Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-56 Iron-out deficiencies discovered during the ad-hoc dirty testing of roles
Go to the next issue (open or closed)
Go to the next open issue
There are no more issues in that direction.
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Enhancement
  • Category
    Not determined
  • Targetted for
    1.0.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    8 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description
As part of issue MAR-50, a number of deficiencies may be discovered that need fixing. These can be bugs in implementation as well as missing functionality. This issue serves to collect such (mostly minor) improvements that should be made.

The following bugs should be fixed:
* In mail_server role, once clamav-freshclam service is enabled, it takes some time for it to download virus definitions. During this time the clamav-daemon service will be inoperable, and has to be restarated once freshclam finished the initial run. Documentation should reflect this deficiency.
* Nested option '''public_key''' in option '''backup_clients''' in role '''backup_server''' is undocumented.
* Role '''backup_client''' fails to assemble the include pattern file used during backups.
* CA certificates deployed by role '''common''' should be put into directory '''/usr/local/share/ca-certificates/'''
* Privileges in role '''database''' have not been set correctly. The user was granted all privileges on all databases instead of its own only.
* Fix syntax error for default values for vars '''ldap_server_tls_certificate''' and '''ldap_sever_tls_key''' in role '''ldap_server'''.
* Fix syntax error for default values for vars '''imap_tls_certificate''', '''imap_tls_key''', '''smtp_tls_certificate''', and '''smtp_tls_key'''.
* Default to error 404 in role '''php_website''' if no match is made for a URL.
* Fix syntax error for default values for vars '''xmpp_tls_certificate''' and '''xmpp_tls_key''' in role '''xmpp_server'''.
* '''mod_auth_ldap''' module for Prosody has moved to new home. Update the download URL in '''xmpp_server''' role.
* Dependencies in meta/main.yml should be specified with a simple list instead of the '''- role: blah''' syntax (i.e. do it simply '''- blah'''. Otherwise the role may get invoked multiple times. Seems to have been fixed in Ansible 2.0.x, though.
* It should be made clear to the user of '''wsgi_website''' role that the base directory for specifying the application/paster ini file is '''USER_HOME/code''' directory. I.e. both the WSGI application and paster ini file path should be relative to this path.
* The '''wsgi_website''' role should fixate the Gunicorn virtualenv package, and also install '''futures''' package in order to make sure the default thread worker used by some apps (Kallithea) works correctly.
* In role '''wsgi_website''' the prompt for virtual environment is not properly set. It has to be done via '''--prompt '(FQDN)' ''' option (the brackets must be included).
* Role '''ldap_server''' should set-up the slapd daemon to listen on port 636 in addition to default 389.


The following enhancements should be made:
* Documentation for roles that involve interaction with LDAP server should be updated to contain LDIF templates relevant to LDAP use. This helps for future operations significantly.
* In role '''mail_server''', have the '''mail_ldap_tls_truststore''' parameter be an actual value of certificates to deploy, and hard-code the paths for that certificate deployment. This should reduce dependency on other params to be correctly filled-in ('''ca_certificates''' in '''common''' role). Similar should be done for role '''mail_forwarder''' and parameter '''smtp_relay_truststore'''.
* Introduce option '''additional_nginx_config''' to '''php_website''' and '''wsgi_website''' to allow for adding custom Nginx configuration directives to the Server section.
* Don't change passwords for users created by '''common''' role if users already exist.
* Split-out a role for deploying backup patterns, maybe call it simply '''backup'''. This way the '''backup_client''' role can be set to '''allow_duplicates: no''', which will reduce number of tasks executed during each run.
Todos (0 / 0)
Issue created