatch Metric Alarm](/roles/aws/aws_ec2_metric_alarm) - - [EC2 instance with EIP](/roles/aws/aws_ec2_with_eip) - - [AWS EFS](/roles/aws/aws_efs) - - [AWS ElastiCache](/roles/aws/aws_elasticache) - - [AWS IAM EC2](/roles/aws/aws_iam_role) - - [AWS IAM SAML](/roles/aws/aws_iam_saml) - - [AWS Network Info](/roles/aws/_aws_network_info) - - [AWS OpenSearch](/roles/aws/aws_opensearch) - - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair) - - [AWS RDS](/roles/aws/aws_rds) - - [AWS Resource Group.](/roles/aws/aws_resource_group) - - [AWS S3 Bucket](/roles/aws/aws_s3_bucket) - - [AWS Security Groups](/roles/aws/aws_security_groups) - - [AWS SG/firewall role](/roles/aws/aws_sg_iptables) - - [AWS SNS](/roles/aws/aws_sns) - - [VPC](/roles/aws/aws_vpc) - - [Update main route for a given VPC](/roles/aws/aws_vpc_route) - - [VPC](/roles/aws/aws_vpc_subnet) - - [Contributed roles](/roles/contrib) - - [Debian Packages](/roles/debian) - - [Ansible Galaxy](/roles/debian/ansible_galaxy) - - [Ansible](/roles/debian/ansible) - - [APACHE](/roles/debian/apache) - - [Apparmor](/roles/debian/apparmor) - - [Extra packages](/roles/debian/apt_extra_packages) - - [APT Repository](/roles/debian/apt_repository) - - [APT Unattended Upgrades](/roles/debian/apt_unattended_upgrades) - - [AWS CLI](/roles/debian/aws_cli) - - [AWS Cloudwatch agent](/roles/debian/aws_cloudwatch_agent) - - [EFS client](/roles/debian/aws_efs_client) - - [AWS SSM agent](/roles/debian/aws_ssm_agent) - - [ce-deploy](/roles/debian/ce_deploy) - - [Extra packages](/roles/debian/ce_dev) - - [Automated patching](/roles/debian/ce_patcher) - - [ce-provision](/roles/debian/ce_provision) - - [ClamAV](/roles/debian/clamav) - - [Docker CE](/roles/debian/docker_ce) - - [Docker Registry](/roles/debian/docker_registry) - - [Duplicity](/roles/debian/duplicity) - - [Firewall Config](/roles/debian/firewall_config) - - [Frontail](/roles/debian/frontail) - - [Gitlab](/roles/debian/gitlab) - - [Gitlab Runner](/roles/debian/gitlab_runner) - - [GPG Key](/roles/debian/gpg_key) - - [HA Proxy](/roles/debian/haproxy) - - [Managed /etc/hosts](/roles/debian/hosts) - - [Jenkins](/roles/debian/jenkins) - - [Jitsi](/roles/debian/jitsi) - - [LDAP Server](/roles/debian/ldap_server) - - [LHCI](/roles/debian/lhci) - - [Mailpit](/roles/debian/mailpit) - - [Mount sync](/roles/debian/mount_sync) - - [MariaDB Client](/roles/debian/mysql_client) - - [MySQL Server - Oracle Community Edition](/roles/debian/mysql_server_oracle_ce) - - [NGINX](/roles/debian/nginx) - - [NodeJS](/roles/debian/nodejs) - - [OpenVPN](/roles/debian/openvpn) - - [Packer](/roles/debian/packer) - - [PAM LinOTP](/roles/debian/pam_linotp) - - [PHP terminal client](/roles/debian/php-cli) - - [PHP common components](/roles/debian/php-common) - - [PHP Composer](/roles/debian/php_composer) - - [PHP-FPM](/roles/debian/php-fpm) - - [phpMyAdmin](/roles/debian/phpmyadmin) - - [PHP XDebug](/roles/debian/php_xdebug) - - [Postfix](/roles/debian/postfix) - - [Process Manager](/roles/debian/process_manager) - - [Python Boto](/roles/debian/python_boto) - - [Python Common](/roles/debian/python_common) - - [Python Pip Packages](/roles/debian/python_pip_packages) - - [rkhunter](/roles/debian/rkhunter) - - [Rsyslog](/roles/debian/rsyslog) - - [solr](/roles/debian/solr) - - [SSHD](/roles/debian/ssh_server) - - [SSL](/roles/debian/ssl) - - [sudo config](/roles/debian/sudo_config) - - [Swap](/roles/debian/swap) - - [System](/roles/debian/system) - - [User Ansible](/roles/debian/user_ansible) - - [varnish_config](/roles/debian/varnish_config) - - [wazuh](/roles/debian/wazuh) - - [Init role](/roles/_init) - - ["Meta" roles that group individual roles together.](/roles/_meta) - - [AWS account](/roles/_meta/aws_account) - - [AWS client](/roles/_meta/aws_client_instance) - - [AWS region](/roles/_meta/aws_region) - - [\_overrides.](/roles/_overrides) + - [AWS Infrastructure](roles/aws) + - [AWS ACL](roles/aws/aws_acl) + - [AWS Certificate Manager](roles/aws/aws_acm) + - [AWS AMI ASG Cleanup](roles/aws/aws_ami_asg_cleanup) + - [AWS AMI](roles/aws/aws_ami) + - [AWS Backup](roles/aws/aws_backup) + - [AWS Backup Validation](roles/aws/aws_backup_validation) + - [AWS CloudFront distribution](roles/aws/aws_cloudfront_distribution) + - [Cloudwatch log group](roles/aws/aws_cloudwatch_log_group) + - [Amazon credentials](roles/aws/aws_credentials) + - [Autoscale cluster](roles/aws/aws_ec2_autoscale_cluster) + - [EC2 CloudWatch Metric Alarm](roles/aws/aws_ec2_metric_alarm) + - [EC2 instance with EIP](roles/aws/aws_ec2_with_eip) + - [AWS EFS](roles/aws/aws_efs) + - [AWS ElastiCache](roles/aws/aws_elasticache) + - [AWS IAM EC2](roles/aws/aws_iam_role) + - [AWS IAM SAML](roles/aws/aws_iam_saml) + - [AWS Network Info](roles/aws/_aws_network_info) + - [AWS OpenSearch](roles/aws/aws_opensearch) + - [AWS key pair.](roles/aws/aws_provision_ec2_keypair) + - [AWS RDS](roles/aws/aws_rds) + - [AWS Resource Group.](roles/aws/aws_resource_group) + - [AWS S3 Bucket](roles/aws/aws_s3_bucket) + - [AWS Security Groups](roles/aws/aws_security_groups) + - [AWS SG/firewall role](roles/aws/aws_sg_iptables) + - [AWS SNS](roles/aws/aws_sns) + - [VPC](roles/aws/aws_vpc) + - [Update main route for a given VPC](roles/aws/aws_vpc_route) + - [VPC](roles/aws/aws_vpc_subnet) + - [Contributed roles](roles/contrib) + - [Debian Packages](roles/debian) + - [Ansible Galaxy](roles/debian/ansible_galaxy) + - [Ansible](roles/debian/ansible) + - [APACHE](roles/debian/apache) + - [Apparmor](roles/debian/apparmor) + - [Extra packages](roles/debian/apt_extra_packages) + - [APT Repository](roles/debian/apt_repository) + - [APT Unattended Upgrades](roles/debian/apt_unattended_upgrades) + - [AWS CLI](roles/debian/aws_cli) + - [AWS Cloudwatch agent](roles/debian/aws_cloudwatch_agent) + - [EFS client](roles/debian/aws_efs_client) + - [AWS SSM agent](roles/debian/aws_ssm_agent) + - [ce-deploy](roles/debian/ce_deploy) + - [Extra packages](roles/debian/ce_dev) + - [Automated patching](roles/debian/ce_patcher) + - [ce-provision](roles/debian/ce_provision) + - [ClamAV](roles/debian/clamav) + - [Docker CE](roles/debian/docker_ce) + - [Docker Registry](roles/debian/docker_registry) + - [Duplicity](roles/debian/duplicity) + - [Firewall Config](roles/debian/firewall_config) + - [Frontail](roles/debian/frontail) + - [Gitlab](roles/debian/gitlab) + - [Gitlab Runner](roles/debian/gitlab_runner) + - [GPG Key](roles/debian/gpg_key) + - [HA Proxy](roles/debian/haproxy) + - [Managed /etc/hosts](roles/debian/hosts) + - [Jenkins](roles/debian/jenkins) + - [Jitsi](roles/debian/jitsi) + - [LDAP Server](roles/debian/ldap_server) + - [LHCI](roles/debian/lhci) + - [Mailpit](roles/debian/mailpit) + - [Mount sync](roles/debian/mount_sync) + - [MariaDB Client](roles/debian/mysql_client) + - [MySQL Server - Oracle Community Edition](roles/debian/mysql_server_oracle_ce) + - [NGINX](roles/debian/nginx) + - [NodeJS](roles/debian/nodejs) + - [OpenVPN](roles/debian/openvpn) + - [Packer](roles/debian/packer) + - [PAM LinOTP](roles/debian/pam_linotp) + - [PHP terminal client](roles/debian/php-cli) + - [PHP common components](roles/debian/php-common) + - [PHP Composer](roles/debian/php_composer) + - [PHP-FPM](roles/debian/php-fpm) + - [phpMyAdmin](roles/debian/phpmyadmin) + - [PHP XDebug](roles/debian/php_xdebug) + - [Postfix](roles/debian/postfix) + - [Process Manager](roles/debian/process_manager) + - [Python Boto](roles/debian/python_boto) + - [Python Common](roles/debian/python_common) + - [Python Pip Packages](roles/debian/python_pip_packages) + - [rkhunter](roles/debian/rkhunter) + - [Rsyslog](roles/debian/rsyslog) + - [solr](roles/debian/solr) + - [SSHD](roles/debian/ssh_server) + - [SSL](roles/debian/ssl) + - [sudo config](roles/debian/sudo_config) + - [Swap](roles/debian/swap) + - [System](roles/debian/system) + - [User Ansible](roles/debian/user_ansible) + - [varnish_config](roles/debian/varnish_config) + - [wazuh](roles/debian/wazuh) + - [Init role](roles/_init) + - ["Meta" roles that group individual roles together.](roles/_meta) + - [AWS account](roles/_meta/aws_account) + - [AWS client](roles/_meta/aws_client_instance) + - [AWS region](roles/_meta/aws_region) + - [\_overrides.](roles/_overrides) From 946442fd1182328a875aa2bcea3ad37ecb0dd1f6 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 16:39:36 +0100 Subject: [PATCH 54/61] Making the publish docs CI work with 1.x and 2.x. --- .../workflows/ce-provision-publish-docs.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index edee7af4d..016308f89 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -3,9 +3,9 @@ name: Publish docs # Run this workflow on demand and every time a new commit pushed to your repository on: pull_request: -# branches: -# - 1.x -# - 2.x + branches: + - 1.x + - 2.x workflow_dispatch: jobs: @@ -49,20 +49,20 @@ jobs: - name: Start SSHD run: /usr/sbin/sshd& - - name: Initialise wiki2pages for ce-provision 2.x + - name: Initialise wiki2pages for ce-provision ${{ github.event.pull_request.base.ref }} run: | - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch 2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh init.sh --repo https://github.com/codeenigma/ce-provision.git --branch ${{ github.event.pull_request.base.ref }} --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-2.x --no-ce-dev" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-${{ github.event.pull_request.base.ref }} --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" - name: Run Hugo run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && hugo" - ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-2.x/ + ls -la /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }}/ - name: Publish documentation run: | /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh /home/ce-dev/build/wiki2pages/.github-actions-push.sh" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" - /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-2.x && /usr/bin/git push ci master" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git remote add ci https://${{ secrets.DOCS_GITHUB_TOKEN }}@github.com/codeenigma/ce-provision-docs.git" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/public/ce-provision-${{ github.event.pull_request.base.ref }} && /usr/bin/git push ci master" From 031254b4f931507b1df65befabbc30a50c7390e4 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 7 Jan 2025 16:54:14 +0100 Subject: [PATCH 55/61] Only run when PRs are closed. --- .github/workflows/ce-provision-publish-docs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 016308f89..9e3caa4c4 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -1,8 +1,9 @@ name: Publish docs -# Run this workflow on demand and every time a new commit pushed to your repository +# Run this workflow on demand or every time a PR is accepted to a main branch on: pull_request: + types: [closed] branches: - 1.x - 2.x From 9bfb93f23a7694c29675acdd312997001f852a64 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 11:10:54 +0100 Subject: [PATCH 56/61] Simplifying installer script. --- install.sh | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index 53db4ce5d..0776988a7 100755 --- a/install.sh +++ b/install.sh @@ -79,7 +79,6 @@ FIREWALL="true" AWS_SUPPORT="false" IS_LOCAL="false" SERVER_HOSTNAME=$(hostname) -ANSIBLE_COMMAND="" # Parse options. parse_options "$@" @@ -254,14 +253,8 @@ firewall_config: - "443" EOL -# Tell Ansible this is a Docker container -if [ "$IS_LOCAL" = "true" ]; then - ANSIBLE_COMMAND="ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" -else - ANSIBLE_COMMAND="ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" -fi # Configure ce-provision -/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/$ANSIBLE_COMMAND" +/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/provision.yml" # Install firewall @@ -281,7 +274,7 @@ if [ "$FIREWALL" = "true" ]; then ansible.builtin.import_role: name: debian/firewall_config EOL - /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" + /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/echo "-------------------------------------------------" else /usr/bin/echo "-------------------------------------------------" @@ -399,7 +392,7 @@ EOT EOT /usr/bin/echo "-------------------------------------------------" fi - /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml" + /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml" /usr/bin/echo "-------------------------------------------------" else /usr/bin/echo "GitLab not requested. Skipping." From 065b109e67ba4a95000af8153bd1d5db42d72b46 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 11:11:20 +0100 Subject: [PATCH 57/61] Separating script to build table of contents for Hugo and enhancing CI. --- .../workflows/ce-provision-publish-docs.yml | 20 +++ contribute/toc.sh | 2 +- contribute/toc_hugo.sh | 140 ++++++++++++++++++ 3 files changed, 161 insertions(+), 1 deletion(-) create mode 100755 contribute/toc_hugo.sh diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 9e3caa4c4..10293cd20 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -25,6 +25,25 @@ jobs: - ${{ github.workspace }}:/home/controller steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.base.ref }} + + # First build and publish the markdown docs + - name: Build the table of contents + run: /bin/sh contribute/toc.sh + + # Configures global Git variables for committing + - name: Configure Git + run: | + git config --global user.email "sysadm@codeenigma.com" + git config --global user.name "Code Enigma CI" + git config --global pull.rebase false + + - name: Commit new table of contents back to the repo + run: git push + + # Now build and publish the version of the docs - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" @@ -56,6 +75,7 @@ jobs: /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-${{ github.event.pull_request.base.ref }} --no-ce-dev" /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml" + /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-${{ github.event.pull_request.base.ref }} && /bin/sh contribute/toc_hugo.sh" - name: Run Hugo run: | diff --git a/contribute/toc.sh b/contribute/toc.sh index 8dc9a1c8f..8c108c60f 100755 --- a/contribute/toc.sh +++ b/contribute/toc.sh @@ -114,7 +114,7 @@ parse_roles_toc(){ "# "*) if [ "$WRITE" = "true" ]; then TITLE=$(echo "$LINE" | cut -c 3-) - echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR" + echo "$INDENT"" - [$TITLE](/$RELATIVE)" >> "$TMP_SIDEBAR" WRITE="false" fi ;; diff --git a/contribute/toc_hugo.sh b/contribute/toc_hugo.sh new file mode 100755 index 000000000..8dc9a1c8f --- /dev/null +++ b/contribute/toc_hugo.sh @@ -0,0 +1,140 @@ +#!/bin/sh +# shellcheck disable=SC2094 +# shellcheck disable=SC2129 +IFS=$(printf '\n\t') +set -e +OWN_DIR=$(dirname "$0") +cd "$OWN_DIR" || exit 1 +OWN_DIR=$(git rev-parse --show-toplevel) +cd "$OWN_DIR" || exit 1 +OWN_DIR=$(pwd -P) + +# @param +# $1 string filepath +cp_role_page(){ + RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$1")") + if [ ! -d "$OWN_DIR/docs/$RELATIVE" ]; then + mkdir -p "$OWN_DIR/docs/$RELATIVE" + fi + cp "$1" "$OWN_DIR/docs/$RELATIVE.md" +} + +# @param +# $1 string folder +cp_single_page(){ + if [ ! -d "$OWN_DIR/docs/$1" ]; then + mkdir "$OWN_DIR/docs/$1" + fi + cp "$OWN_DIR/$1/README.md" "$OWN_DIR/docs/$1.md" +} + +# @param +# $1 (string) filename +parse_role_variables(){ + TMP_MD=$(mktemp) + WRITE=1 + # Ensure we have a trailing line. + echo "" >> "$1" + while read -r LINE; do + case $LINE in + '') + echo "$LINE" >> "$TMP_MD" + generate_role_variables "$1" + WRITE=0 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=1 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=0 + ;; + '') + echo "$LINE" >> "$TMP_MD" + WRITE=1 + ;; + *) + if [ $WRITE = 1 ]; then + echo "$LINE" >> "$TMP_MD" + fi + ;; + esac + done < "$1" + printf '%s\n' "$(cat "$TMP_MD")" > "$1" + rm "$TMP_MD" +} + +# @param +# $1 (string) filename +generate_role_variables(){ + VAR_FILE="$(dirname "$1")/defaults/main.yml" + if [ -f "$VAR_FILE" ]; then + echo "## Default variables" >> "$TMP_MD" + echo '```yaml' >> "$TMP_MD" + cat "$VAR_FILE" >> "$TMP_MD" + echo "" >> "$TMP_MD" + echo '```' >> "$TMP_MD" + echo "" >> "$TMP_MD" + fi +} + +generate_roles_toc(){ + TMP_SIDEBAR=$(mktemp) + WRITE="true" + while read -r LINE; do + case $LINE in + " - [Roles](roles)") + echo "$LINE" >> "$TMP_SIDEBAR" + parse_roles_toc roles 2 + WRITE="false" + ;; + " -"*) + WRITE="true" + echo "$LINE" >> "$TMP_SIDEBAR" + ;; + *) + if [ "$WRITE" = "true" ]; then + echo "$LINE" >> "$TMP_SIDEBAR" + fi + ;; + esac + done < "$OWN_DIR/docs/_Sidebar.md" + mv "$TMP_SIDEBAR" "$OWN_DIR/docs/_Sidebar.md" +} + +parse_roles_toc(){ + ROLES=$(find "$OWN_DIR/$1" -mindepth 2 -maxdepth 2 -name "README.md" | sort) + for ROLE in $ROLES; do + WRITE="true" + INDENT=$(printf %$(($2 * 2))s) + RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$ROLE")") + while read -r LINE; do + case $LINE in + "# "*) + if [ "$WRITE" = "true" ]; then + TITLE=$(echo "$LINE" | cut -c 3-) + echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR" + WRITE="false" + fi + ;; + esac + done < "$ROLE" + parse_roles_toc "$RELATIVE" $(($2 + 1)) + done +} + +rm -rf "$OWN_DIR/docs/roles" +ROLE_PAGES=$(find "$OWN_DIR/roles" -name "README.md") +for ROLE_PAGE in $ROLE_PAGES; do + parse_role_variables "$ROLE_PAGE" +done +for ROLE_PAGE in $ROLE_PAGES; do + cp_role_page "$ROLE_PAGE" +done +generate_roles_toc + + +cp_single_page install +cp_single_page contribute +cp_single_page scripts From 58469005dadf1004ca4c358257b0ad0577715c0a Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 11:25:57 +0100 Subject: [PATCH 58/61] Forgot to add and commit changes to docs. --- .github/workflows/ce-provision-publish-docs.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 10293cd20..8984d540f 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -36,12 +36,15 @@ jobs: # Configures global Git variables for committing - name: Configure Git run: | - git config --global user.email "sysadm@codeenigma.com" - git config --global user.name "Code Enigma CI" - git config --global pull.rebase false + /usr/bin/git config --global user.email "sysadm@codeenigma.com" + /usr/bin/git config --global user.name "Code Enigma CI" + /usr/bin/git config --global pull.rebase false - name: Commit new table of contents back to the repo - run: git push + run: | + /usr/bin/git add docs/. + /usr/bin/git commit -m "GitHub Actions - updating markdown docs - ${{ steps.date.outputs.date }}" + /usr/bin/git push # Now build and publish the version of the docs - name: Install wiki2pages From 92dcc50b45510a84e9107c9dc3f33ae10b9b34bd Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 11:37:29 +0100 Subject: [PATCH 59/61] Adding safe directory for checked out code and changing order. --- .github/workflows/ce-provision-publish-docs.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 8984d540f..c8347f5cd 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -29,16 +29,17 @@ jobs: with: ref: ${{ github.event.pull_request.base.ref }} - # First build and publish the markdown docs - - name: Build the table of contents - run: /bin/sh contribute/toc.sh - # Configures global Git variables for committing - name: Configure Git run: | /usr/bin/git config --global user.email "sysadm@codeenigma.com" /usr/bin/git config --global user.name "Code Enigma CI" /usr/bin/git config --global pull.rebase false + /usr/bin/git config --global --add safe.directory /__w/ce-provision/ce-provision + + # First build and publish the markdown docs + - name: Build the table of contents + run: /bin/sh contribute/toc.sh - name: Commit new table of contents back to the repo run: | From cca1ea925ada5305da127d3d7f2bc6b87c604546 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 11:53:50 +0100 Subject: [PATCH 60/61] Trying to automate creating a PR instead of a commit. --- .github/workflows/ce-provision-publish-docs.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index c8347f5cd..07f163b34 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -27,7 +27,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.base.ref }} + ref: docs-${{ github.event.pull_request.base.ref }} # Configures global Git variables for committing - name: Configure Git @@ -47,6 +47,17 @@ jobs: /usr/bin/git commit -m "GitHub Actions - updating markdown docs - ${{ steps.date.outputs.date }}" /usr/bin/git push + # Create docs pull request + - name: Create a documentation pull request + if: ${{ github.event.pull_request.head.ref != 'docs-${{ github.event.pull_request.base.ref }}' }} + uses: repo-sync/pull-request@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + source_branch: docs-${{ github.event.pull_request.base.ref }} + destination_branch: ${{ github.event.pull_request.base.ref }} + pr_title: Documentation update. + pr_body: "**Automated pull request** created by GitHub Actions because of a documentation update." + # Now build and publish the version of the docs - name: Install wiki2pages run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages" From 42a08bf62a84b7a2012e5958324c260d16f5bb71 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 8 Jan 2025 12:03:07 +0100 Subject: [PATCH 61/61] Removing obsolete third party action in favour of GH CLI. --- .github/workflows/ce-provision-publish-docs.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml index 07f163b34..66ec74a26 100644 --- a/.github/workflows/ce-provision-publish-docs.yml +++ b/.github/workflows/ce-provision-publish-docs.yml @@ -50,13 +50,9 @@ jobs: # Create docs pull request - name: Create a documentation pull request if: ${{ github.event.pull_request.head.ref != 'docs-${{ github.event.pull_request.base.ref }}' }} - uses: repo-sync/pull-request@v3 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - source_branch: docs-${{ github.event.pull_request.base.ref }} - destination_branch: ${{ github.event.pull_request.base.ref }} - pr_title: Documentation update. - pr_body: "**Automated pull request** created by GitHub Actions because of a documentation update." + run: gh pr create --base ${{ github.event.pull_request.base.ref }} --head docs-${{ github.event.pull_request.base.ref }} --title "**Automated pull request** created by GitHub Actions because of a documentation update." + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Now build and publish the version of the docs - name: Install wiki2pages