Update to 2024-04-05 10:01

2024-04-05 10:01:02 +02:00 · 2024-04-05 10:01:02 +02:00 · 1b645c62cc
parent 26ab80b027
commit 1b645c62cc
7 changed files with 43 additions and 9 deletions
--- a/roles/consul/defaults/main.yml
+++ b/roles/consul/defaults/main.yml
@ -113,6 +113,10 @@ consul_base_conf:
    internal_rpc:
      verify_server_hostname: True

+  # Limits
+  limits: {}
+    # http_max_conns_per_client: 200
+
 consul_extra_conf: {}
 consul_host_conf: {}
 consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}"
--- a/roles/consul/templates/consul.hcl.j2
+++ b/roles/consul/templates/consul.hcl.j2
@ -142,3 +142,11 @@ auto_encrypt {
 }
 {% endif %}
 {% endif %}
+
+limits {
+{% for key in ['http_max_conns_per_client'] %}
+  {%- if consul_conf.limits[key] is defined %}
+  {{ key }} = {{ consul_conf.limits[key] }}
+  {%- endif %}
+{%- endfor %}
+}
--- a/roles/consul_bin/defaults/main.yml
+++ b/roles/consul_bin/defaults/main.yml
@ -1,8 +1,8 @@
 ---

 # Version of consul to deploy
-consul_version: 1.18.0
+consul_version: 1.18.1
 # URL from where the consul archive will be downloaded
 consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-consul_archive_sha256: 5d1fdc852b35dc94efe73cf52ba60c775248c7c9362bb684c94fcdb4118ae508
+consul_archive_sha256: 5faa9cc3f2832e3ae454a3ec2dbc6799179d14e1e09463f220bb906c590f4b05
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -1,11 +1,11 @@
 ---

 # Version to install
-gitea_version: 1.21.8
+gitea_version: 1.21.10
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: 01817c5730d50f5cf2470bbe2a35fceb7e0375903e36b6ebcd496f799a35b0de
+gitea_bin_sha256: 17eb858f3ef2b7cdb649286e6a9cc050f9d949606327a7d6f27aaba49fc3b492
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
--- a/roles/repo_zabbix/tasks/RedHat.yml
+++ b/roles/repo_zabbix/tasks/RedHat.yml
@ -4,7 +4,7 @@
  yum_repository:
    name: zabbix
    description: Zabbix Repository
-    baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/
    gpgcheck: True
    gpgkey: "{{ zabbix_repo_key }}"
    priority: 50
@ -16,7 +16,7 @@
  yum_repository:
    name: zabbix-agent2-plugins
    description: Zabbix Agent2 plugins Repository
-    baseurl: http://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/$releasever/$basearch/
+    baseurl: https://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/$releasever/$basearch/
    gpgcheck: True
    gpgkey: "{{ zabbix_plugin_key }}"
    priority: 50
@ -29,7 +29,7 @@
    name: zabbix-frontend
    description: Zabbix web frontend repository
    file: zabbix
-    baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend
    gpgcheck: True
    gpgkey: "{{ zabbix_repo_key }}"
    priority: 50
--- a/roles/sssd_ad_auth/tasks/main.yml
+++ b/roles/sssd_ad_auth/tasks/main.yml
@ -27,6 +27,28 @@
  notify: restart sssd ad
  tags: auth

+- name: Create systemd snippet dir
+  file: path=/etc/systemd/system/sssd.service.d state=directory
+  tags: auth
+
+  # sssd can fail, especially when storage gets slow (which can happen during backups for example)
+- name: Configure sssd to restart on failure
+  copy:
+    content: |
+      [Service]
+      Restart=on-failure
+      StartLimitInterval=0
+      RestartSec=30
+    dest: /etc/systemd/system/sssd.service.d/ansible.conf
+  register: sssd_unit
+  notify: restart sssd ad
+  tags: auth
+
+- name: Reload systemd
+  systemd: daemon_reload=true
+  when: sssd_unit.changed
+  tags: auth
+
 - name: Deploy krb5 configuration
  template: src=krb5.conf.j2 dest=/etc/krb5.conf
  tags: auth
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.15.6
+vault_version: 1.16.1
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: e5286f2f66a76972d1dd60a9cfb79e9e571c39a4531e89ac0b23a6a9147e6ee9.
+vault_archive_sha256: 315a1964d7003ef6de94c407a88972d45eb9b378946a53a1bbff34de1ae2d1e0