create common roles

apps/roles/role_cloud/CHANGELOG

@@ -0,0 +1,13 @@
+# CHANGELOG
+
+## To do
+
+1. 增加腾讯云的判断
+2. Cloud Agent 实际上没有起到作用
+
+## Logs
+
+### Bug Fixes
+
+### Features
+

apps/roles/role_cloud/License.md

@@ -0,0 +1,169 @@
+This program is released under LGPL-3.0 and with the additional Terms: 
+It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
+
+
+                    GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

apps/roles/role_cloud/Notes.md

@@ -0,0 +1 @@
+

apps/roles/role_cloud/README.md

@@ -0,0 +1,47 @@
+Ansible Role: Cloud
+=========
+
+在CentOS或者Ubuntu服务器处理云厂家异同,以及设置交换分区.
+
+## Requirements
+
+运行本 Role，请确认符合如下的必要条件：
+
+| **Items**      | **Details** |
+| ------------------| ------------------|
+| Operating system | CentOS7.x Ubuntu18.04 |
+| Python 版本 | Python2  |
+| Python 组件 |    |
+| Runtime | 阿里云, 华为云, Azure, AWS |
+
+
+## Related roles
+
+本 Role 不依赖其他 roles，只用来处理不同云平台的服务器差异。
+
+
+## Variables
+
+本 Role 主要变量以及使用方法如下：
+
+| **Items**      | **Details** | **Format**  | **是否初始化** |
+| ------------------| ------------------|-----|-----|
+| cloud_agent | Fasle,True ] | 布尔 | 否 |
+
+
+## Example
+
+```
+- name: LAMP
+  hosts: all
+  become: yes
+  become_method: sudo 
+  vars_files:
+    - vars/main.yml 
+
+  roles:
+    - { role: role_common }
+    - { role: role_cloud } 
+```
+
+## FAQ

apps/roles/role_cloud/defaults/main.yml

@@ -0,0 +1,2 @@
+# install Cloud Agent, default is false
+cloud_agent: False

apps/roles/role_cloud/meta/main.yml

@@ -0,0 +1,19 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: 
+  description:
+  company: 
+  license: 
+  min_ansible_version: 
+  platforms:
+    - name: EL
+      versions:
+        - 7
+    - name: Ubuntu
+      versions:
+        - 18.04
+
+  galaxy_tags:
+

apps/roles/role_cloud/tasks/main.yml

@@ -0,0 +1,109 @@
+##
+- name: Check Cloud
+  shell : |
+    if [ -f "/etc/waagent.conf" ];then echo "azure";fi
+    if [ -d "/usr/local/aegis" ];then echo "alicloud";fi
+    if [ -f "/snap/bin/amazon-ssm-agent.ssm-cli" ];then echo "aws";fi
+    if [ -f "/usr/bin/amazon-ssm-agent" ];then echo "aws";fi
+    if [ -d "/CloudrResetPwdAgent" ];then echo "huaiwei";fi
+  register: cloud
+  
+- debug:
+    msg: "Cloud platform is {{ cloud.stdout}}"
+    
+- block:
+  - name: Create swap Space
+    command: dd if=/dev/zero of=/mnt/swap bs=256M count=8
+
+  - name: Make swap
+    command: mkswap /mnt/swap
+
+  - name: Action swap
+    command: swapon /mnt/swap
+  
+  - name: Add to fstab
+    lineinfile:
+        dest: /etc/fstab
+        regexp: '/mnt/swap'
+        line: "/mnt/swap swap swap defaults 0 0"
+        state: present
+
+  when: (ansible_swaptotal_mb == 0) and (cloud.stdout != 'azure')
+
+- block:
+  - name: Change ubuntu service name
+    shell: |
+      ln -sf /usr/lib/systemd/system/walinuxagent.service /usr/lib/systemd/system/waagent.service
+      systemctl daemon-reload
+    when: ansible_os_family == 'Debian'
+    
+  - name: ResourceDisk EnableSwap
+    lineinfile:
+      dest: /etc/waagent.conf
+      regexp: 'ResourceDisk.Format=n'
+      line: "ResourceDisk.Format=y"
+      state: present
+
+  - name: ResourceDisk EnableSwap
+    lineinfile:
+      dest: /etc/waagent.conf
+      regexp: 'ResourceDisk.EnableSwap=n'
+      line: "ResourceDisk.EnableSwap=y"
+      state: present
+
+  - name: ResourceDisk SwapSizeMB
+    lineinfile:
+      dest: /etc/waagent.conf
+      regexp: 'ResourceDisk.SwapSizeMB=0'
+      line: "ResourceDisk.SwapSizeMB=4096"
+      state: present
+
+  - name: Restart waagnet
+    service:
+      name: waagent
+      state: restarted
+      enabled: yes
+
+  when: cloud.stdout == 'azure'
+
+- block:
+  - name: AWS Configure
+    apt:
+      name: ec2-instance-connect
+      update_cache: yes
+    when: ansible_os_family == 'Debian'
+
+  - name: AWS Configure
+    yum:
+      name: ec2-instance-connect
+    when: ansible_os_family == 'RedHat'
+    
+  - name: Start ec2-instance-connect
+    service:
+      name: ec2-instance-connect
+      state: started
+      enabled: yes
+    failed_when: False
+    
+  when: cloud.stdout == 'aws'
+  
+# install cloud agent
+- block:
+  - name: Install Aliyun Aqs and aliyun_assist
+    shell: |
+      wget "https://aegis.alicdn.com/download/install/2.0/linux/AliAqsInstall_64.sh" && chmod +x AliAqsInstall_64.sh && ./AliAqsInstall_64.sh sJmepE
+      wget "https://aliyun-client-assist.oss-accelerate.aliyuncs.com/linux/aliyun_assist_latest.rpm"
+      rpm -ivh --force aliyun_assist_latest.rpm
+      #wget "https://aliyun-client-assist.oss-accelerate.aliyuncs.com/linux/aliyun_assist_latest.deb"
+      #dpkg -r aliyun-assist
+      systemctl restart aliyun.service
+    when: cloud.stdout == 'alicloud'
+    
+  
+
+  - name: Install HUAWEICLOUD Agent
+    shell: wget https://telescope-ap-southeast-1.obs.ap-southeast-1.myhuaweicloud.com/scripts/agentBatchPackage.sh && chmod 755 agentBatchPackage.sh && ./agentBatchPackage.sh
+    args:
+      chdir: /usr/local
+    when: cloud.stdout == 'huawei'
+  when: cloud_agent

apps/roles/role_cloud/tests/inventory

@@ -0,0 +1 @@
+localhost

apps/roles/role_cloud/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role_cloud

apps/roles/role_cloud/vars/cloud_download_url.yml

@@ -0,0 +1,16 @@
+# 本文件存放中国大陆地区的下载地址，用于阿里云、华为云等云上的镜像制作。
+
+apache_ius_url: https://repo.ius.io/ius-release-el7.rpm
+#apache_ius_url: https://libs.websoft9.com/apps/apache/ius-release-el7.rpm
+
+php_getcomposer_url: "https://getcomposer.org/composer.phar"
+#php_getcomposer_url: https://libs.websoft9.com/apps/composer/composer.phar
+
+redis_download_url: http://download.redis.io/releases
+#redis_download_url: https://libs.websoft9.com/apps/redis
+
+phpmyadmin_download_url:
+  "old": "https://files.phpmyadmin.net/phpMyAdmin/4.0.10.20/phpMyAdmin-4.0.10.20-all-languages.zip"
+  #"old": "https://libs.websoft9.com/apps/phpmyadmin/phpMyAdmin-4.0.10.20-all-languages.zip"
+  "new": "https://files.phpmyadmin.net/phpMyAdmin/4.9.4/phpMyAdmin-4.9.4-all-languages.zip"
+  #"new": "https://libs.websoft9.com/apps/phpmyadmin/phpMyAdmin-4.9.4-all-languages.zip"

apps/roles/role_common/CHANGELOG.md

@@ -0,0 +1,28 @@
+# CHANGELOG
+
+## To do
+
+1. 服务器最低配置判断
+2. OracleLinux 支持 CentOS7-base.repo
+3. Centos snapd install waiting for rhel official(snapd-selinux-2.47.1-1.el7.noarch.rpm) update repo
+
+## Logs
+
+### Bug Fixes
+
+* 2020-08-14  add CentOS7_base.repo for AmazonLinux2
+* 2020-06-20  add Check OS support in main.yml
+* 2020-02-25  去掉pip install requests, 此模块不是python核心模块
+* 2020-11-11  use yumdownloader and rpm install requires package,waiting for rhel official update repo
+
+
+### Features
+
+* 2020-08-22  add install apps_cockpit.yml
+* 2020-07-25  add intall centos-release-scl for CentOS
+* 2020-07-02  add `apt install acl`
+* 2020-05-31  add locate for search
+* 2020-05-20  Don't update when init=0
+* 2020-03-20  增加两个安装变量common_install_python_modules,common_install_components用于控制组件的安装
+* 2020-02-24  将main.yml按照os_family拆分
+* 2020-02-21  增加中国地区DNS地址

apps/roles/role_common/License.md

@@ -0,0 +1,169 @@
+This program is released under LGPL-3.0 and with the additional Terms: 
+It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
+
+
+                    GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

apps/roles/role_common/Notes.md

@@ -0,0 +1,44 @@
+
+## Ansible facts for OS distribution
+```
+# AmazonLinux2
+"ansible_distribution": "Amazon",
+"ansible_distribution_file_parsed": true,
+"ansible_distribution_file_path": "/etc/system-release",
+"ansible_distribution_file_variety": "Amazon",
+"ansible_distribution_major_version": "2",
+"ansible_distribution_release": "NA",
+"ansible_distribution_version": "2",
+
+# Ubuntu
+"ansible_distribution": "Ubuntu",
+"ansible_distribution_file_parsed": true,
+"ansible_distribution_file_path": "/etc/os-release",
+"ansible_distribution_file_variety": "Debian",
+"ansible_distribution_major_version": "18",
+"ansible_distribution_release": "bionic",
+"ansible_distribution_version": "18.04",
+
+# CentOS
+"ansible_distribution": "CentOS",
+"ansible_distribution_file_parsed": true,
+"ansible_distribution_file_path": "/etc/redhat-release",
+"ansible_distribution_file_variety": "RedHat",
+"ansible_distribution_major_version": "7",
+"ansible_distribution_release": "core",
+"ansible_distribution_version": "7.6"
+
+# OracleLinux
+"ansible_distribution": "OracleLinux",
+"ansible_distribution_file_parsed": true,
+"ansible_distribution_file_path": "/etc/oracle-release",
+"ansible_distribution_file_search_string": "Oracle Linux",
+"ansible_distribution_file_variety": "OracleLinux",
+"ansible_distribution_major_version": "7",
+"ansible_distribution_release": "NA",
+"ansible_distribution_version": "7.7",
+```
+
+## Cockpit
+
+Cockpit 建议采用 `yum install cockpit*` 这种批量安装方式，确保安装所有与之相关的包

apps/roles/role_common/README.md

@@ -0,0 +1,45 @@
+Ansible Role: common
+=========
+
+本 Role 用于在CentOS或者Ubuntu服务器上安装常见工具和配置系统自动更新
+
+## Requirements
+
+运行本 Role，请确认符合如下的必要条件：
+
+| **Items**      | **Details** |
+| ------------------| ------------------|
+| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux|
+| Python 版本 | Python2  |
+| Python 组件 |    |
+| Runtime |  Linux |
+
+
+## Related roles
+
+本 Role 在其他 roles 之前运行。
+
+
+## Variables
+
+本 Role 主要变量以及使用方法如下：
+
+| **Items**      | **Details** | **Format**  | **是否初始化** |
+| ------------------| ------------------|-----|-----|
+| common_install_python_modules | 布尔类型，默认 True| 字符串 |否|
+| common_install_components |布尔类型，默认 True| 字符串 |否|
+| common_os_support |["CentOS", "Ubuntu", "Amazon", "OracleLinux"]| 队列 |否|
+| common_install_tools |- cockpit| 队列 |否|
+
+
+## Example
+
+```
+common_os_support: ["CentOS", "Ubuntu", "Amazon", "OracLinux"]
+common_install_tools
+  - cockpit
+```
+
+## FAQ
+
+

apps/roles/role_common/defaults/main.yml

@@ -0,0 +1,26 @@
+region: "0"
+init: "0"
+
+#Control installation more components
+common_install_python_modules: True
+common_install_components: True
+common_set_rclocal: False
+
+common_os_support: ["CentOS", "Ubuntu", "Amazon", "OracleLinux", "Debian", "RedHat"]
+
+# Useful tools, list var type, e.g: 
+# common_install_tools:
+#   - cockpit
+
+common_install_tools:
+
+# when init=1, need upgrade system
+common_system_upgrade: True
+common_docker_addnetwork: "apps"
+common_install_docker: False
+common_compose_version: "v2.6.0"
+common_repository_url: "https://download.docker.com/linux/centos/docker-ce.repo"
+
+common_packages_redhat_extra: []
+
+common_packages_debian_extra: []

apps/roles/role_common/files/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

apps/roles/role_common/files/CentOS7-Base.repo

@@ -0,0 +1,35 @@
+# CentOS-Base.repo
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+# If the mirrorlist= does not work for you, as a fall back you can try the 
+# remarked out baseurl= line instead.
+
+[base]
+name=CentOS-$releasever - Base
+baseurl=http://mirror.centos.org/centos/7/os/$basearch/
+gpgcheck=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates 
+[updates]
+name=CentOS-$releasever - Updates
+baseurl=http://mirror.centos.org/centos/7/updates/$basearch/
+gpgcheck=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+baseurl=http://mirror.centos.org/centos/7/extras/$basearch/
+gpgcheck=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+baseurl=http://mirror.centos.org/centos/7/centosplus/$basearch/
+gpgcheck=0
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

apps/roles/role_common/meta/main.yml

@@ -0,0 +1,20 @@
+---
+dependencies:
+
+galaxy_info:
+  role_name: common
+  author: 
+  description:
+  company: 
+  license: 
+  min_ansible_version: 
+  platforms:
+    - name: EL
+      versions:
+        - 8
+    - name: Ubuntu
+      versions:
+        - 18.04
+
+  galaxy_tags:
+

apps/roles/role_common/tasks/Debian.yml

@@ -0,0 +1,65 @@
+- set_fact:
+    ansible_python_interpreter: "/usr/bin/python3"
+
+- name: Update apt repository list cache
+  apt:
+    update_cache: yes
+  
+- name: Upgrade all packages to the latest version for production
+  apt:
+    name: "*"
+    state: latest
+    only_upgrade: yes
+  register: result
+  until: result.msg.find("Could not get lock /var/lib/dpkg") == -1  
+  retries: 50
+  delay: 10
+  failed_when: "'FAILED' in result.stdout"
+  when: common_system_upgrade and (init == '1' or init == 1)
+
+- block:    
+  - name: Install Common Software
+    apt:
+      name: "{{ item }}"
+      state: latest
+      force_apt_get: True
+      allow_unauthenticated: yes
+      update_cache: yes
+    failed_when: False
+    register: common_install_result
+    loop: "{{ common_packages_debian }}"
+
+  - debug: 
+      msg: "{{ common_install_result | json_query('results[*].results[*]') }}"
+      
+  - block:
+    - name: Install extra Software
+      apt:
+        name: "{{ item }}"
+        state: latest
+        force_apt_get: True
+        allow_unauthenticated: yes
+        update_cache: yes
+      failed_when: False
+      register: extra_install_result
+      loop: "{{ common_packages_debian_extra }}"
+
+    - debug: 
+        msg: "{{ extra_install_result | json_query('results[*].results[*]') }}"
+    when: common_packages_debian_extra is defined and common_packages_debian_extra is not none and common_packages_debian_extra != ""
+      
+  when: common_install_components
+
+- block:
+  - name: Setting rc.local
+    file:
+      path: /etc/rc.local
+      state: touch
+      mode: 0750
+
+  - name: Write rc.local
+    shell: echo "#!/bin/bash" > /etc/rc.local
+
+  - name: restart rc.local
+    service: name=rc.local state=restarted enabled=yes
+  when: common_set_rclocal

apps/roles/role_common/tasks/RedHat.yml

@@ -0,0 +1,106 @@
+- block:
+  - debug: 
+      msg: "Wait 200s for install pip and python"
+  
+  - name: Sleep wait for Oracle linux install pip and python which is very slowly
+    shell: sleep 200s
+    when: ansible_distribution == "OracleLinux"
+  
+- name: System Upgrade
+  yum: name=* state=latest
+  when: common_system_upgrade and (init == '1' or init == 1) 
+
+- name: OracleLinux8 create pip softlink
+  shell: |
+    ln -sf /usr/bin/pip-3 /usr/bin/pip3
+  when: ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == "8"
+  
+- name: Install Extra Packages for Enterprise Linux on {{ansible_distribution}}, exclude Amazon because scl will cause yum update error
+  yum: 
+    name: [epel-release,centos-release-scl]
+    update_cache: yes
+    state: latest
+  failed_when: False
+  when: ansible_distribution != 'Amazon' and ansible_distribution != 'OracleLinux'
+
+- block:
+  - name: Install epel repo for OracleLinux
+    yum:
+      name: oracle-epel-release-el{{ansible_distribution_major_version}}
+
+  - name: Install scl repo for OracleLinux
+    yum:
+      name: scl-utils
+  when: ansible_distribution == 'OracleLinux'
+
+- block:
+  - name: Set swapiness
+    sysctl:
+      name: vm.swappiness
+      value: "10"
+
+  - name: Fix No space left on device
+    sysctl:
+      name: fs.inotify.max_user_watches
+      value: "8192000"
+  when: ansible_distribution != 'OracleLinux'
+  
+- block:
+  - name: Install Extra Packages for Enterprise Linux on {{ansible_distribution}},there is [releaseserver] in the linux repo,so download from websoft9 self repo 
+    shell: |
+      amazon-linux-extras install epel -y
+      wget -O /etc/yum.repos.d/CentOS7-Base.repo https://raw.githubusercontent.com/websoft9/role_common/master/files/CentOS7-Base.repo
+
+  - name: delete amazon repo priority
+    lineinfile:
+        dest: "{{item}}"
+        regexp: "^priority"
+        state: absent
+    loop:
+      - /etc/yum.repos.d/amzn2-extras.repo
+      - /etc/yum.repos.d/amzn2-core.repo
+  when: ansible_distribution == 'Amazon'
+
+- block:
+  - name: Install Common Software
+    yum: 
+      name: "{{ item }}"
+      state: latest
+      update_cache: yes
+    register: common_install_result
+    failed_when: False
+    loop: "{{ common_packages_redhat }}"
+
+  - debug: 
+      msg: "{{ common_install_result | json_query('results[*].results[*]') }}"
+      
+  - block:
+    - name: Install extra Software
+      yum: 
+        name: "{{ item }}"
+        state: latest
+        update_cache: yes
+      register: extra_install_result
+      failed_when: False
+      loop: "{{ common_packages_redhat_extra }}"
+
+    - debug: 
+        msg: "{{ extra_install_result | json_query('results[*].results[*]') }}"
+    when: common_packages_redhat_extra is defined and common_packages_redhat_extra is not none and common_packages_redhat_extra != ""
+
+  when: common_install_components
+  
+- name: Setting rc.d 0750
+  file:
+    path: /etc/rc.d/rc.local
+    mode: 0750
+  when: common_set_rclocal
+
+- block:
+  - name: Disable SELinux temporarily(have not  SELinux on Debian )
+    shell: sudo setenforce 0
+    
+  - name: Disable SELinux ermanently
+    selinux:
+      state: disabled
+  when: ansible_selinux.status != "disabled"

apps/roles/role_common/tasks/main.yml

@@ -0,0 +1,112 @@
+#0 Common install by OS 
+- debug:
+    msg: "Will install components on ansible_os_family:{{ansible_os_family}},ansible_distribution:{{ ansible_distribution }}, ansible_distribution_major_version: {{ ansible_distribution_major_version }}"
+  
+- name: Check OS support, if not support, exit ansible
+  fail: msg="OS not supported,exit!"
+  when: ansible_distribution not in common_os_support
+  
+- include: "{{ansible_os_family}}.yml"
+  
+- name: Updatedb for mlocate
+  shell: updatedb
+
+#2 Pip install
+- block:
+  - name: pip upgrade(python2 support latest pip version is 20.3.4)
+    shell: python{{ansible_python.version.major}} -m pip install -U "pip < 21.0"
+    failed_when: False
+    
+  - name: Install PyMySQL on pip2
+    pip:
+      name: PyMySQL
+      version: 0.10.1
+      extra_args: "-U"
+      executable: pip2
+    when: ansible_os_family == "RedHat" and (ansible_distribution_major_version == '7' or ansible_distribution_major_version == '2')
+    
+  - name: Install pex requirements module
+    pip:
+      name: pexpect
+      extra_args: "-U"
+    register: pex_install_result
+    failed_when: False
+
+  - name: Install pymysql requirements module
+    pip:
+      name: PyMySQL
+      extra_args: "-U"
+    register: mysql_install_result
+    failed_when: False
+  when: common_install_python_modules
+
+- debug: 
+    msg: "{% if pex_install_result.msg is defined %} {{pex_install_result.msg}} {% endif %}"
+
+- debug: 
+    msg: "{% if mysql_install_result.msg is defined %} {{mysql_install_result.msg}} {% endif %}"
+
+#3 Tool install
+- name: Install tools
+  include_tasks: tools_{{item}}.yml
+  with_items: "{{common_install_tools}}"
+  when: common_install_tools is defined and common_install_tools is not none and common_install_tools != "" and common_install_tools[0]!= ""
+ 
+#4 Configure
+- name: Create common folder
+  file:
+    path: '/data/{{item}}'
+    state: directory
+    recurse: yes
+    mode: '0755'
+  with_items:
+    - logs
+    - config
+    - cert
+    - apps
+  failed_when: False
+
+- name: Create /data/wwwroot softlink to /data/apps
+  shell: ln -sf /data/apps /data/wwwroot
+      
+- block:
+  - name: set a regular hostname, remove "."
+    shell: get_hostname=$(hostname);echo ${get_hostname%%.*}
+    register: common_get_hostname
+  - hostname:
+      name: "{{common_get_hostname.stdout}}"
+
+# Install docker
+
+- name: Install Docker on {{ansible_distribution}}
+  shell: |
+    curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
+  when: ansible_distribution != 'Amazon' 
+
+- block:	  
+  - name: Add Docker repository and replace $releasever
+    shell: |
+      wget -O /etc/yum.repos.d/docker-ce.repo "https://download.docker.com/linux/centos/docker-ce.repo"
+      sudo sed -i "s/\$releasever/7/g" /etc/yum.repos.d/docker-ce.repo
+
+  - name: Install all required packages of Docker on {{ansible_distribution}}
+    yum:
+      name: [device-mapper-persistent-data,lvm2,docker-ce,docker-ce-cli,containerd.io,docker-compose-plugin,docker-scan-plugin,docker-ce-rootless-extras]
+      update_cache: yes
+      state: latest
+  when: ansible_distribution == 'Amazon'
+  
+- name: Add permanently alias for docker compose
+  shell: |
+    alias docker-compose='docker compose'
+    echo "alias docker-compose='docker compose'" >> /etc/profile.d/docker-compose.sh
+    source /etc/profile.d/docker-compose.sh
+    
+- name: Started and enable Docker
+  service:
+    name: docker 
+    enabled: yes
+    state: restarted
+
+- name: Check Docker Version
+  shell: sudo sh -c "docker -v 1>> /data/logs/install_version.txt"

apps/roles/role_common/tasks/tools_cockpit.yml

@@ -0,0 +1,53 @@
+#1 Prepare
+- set_fact:
+    common_cockpit_port: "9099"
+
+#2 Install cockpit
+- name: Install cockpit
+  apt: 
+    name: [cockpit*]
+    update_cache: yes
+  when: ansible_os_family == "Debian"
+
+- name: Install cockpit
+  yum:
+    name: [cockpit*]
+    update_cache: yes    
+  when: ansible_os_family == "RedHat"
+
+
+#3 Configure
+- name: Change cockpit port 
+  lineinfile:
+      dest: /lib/systemd/system/cockpit.socket
+      regexp: "ListenStream=9090"
+      line: "ListenStream={{common_cockpit_port}}"
+      backrefs: yes 
+
+- name: Create /etc/cockpit/cockpit.conf
+  file:
+    path: /etc/cockpit/cockpit.conf
+    owner: cockpit-ws
+    group: cockpit-ws
+    mode: '0640'
+    state: touch
+
+- name: Insert configuration items in cockpit.conf
+  blockinfile:
+    path: /etc/cockpit/cockpit.conf
+    block: |
+      # allow http connection, Otherwise, it redirects all HTTP connections to HTTPS
+      [WebService]
+      AllowUnencrypted = true
+- name: Start & Enable cockpit
+  shell: |
+    systemctl restart cockpit
+    systemctl daemon-reload
+    systemctl restart cockpit.socket
+    systemctl enable --now cockpit.socket
+    
+#4 Check
+- name: Check cockpit Service
+  shell: systemctl status cockpit | grep Active*
+  register: check_cockpit_service
+  notify: check_cockpit_service

apps/roles/role_common/tests/inventory

@@ -0,0 +1 @@
+localhost

apps/roles/role_common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role_common

apps/roles/role_common/vars/main.yml

@@ -0,0 +1,49 @@
+common_packages_redhat:
+  - mosh
+  - wget
+  - openssl
+  - unzip
+  - bzip2
+  - expect
+  - at
+  - tree
+  - vim
+  - screen
+  - pwgen
+  - git
+  - htop
+  - ImageMagick
+  - inotify-tools
+  - libselinux-python
+  - libselinux-python3
+  - yum-utils
+  - gcc
+  - jq
+  - telnet
+  - mlocate
+
+common_packages_debian:
+  - acl
+  - mosh
+  - curl
+  - gnupg2
+  - ca-certificates
+  - lsb-release
+  - wget
+  - openssl
+  - unzip
+  - bzip2
+  - expect
+  - at
+  - tree
+  - vim
+  - screen
+  - pwgen
+  - git
+  - htop
+  - imagemagick
+  - goaccess
+  - jq
+  - net-tools
+  - mlocate
+  - chrony

apps/roles/role_end/CHANGELOG.md

@@ -0,0 +1,17 @@
+# CHANGELOG
+
+## To do
+
+1. 
+
+## Logs
+
+### Bug Fixes
+
+* 2020-07-21  ansible reboot module error need Ansible2.7
+* 2020-07-07  change delete .ssh folder  to delete /ssh/*, otherwise OracleLinux can't use key-paris
+* 2020-06-06  fixed display all versions
+
+### Features
+
+* 2020-02-14  Created

apps/roles/role_end/License.md

@@ -0,0 +1,169 @@
+This program is released under LGPL-3.0 and with the additional Terms: 
+It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
+
+
+                    GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

apps/roles/role_end/Notes.md

@@ -0,0 +1 @@
+

apps/roles/role_end/README.md

@@ -0,0 +1,60 @@
+Ansible Role: end
+=========
+
+本 Role 用于在 CentOS, Ubuntu 和 AmazonLinux 服务器上结束部署后期的任务。
+
+## Requirements
+
+运行本 Role，请确认符合如下的必要条件：
+
+| **Items**      | **Details** |
+| ------------------| ------------------|
+| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux|
+| Python 版本 | Python2  |
+| Python 组件 |    |
+| Runtime |  |
+
+
+## Related roles
+
+本 Role 在语法上不依赖其他 role 的变量, 且需要放在最后运行。
+
+```
+  roles:
+   - {role: role_common, tags: "role_common"}   
+   - {role: role_cloud, tags: "role_cloud"}
+   - {role: role_postgresql, tags: "role_postgresql"}
+   - {role: role_docker, tags: "role_docker", when: phppgadmin_install_docker}
+   - {role: role_docker_phppgadmin, tags: "role_docker_phppgadmin", when: phppgadmin_install_docker}
+   - {role: role_init_password, tags: "role_init_password"}
+   - {role: role_end, tags: "role_end"} 
+```
+
+
+## Variables
+
+暂无
+
+## Example
+
+```
+- name: PostgreSQL
+  hosts: all
+  become: yes
+  become_method: sudo 
+  vars_files:
+    - vars/main.yml 
+
+  roles:
+   - {role: role_common, tags: "role_common"}   
+   - {role: role_cloud, tags: "role_cloud"}
+   - {role: role_postgresql, tags: "role_postgresql"}
+   - {role: role_docker, tags: "role_docker", when: phppgadmin_install_docker}
+   - {role: role_docker_phppgadmin, tags: "role_docker_phppgadmin", when: phppgadmin_install_docker}
+   - {role: role_init_password, tags: "role_init_password"}
+   - {role: role_end, tags: "role_end"}
+```
+
+## FAQ
+
+

apps/roles/role_end/defaults/main.yml

@@ -0,0 +1 @@
+init: "0"

apps/roles/role_end/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: end_check_ports
+  debug:
+    var: end_check_ports.stdout_lines
+    
+- name: end_check_versions
+  debug:
+    var: end_check_versions.stdout_lines

apps/roles/role_end/meta/main.yml

@@ -0,0 +1,19 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: 
+  description:
+  company: 
+  license: 
+  min_ansible_version: 
+  platforms:
+    - name: EL
+      versions:
+        - 7
+    - name: Ubuntu
+      versions:
+        - 18.04
+
+  galaxy_tags:
+

apps/roles/role_end/tasks/main.yml

@@ -0,0 +1,45 @@
+# print ports and version
+- block:
+  - name: Check all Ports
+    shell: ss -ntlp |awk '{print $4}'
+    register: end_check_ports
+    notify: end_check_ports
+    
+  - name: Display all versions
+    shell: sudo sh -c "cat /data/logs/install_version.txt 2>/dev/null" || echo "no version information"
+    register: end_check_versions
+    notify: end_check_versions
+
+
+- block:
+  - name: Check Cloud
+    shell : |
+      if [ -f "/etc/waagent.conf" ];then echo "azure";fi
+      if [ -d "/usr/local/aegis" ];then echo "alibabacloud";fi
+      if [ -f "/snap/bin/amazon-ssm-agent.ssm-cli" ];then echo "aws";fi
+      if [ -f "/usr/bin/amazon-ssm-agent" ];then echo "aws";fi
+      if [ -d "/CloudrResetPwdAgent" ];then echo "huaiweicloud";fi
+    register: cloud
+    
+  - debug:
+      msg: "Cloud platform is {{cloud.stdout}}"
+      
+  - name: Remove SSH info
+    shell: sudo rm -rf {{item}}
+    with_items:
+      - /home/*/.ssh/*
+      - /root/.ssh/*
+      - /etc/ssh/ssh_host*
+  
+  - name: Init for azure
+    shell: |
+      cloud-init clean
+      waagent -deprovision+user --force
+    when: cloud.stdout == 'azure'
+
+  when: init == '1' or init == 1
+
+# when ansible running as local, reboot can't use
+- name: Reboot 
+  reboot:
+  when: init == '0' or init == 0

apps/roles/role_end/tests/inventory

@@ -0,0 +1 @@
+localhost

apps/roles/role_end/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role_end

apps/roles/role_init/CHANGELOG.md

@@ -0,0 +1,21 @@
+# CHANGELOG
+
+## To do
+
+1. mongodb init can't connect in service: AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
+
+## Logs
+
+### Bug Fixes
+
+* 2020-09-17  set User=root, Group=root for init service
+* 2020-07-09  set TimeoutSec=120s on init-password for adapt some application, e.g canvas init need 50s
+* 2020-05-20  abandon rc.local, use systemd
+* 2020-05-15  去掉MongoDB随机密码中等待10s的操作
+
+### Features
+
+* 2020-08-03  add compose_commands items in docker init
+* 2020-06-25  add docker init
+* 2020-05-29  Optimize data construct, simplify the init_application
+* 2020-05-20  add init log to: /tmp/init_password.txt

apps/roles/role_init/License.md

@@ -0,0 +1,169 @@
+This program is released under LGPL-3.0 and with the additional Terms: 
+It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
+
+
+                    GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

apps/roles/role_init/Notes.md

@@ -0,0 +1,6 @@
+
+## Init-Docker
+
+当前的 command 适用于在 docker compose 之后运行。
+
+后期如果需要增加修改compose文件的命令，需增加新的键，例如：compose_commands

apps/roles/role_init/README.md

@@ -0,0 +1,187 @@
+Ansible Role: init
+=========
+
+本 Role 用于在 Cloud Installer 项目的随机密码处理，确保任何用户每一次安装都可以生成随机密码
+
+## Requirements
+
+运行本 Role，请确认符合如下的必要条件：
+
+| **Items**      | **Details** |
+| ------------------| ------------------|
+| Operating system | CentOS7.x Ubuntu AmazonLinux |
+| Python 版本 | Python2  |
+| Python 组件 |    |
+| Runtime | MySQL, MariaDB, PostgreSQL, MongoDB |
+
+
+## Related roles
+
+本 Role 在语法上引用了主变量，程序运行时需要确保已经运行： mysql | mariadb | postgresql | mongodb 等 Role。以 mysql 为例：
+
+```
+  roles:
+   - {role: role_common, tags: "role_common"}   
+   - {role: role_cloud, tags: "role_cloud"}
+   - {role: role_mysql, tags: "role_mysql"}
+   - {role: role_docker, tags: "role_docker"}
+   - {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
+   - {role: role_init_password, tags: "role_init_password"} 
+```
+
+
+## Variables
+
+本 Role 主要变量以及使用方法如下：
+
+| **Items**      | **Details** | **Format**  | **是否初始化** |
+| ------------------| ------------------|-----|-----|
+| init_db | 参考下方  | 字典 | 否 |
+| init_application | [...]   | 字典 | 否 |
+
+注意：
+1. init_db, init_application, init_docker 初始化在项目主变量文件中统一修改。
+2. 默认数据库管理员密码初始化范例（程序已经自动处理随机密码脚本与其service的先后关系）
+    ```
+    init_db: 
+      mongodb:
+        admin: root
+        users: ["react"]
+        password: "123456"
+
+    init_db: 
+      mysql:
+        admin: root
+        users: ["wordpress","discuz"]
+        password: "123456"
+
+    init_db: 
+      postgresql:
+        admin: postgres
+        users: ["wordpress","discuz"]
+        password: "123456"
+        service_before:
+        service_after: php-fpm.service
+    
+    init_db: 
+      postgresql:
+        admin: postgres
+        users: ["wordpress","discuz"]
+        password: "123456"
+        
+    init_db: 
+      mysql:
+        admin: root
+        users: ["discuz"]
+        password: "123456"  
+        config_paths:
+          - /data/wwwroot/discuz/upload/config/config_global_default.php
+          
+    init_db: 
+      mysql:
+        admin: root
+        users: ["discuz"]
+        password: "123456"  
+        config_paths:
+          - /data/wwwroot/discuz/upload/config/config_global_default.php
+        commands:
+          - sudo wp change -u default_account -p default_password to $new_password
+          - sudo systemctl restart xxxx 
+    ```
+3. 默认应用管理员密码初始范例（此方案只适用于修改文件）
+    ```
+    init_application:
+      wordpress:
+        username: admin
+        password: "123456"
+        service_before:
+        service_after: php-fpm.service
+        config_paths: 
+          - /data/wwwroot/wordpress/wp-config.php
+          - /data/wwwroot/wordpress/wp-config2.php
+        commands: 
+          - sudo wp change -u default_account -p default_password to $new_password
+          - sudo systemctl restart xxxx  
+          
+       discuz:   
+         username: admin
+         password: "123456"
+         service_before:
+         service_after: php-fpm.service
+         config_paths: 
+            - /data/wwwroot/wordpress/wp-config.php
+            - /data/wwwroot/wordpress/wp-config3.php
+         commands: 
+            - sudo wp change -u default_account -p default_password to $new_password
+            - sudo systemctl restart xxxx  
+       
+    init_application:
+      grafana:
+        username: admin
+        password: "admin"
+        service_before:
+        service_after: grafana-server
+        commands: 
+          - sudo grafana-cli admin reset-admin-password $new_password        
+    ```
+4. 默认Docker应用管理员密码初始范例（此方案适用于修改Docker相关）
+    ```
+    init_docker:
+      pgadmin:
+        admin_username: user@domain.com
+        admin_password: "SuperSecret"
+        service_after: "docker.service"
+        compose_path: "/data/apps/pgadmin/docker-compose.yml"
+        compose_commands:
+          - sudo sed -i "s/SuperSecret/$new_password/g" /data/apps/pgadmin/docker-compose.yml
+        
+    init_docker:
+      seafile:
+        admin_username: me@example.com
+        admin_password: "admin123"
+        db: mysql
+        db_name: seafile_db
+        db_username: root
+        db_password: "123456"
+        service_after: "docker.service"
+        compose_path: "/data/docker-compose.yml"
+        compose_commands:
+          - 'sudo sed -i "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=$new_password/g" /data/docker-compose.yml'
+          - 'sudo sed -i "s/DB_ROOT_PASSWD=.*/DB_ROOT_PASSWD=$new_password/g" /data/docker-compose.yml'
+          - 'sudo sed -i "s/SEAFILE_ADMIN_PASSWORD=.*/SEAFILE_ADMIN_PASSWORD=$new_password/g" /data/docker-compose.yml'
+        volumes: 
+          - /opt/seafile-mysql
+          - /opt/seafile-data
+        commands: 
+          - sudo sudo sh -c "cat /data/config/onlyoffice.conf 1>> /opt/seafile-data/seafile/conf/seahub_settings.py"
+          - sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/seahub_settings.py
+          - sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/ccnet.conf
+          - sudo docker restart seafile
+    ```
+
+## Example
+
+```
+- name: MySQL
+  hosts: all
+  become: yes
+  become_method: sudo 
+  vars_files:
+    - vars/main.yml 
+
+  roles:
+   - {role: role_common, tags: "role_common"}   
+   - {role: role_cloud, tags: "role_cloud"}
+   - {role: role_mysql, tags: "role_mysql"}
+   - {role: role_docker, tags: "role_docker"}
+   - {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
+   - {role: role_init_password, tags: "role_init_password"}
+   - {role: role_end, tags: "role_end"} 
+```
+
+## FAQ
+
+#### 采用哪种方式实现开机运行一次？
+
+systemd
+

apps/roles/role_init/defaults/main.yml

@@ -0,0 +1,38 @@
+# dictionary variable for interface
+init_db:
+init_application:
+init_docker:
+
+# init_db sample for you
+init_db_example: 
+  mysql:
+    admin: root
+    users: ["discuz"]
+    password: "123456"
+    service_before:
+    service_after:
+    config_paths:
+      - /data/wwwroot/discuz/upload/config/config_global_default.php
+    command:
+      - echo "hello world"
+
+# these meta data ony for inner coding, not for interface
+init_service_unit: 
+  mysql:
+    before: 
+    after: mysqld.service
+  mariadb:
+    before: 
+    after: mysqld.service
+  mongodb:
+    before: 
+    after: mongod.service
+  postgresql:
+    before:
+    after: postgresql.service
+  neo4j:
+    before:
+    after: neo4j.service
+    
+
+

apps/roles/role_init/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for initdb

apps/roles/role_init/meta/main.yml

@@ -0,0 +1,19 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: 
+  description:
+  company: 
+  license: 
+  min_ansible_version: 
+  platforms:
+    - name: EL
+      versions:
+        - 7
+    - name: Ubuntu
+      versions:
+        - 18.04
+
+  galaxy_tags:
+

apps/roles/role_init/tasks/main.yml

@@ -0,0 +1,38 @@
+- block:
+  - name: Create credentials Folder
+    file:
+      path: /credentials
+      state: directory
+
+  - name: Upload Databases Password
+    template:
+      src: password.txt.jinja2
+      dest: /credentials/password.txt
+      mode: 0640
+
+- name: Copy Init Script
+  template:
+    src: init.sh.jinja2
+    dest: /credentials/init.sh
+    mode: 0750
+    
+- name: Upload init-apps.service
+  template:
+    src: init-apps.service.jinja2
+    dest: /lib/systemd/system/init-apps.service
+
+- name: Enable service
+  service:
+    name: init-apps
+    enabled: yes
+
+- block: 
+  - name: Check init, if /credentials/* file not exist or no content, stop and exit Ansible
+    shell: |
+      [  -s /credentials/password.txt ] && [  -s /credentials/init.sh ] && init_initpasswd=true || init_initpasswd=false
+      echo $init_initpasswd
+    register: init_check
+
+  - name: Output error when init.sh fail
+    fail: msg="init role is not done,exit!"
+    when: init_check.stdout == "false"

apps/roles/role_init/templates/init-apps.service.jinja2

@@ -0,0 +1,53 @@
+[Unit]
+Description=Init image powered by Websoft9
+After=network.target systemd-networkd-wait-online.service
+{##############  init databases ##############}
+{% if init_db %}
+{% for dbs_name, dbs_attr in init_db.items() %}
+{% if init_service_unit[dbs_name].before is defined and init_service_unit[dbs_name].before is not none %}
+Before={{init_service_unit[dbs_name].before}}
+{% endif %}
+{% if dbs_attr.service_before is defined and dbs_attr.service_before is not none %}
+Before={{dbs_attr.service_before}}
+{% endif %}
+{% if init_service_unit[dbs_name].after is defined and init_service_unit[dbs_name].after is not none %}
+After={{init_service_unit[dbs_name].after}}
+{% endif %}
+{% if dbs_attr.service_after is defined and dbs_attr.service_after is not none %}
+After={{dbs_attr.service_after}}
+{% endif %}
+{% endfor %}
+{% endif %}
+{############## init applications ##############}
+{% if init_application %}
+{% for app_name,app_attr in init_application.items() %}
+{% if app_attr.service_before is defined and app_attr.service_before is not none %}
+Before={{app_attr.service_before}}
+{% endif %}
+{% if app_attr.service_after is defined and app_attr.service_after is not none %}
+After={{app_attr.service_after}}
+{% endif %}
+{% endfor %}
+{% endif %}
+{############## init docker applications ##############}
+{% if init_docker %}
+{% for docker_name,docker_attr in init_docker.items() %}
+{% if docker_attr.service_before is defined and docker_attr.service_before is not none %}
+Before={{docker_attr.service_before}}
+{% endif %}
+{% if docker_attr.service_after is defined and docker_attr.service_after is not none %}
+After={{docker_attr.service_after}}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+[Service]
+Type=simple
+TimeoutSec=120s
+ExecStart=-/bin/bash /credentials/init.sh
+ExecStartPost=/bin/systemctl disable init-apps
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target

apps/roles/role_init/templates/init.sh.jinja2

@@ -0,0 +1,199 @@
+#!/bin/bash
+# support special char [!"`$%()[]{},.*+-:;<=>?_~/|]
+new_password=$(pwgen -ncCs 14 1)!
+sudo sleep 10s
+sudo sh -c 'echo "init-password started at" $(date -d now)  1>> /tmp/init_debug.txt'
+
+#1 database password init
+{% if init_db %}
+{% for db_names,dbs in init_db.items() %}
+
+{% if db_names == 'mysql' or db_names == 'mariadb' %}
+sudo sh -c 'echo "init mysql&mariadb started at" $(date -d now)  1>> /tmp/init_debug.txt'
+mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h ::1 password $new_password
+mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h 127.0.0.1 password $new_password
+mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h localhost password $new_password
+
+{% if dbs.users is defined and dbs.users is not none %}
+{% for dbs_app_user in dbs.users %}
+{% if mysql_version == '8.0' %}
+echo "
+SET PASSWORD FOR {{dbs_app_user}} = '$new_password';
+" |mysql -uroot -p$new_password -h 127.0.0.1
+
+echo "
+SET PASSWORD FOR {{dbs_app_user}}@localhost = '$new_password';
+" |mysql -uroot -p$new_password -h 127.0.0.1
+{% else %}
+echo "
+SET PASSWORD FOR {{dbs_app_user}} = PASSWORD('$new_password');
+" |mysql -uroot -p$new_password -h 127.0.0.1
+
+echo "
+SET PASSWORD FOR {{dbs_app_user}}@localhost = PASSWORD('$new_password');
+" |mysql -uroot -p$new_password -h 127.0.0.1
+{% endif %}
+
+{% endfor %}
+{% endif %}
+sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if db_names == 'mongodb' %}
+sudo sh -c 'echo "init mongodb started at" $(date -d now)  1>> /tmp/init_debug.txt'
+echo "
+use admin
+db.changeUserPassword('{{dbs.admin}}', '${new_password}')
+exit
+" | mongo admin -u {{dbs.admin}} -p {{dbs.password}}
+{% if dbs.users is defined and dbs.users is not none %}
+{% for dbs_app_user in dbs.users %}
+echo "
+use admin
+db.changeUserPassword('{{dbs_app_user}}', '${new_password}')
+exit
+" | mongo admin -u {{dbs_app_user}} -p {{dbs.password}}
+{% endfor %}
+{% endif %}
+sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if db_names == 'rethinkdb' %}
+sudo sh -c 'echo "init rethinkdb started at" $(date -d now)  1>> /tmp/init_debug.txt'
+sudo sh -c 'echo "{{dbs.password}}" > /tmp/pw'
+echo  "r.db('rethinkdb').table('users').get('{{dbs.admin}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw
+{% if dbs.users is defined and dbs.users is not none %}
+{% for dbs_app_user in dbs.users %}
+echo  "r.db('rethinkdb').table('users').get('{{dbs_app_user}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw
+{% endfor %}
+{% endif %}
+sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
+sudo rm -f /tmp/pw
+{% endif %}
+
+
+{% if db_names == 'postgresql' %}
+sudo sh -c 'echo "init postgresql started at" $(date -d now)  1>> /tmp/init_debug.txt'
+echo "               
+ALTER USER {{dbs.admin}} WITH PASSWORD '${new_password}';
+" | sudo -u {{dbs.admin}} psql
+{% if dbs.users is defined and dbs.users is not none %}
+{% for dbs_app_user in dbs.users %}
+echo "               
+ALTER USER {{dbs_app_user}} WITH PASSWORD '${new_password}';
+" | sudo -u {{dbs.admin}} psql
+{% endfor %}
+{% endif %}
+sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if db_names == 'neo4j' %}
+sudo sh -c 'echo "init neo4j started at" $(date -d now)  1>> /tmp/init_debug.txt'
+
+# wait neo4j service started
+sleep 60
+
+while [ $? -eq 0 ]
+do
+  {% if neo4j_version <= '3.5' %}
+  echo " 
+  CALL dbms.changePassword('${new_password}');
+  " | cypher-shell -u {{dbs.admin}}  -p {{dbs.password}}
+  {% else %}
+  echo "
+  ALTER CURRENT USER SET PASSWORD FROM '{{dbs.password}}' TO '${new_password}';
+  " | cypher-shell -u {{dbs.admin}}  -p {{dbs.password}}  -d system
+  {% endif %}
+  echo ":exit" |cypher-shell -u neo4j  -p neo4j  -d system
+done
+
+sudo sed -i "s/neo4j administrator password:{{dbs.password}}/neo4j administrator password:$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if db_names == 'redis' %}
+sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if dbs.config_paths is defined and dbs.config_paths is not none  %}
+{% for path in dbs.config_paths %}
+sudo sed -i "s/{{dbs.password}}/$new_password/g" {{path}}
+{% endfor %}
+{% endif %}
+
+{% if dbs.commands is defined and dbs.commands is not none %}
+{% for cmd in dbs.commands %}
+{{cmd}}
+{% endfor %}
+{% endif %}
+
+{% endfor %}
+{% endif %}
+
+
+#2 application password init
+{% if init_application %}
+sudo sh -c 'echo "init application started at" $(date -d now)  1>> /tmp/init_debug.txt'
+{% for app_name,app_attr in init_application.items() %}
+
+{% if app_attr.config_paths is defined and app_attr.config_paths is not none %}
+{% for path in app_attr.config_paths %}
+sudo sed -i "s/{{app_attr.password}}/$new_password/g" {{path}}
+{% endfor %}
+{% endif %}
+
+{% if app_attr.commands is defined and app_attr.commands is not none %}
+{% for cmd in app_attr.commands %}
+{{cmd}}
+{% endfor %}
+{% endif %}
+
+sudo sed -i "s/{{ app_name }} administrator Password:.*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt
+{% endfor %}
+sudo sh -c 'echo "init application ended at" $(date -d now)  1>> /tmp/init_debug.txt'
+{% endif %}
+
+#3 docker password init
+{% if init_docker %}
+sudo sh -c 'echo "init docker started at" $(date -d now)  1>> /tmp/init_debug.txt'
+sudo systemctl restart docker
+{% for app_name,app_attr in init_docker.items() %}
+
+{% if app_attr.admin_password is defined and app_attr.admin_password is not none %}
+sudo sed -i "s/{{ app_name }} administrator Password: .*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if app_attr.db_password is defined and app_attr.db_password is not none %}
+sudo sed -i "s/database password:.*/database password:$new_password/g" /credentials/password.txt
+{% endif %}
+
+{% if app_attr.compose_path is defined and app_attr.compose_path is not none %}
+{% if app_attr.compose_down is not defined or app_attr.compose_down == True %}
+sudo docker compose -f {{app_attr.compose_path}} down -v
+sudo sleep 20s
+{% endif %}
+
+{% if app_attr.volumes is defined and app_attr.volumes is not none %}
+{% for volume in app_attr.volumes %}
+sudo rm -rf {{volume}}
+{% endfor %}
+{% endif %}
+
+{% if app_attr.compose_commands is defined and app_attr.compose_commands is not none %}
+{% for cmd in app_attr.compose_commands %}
+{{cmd}}
+{% endfor %}
+{% endif %}
+
+sudo docker compose -f {{app_attr.compose_path}} up -d --no-recreate
+sudo sleep 20s
+{% endif %}
+
+{% if app_attr.commands is defined and app_attr.commands is not none %}
+{% for cmd in app_attr.commands %}
+{{cmd}}
+{% endfor %}
+{% endif %}
+
+{% endfor %}
+sudo sh -c 'echo "init docker ended at" $(date -d now)  1>> /tmp/init_debug.txt'
+{% endif %}

apps/roles/role_init/templates/password.txt.jinja2

@@ -0,0 +1,50 @@
+{% if init_db %}
+{% for db_names,dbs in init_db.items() %}
+{{db_names}} administrator username:{{dbs.admin}}
+{{db_names}} administrator password:{{dbs.password}}
+{% if dbs.users is defined and dbs.users is not none %}
+{% for dbs_app_user in dbs.users %}
+
+--- {{db_names}} connections for your {{ dbs_app_user }} installation---
+database hostname: localhost or 127.0.0.1
+database name:{{dbs_app_user}}
+database username:{{dbs_app_user}}
+database password:{{dbs.password}}
+
+{% endfor %}
+{% endif %}
+
+---
+
+{% endfor %}
+{% endif %}
+
+{% if init_application %}
+{% for app_name,app_attr in init_application.items() %}
+### Username and Password for your {{ app_name }} login ###
+{% if app_attr.username is defined and app_attr.username is not none %}
+{{app_name}} administrator Username: {{app_attr.username}}
+{{app_name}} administrator Password: {{app_attr.password}}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if init_docker %}
+{% for app_name,app_attr in init_docker.items() %}
+
+{% if app_attr.admin_password is defined and app_attr.admin_password is not none %}
+### Username and Password for your {{ app_name }} login ###
+
+{{app_name}} administrator Username: {{app_attr.admin_username}}
+{{app_name}} administrator Password: {{app_attr.admin_password}}
+{% endif %}
+
+{% if app_attr.db_password is defined and app_attr.db_password is not none %}
+--- {{app_attr.db}} (Docker) connections for your {{app_name}} installation---
+database name:{{app_attr.db_name}}
+database username:{{app_attr.db_username}}
+database password:{{app_attr.db_password}}
+{% endif %}
+
+{% endfor %}
+{% endif %}

apps/roles/role_init/tests/inventory

@@ -0,0 +1 @@
+localhost

apps/roles/role_init/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role_init

apps/roles/role_nginx/CHANGELOG.md

@@ -0,0 +1,20 @@
+# CHANGELOG
+
+## To do
+
+1. certbot error on CentOS
+
+## Logs
+
+### Bug Fixes
+
+* 2020-10-07  add proxy_set_header for WebSockets
+* 2020-07-24  set nginx error log mode crit to error
+* 2020-05-12  update http://nginx.org/packages/ubuntu bionic InRelease' doesn't support  architecture i386, suggest：deb [arch=amd64] 
+
+### Features
+
+* 2020-07-10  Add username and password authority
+* 2020-07-04  Add certbot installation
+* 2020-06-02  Add username and password authority
+* 2020-02-14  repository created

apps/roles/role_nginx/License.md

@@ -0,0 +1,169 @@
+This program is released under LGPL-3.0 and with the additional Terms: 
+It is not allowed to publish free or paid image based on this program in any Cloud platform's Marketplace.
+
+
+                    GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

apps/roles/role_nginx/Notes.md

@@ -0,0 +1,26 @@
+## set  Random Password flow
+* cd /etc/nginx
+* echo "" > .htpasswd
+* sudo sh -c "echo -n 'admin:' >> /etc/nginx/.htpasswd"
+* sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"
+* systemctl restart nginx
+
+## NOTICE(human-computer interaction)
+* Password: 
+* Verifying - Password: 
+* [root@iZj6c5nu6jo58ryap26im7Z nginx]# cat .htpasswd
+* admin:$apr1$P8N3u5Q9$bt/HjzBaYvHS5PD.qG67q0
+
+## Nginx settings
+
+The easiest way to configure a performant, secure, and stable NGINX server.
+
+https://www.digitalocean.com/community/tools/nginx
+
+## Nginx support WebSockets
+```
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection upgrade;
+```
+
+

apps/roles/role_nginx/README.md

@@ -0,0 +1,67 @@
+Ansible Role: Nginx
+=========
+
+本 Role 用于在PHP运行环境下安装 [Nginx](http://nginx.org/)。
+
+## Requirements
+
+运行本 Role，请确认符合如下的必要条件：
+
+| **Items**      | **Details** |
+| ------------------| ------------------|
+| Operating system | CentOS7.x Ubuntu18.04 AmazonLinux |
+| Python 版本 | Python2  |
+| Python 组件 |    |
+| Runtime |  |
+
+
+## Related roles
+
+本 Role 在运行时需要确保已经运行：common。以 LNMP 为例：
+
+```
+roles:
+    - {role: role_common, tags: "role_common"}
+    - {role: role_nginx, tags: "role_nginx"}
+```
+
+
+## Variables
+
+本 Role 主要变量以及使用方法如下：
+
+| **Items**      | **Details** | **Format**  | **是否初始化** |
+| ------------------| ------------------|-----|-----|
+| nginx_vhost_mode | default.conf template, selected from [reverse,www,alias]  | String | No |
+| nginx_reverse_proxy_port | when use reverse template, this var must used  | String | No |
+| nginx_listen_port | "80"  | String | No |
+| nginx_htpasswd | True,False  | Boolean | No |
+
+Notes:
+
+
+## Example
+
+```
+- name: LNMP
+  hosts: all
+  become: yes
+  become_method: sudo 
+  vars_files:
+    - vars/main.yml 
+
+  roles:
+    - { role: role_common }
+    - { role: role_nginx }
+    ...
+```
+
+## FAQ
+
+
+#### How to set init for Ngnix password?
+
+```
+htpasswd -b /etc/nginx/.htpasswd username password
+systemctl restart nginx
+```

apps/roles/role_nginx/defaults/main.yml

@@ -0,0 +1,24 @@
+# wordpress | discuz | joomla , if you use Websoft9's php applicaiton repository, suggest you use the appname in the directory: /etc/nginx/conf.d/rewrite
+nginx_appname: "example"
+
+# reverse | alias | www | 
+nginx_vhost_mode: "www"
+
+# port for java/nodejs...  8080 | 3000, this var must used when [nginx_vhost_mode] is reverse
+nginx_reverse_proxy_port:
+
+# app root directory, this var must used when [nginx_vhost_mode] is www
+# if /data/wwwroot/{{nginx_appname}} in the templates is not suitable for you application, 
+# you should define complete directory, e.g /data/wwwroot/discuz/upload
+nginx_app_root:
+
+# default listen port of default.conf
+nginx_listen_port: "80"
+
+# nginx username and password swith True|False, default credentials is admin/admin
+
+#nginx_login_account: ["admin", "123456"]
+
+nginx_htpasswd: False
+
+nginx_certbot: True

apps/roles/role_nginx/files/htpasswd.conf

@@ -0,0 +1 @@
+admin:$apr1$BLrrqFt0$RSnXB9ezJ50l5BSk5mQNT1

apps/roles/role_nginx/files/nginx.conf

@@ -0,0 +1,52 @@
+user  nginx;
+worker_processes  auto;
+
+pid        /var/run/nginx.pid;
+worker_rlimit_nofile 51200;
+
+events {
+use epoll;
+worker_connections 51200;
+multi_accept on;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    charset UTF-8;
+    sendfile        on;
+    tcp_nopush     on;
+    tcp_nodelay on;
+    error_log /var/log/nginx/error.log error;
+    server_tokens  off;
+    client_max_body_size 0;
+    keepalive_timeout 120s;
+    client_header_timeout 120s;
+    client_body_timeout 120s;  
+    reset_timedout_connection on; 
+    send_timeout 10; 
+    limit_conn_zone $binary_remote_addr zone=addr:5m; 
+    limit_conn addr 100; 
+    server_names_hash_bucket_size 128;
+    client_header_buffer_size 32k;
+    large_client_header_buffers 4 32k;
+    fastcgi_connect_timeout 300;
+    fastcgi_send_timeout 300;
+    fastcgi_read_timeout 300;
+    fastcgi_buffer_size 64k;
+    fastcgi_buffers 4 64k;
+    fastcgi_busy_buffers_size 128k;
+    fastcgi_temp_file_write_size 256k;
+    gzip on;
+    gzip_disable   "MSIE [1-6]\.";
+    gzip_min_length  1k;
+    gzip_buffers     4 16k;
+    gzip_http_version 1.1;
+    gzip_comp_level 4;
+    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
+    gzip_vary on;
+    gzip_proxied   expired no-cache no-store private auth;
+        
+###################### Vhost ################################
+    include /etc/nginx/conf.d/*.conf;
+}

apps/roles/role_nginx/files/rewrite/discuz.conf

@@ -0,0 +1,12 @@
+rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
+rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
+rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
+rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
+rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
+rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
+rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
+rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
+rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
+#if (!-e $request_filename) {
+#  return 404;
+#}

apps/roles/role_nginx/files/rewrite/drupal.conf

@@ -0,0 +1,4 @@
+if (!-e $request_filename) {
+  rewrite ^/update.php(.*)$ /update.php?q=$1 last;
+  rewrite ^/(.*)$ /index.php?q=$1 last;
+}

apps/roles/role_nginx/files/rewrite/ecshop.conf

@@ -0,0 +1,31 @@
+if (!-e $request_filename) {
+  rewrite "^/index\.html" /index.php last;
+  rewrite "^/category$" /index.php last;
+  rewrite "^/feed-c([0-9]+)\.xml$" /feed.php?cat=$1 last;
+  rewrite "^/feed-b([0-9]+)\.xml$" /feed.php?brand=$1 last;
+  rewrite "^/feed\.xml$" /feed.php last;
+  rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5&page=$6&sort=$7&order=$8 last;
+  rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5 last;
+  rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3&sort=$4&order=$5 last;
+  rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3 last;
+  rewrite "^/category-([0-9]+)-b([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2 last;
+  rewrite "^/category-([0-9]+)(.*)\.html$" /category.php?id=$1 last;
+  rewrite "^/goods-([0-9]+)(.*)\.html" /goods.php?id=$1 last;
+  rewrite "^/article_cat-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /article_cat.php?id=$1&page=$2&sort=$3&order=$4 last;
+  rewrite "^/article_cat-([0-9]+)-([0-9]+)(.*)\.html$" /article_cat.php?id=$1&page=$2 last;
+  rewrite "^/article_cat-([0-9]+)(.*)\.html$" /article_cat.php?id=$1 last;
+  rewrite "^/article-([0-9]+)(.*)\.html$" /article.php?id=$1 last;
+  rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)\.html" /brand.php?id=$1&cat=$2&page=$3&sort=$4&order=$5 last;
+  rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2&page=$3 last;
+  rewrite "^/brand-([0-9]+)-c([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2 last;
+  rewrite "^/brand-([0-9]+)(.*)\.html" /brand.php?id=$1 last;
+  rewrite "^/tag-(.*)\.html" /search.php?keywords=$1 last;
+  rewrite "^/snatch-([0-9]+)\.html$" /snatch.php?id=$1 last;
+  rewrite "^/group_buy-([0-9]+)\.html$" /group_buy.php?act=view&id=$1 last;
+  rewrite "^/auction-([0-9]+)\.html$" /auction.php?act=view&id=$1 last;
+  rewrite "^/exchange-id([0-9]+)(.*)\.html$" /exchange.php?id=$1&act=view last;
+  rewrite "^/exchange-([0-9]+)-min([0-9]+)-max([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&integral_min=$2&integral_max=$3&page=$4&sort=$5&order=$6 last;
+  rewrite "^/exchange-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2&sort=$3&order=$4 last;
+  rewrite "^/exchange-([0-9]+)-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2 last;
+  rewrite "^/exchange-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1 last;
+}

apps/roles/role_nginx/files/rewrite/example.conf

@@ -0,0 +1 @@
+

apps/roles/role_nginx/files/rewrite/joomla.conf

@@ -0,0 +1,3 @@
+location / {
+  try_files $uri $uri/ /index.php?$args;
+}

apps/roles/role_nginx/files/rewrite/laravel.conf

@@ -0,0 +1,3 @@
+location / {
+  try_files $uri $uri/ /index.php?$query_string;
+}

apps/roles/role_nginx/files/rewrite/magento.conf

@@ -0,0 +1 @@
+

apps/roles/role_nginx/files/rewrite/nextcloud.conf

@@ -0,0 +1,82 @@
+#(可选)添加如下header主要为了安全
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
+add_header X-Download-Options noopen;
+add_header X-Permitted-Cross-Domain-Policies none;
+	
+#(可选)为了支持user_webfinger app
+rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+#这儿是为了支持日历和联系人，建议加上
+location = /.well-known/carddav {
+  return 301 $scheme://$host/remote.php/dav;
+}
+location = /.well-known/caldav {
+  return 301 $scheme://$host/remote.php/dav;
+}
+
+#设置上传文件的最大大小(还和php里的那个设置有关)
+client_max_body_size 512M;
+fastcgi_buffers 64 4K;
+
+#最主要的，将所有请求转发到index.php上
+location / {
+  rewrite ^ /index.php$uri;
+}
+
+#安全设置，禁止访问部分敏感内容
+location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+  deny all;
+}
+location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+  deny all;
+}
+
+#这部分吧，默认就有，不过有所不同，所以我合并了下，替换原来的就行
+location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+  fastcgi_split_path_info ^(.+\.php)(/.*)$;
+  fastcgi_param PATH_INFO $fastcgi_path_info;
+  fastcgi_param modHeadersAvailable true;
+  fastcgi_param front_controller_active true;
+  fastcgi_pass unix:/dev/shm/php-cgi.sock;
+  fastcgi_intercept_errors on;
+  fastcgi_request_buffering off;
+  include fastcgi.conf;
+}
+
+#安全设置，禁止访问部分敏感内容
+location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+  try_files $uri/ =404;
+  index index.php;
+}
+
+location ~ \.(?:css|js|woff|svg|gif)$ {
+  try_files $uri /index.php$uri$is_args$args;
+  add_header Cache-Control "public, max-age=15778463";
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Robots-Tag none;
+  add_header X-Download-Options noopen;
+  add_header X-Permitted-Cross-Domain-Policies none;
+  access_log off;
+}
+
+location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+  try_files $uri /index.php$uri$is_args$args;
+  access_log off;
+}
+
+location = /robots.txt {
+  allow all;
+  log_not_found off;
+  access_log off;
+}
+
+gzip on;
+gzip_vary on;
+gzip_comp_level 4;
+gzip_min_length 256;
+gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

apps/roles/role_nginx/files/rewrite/opencart.conf

@@ -0,0 +1,13 @@
+location = /sitemap.xml {
+  rewrite ^(.*)$ /index.php?route=feed/google_sitemap break;
+}
+location = /googlebase.xml {
+  rewrite ^(.*)$ /index.php?route=feed/google_base break;
+}
+location / {
+  # This try_files directive is used to enable SEO-friendly URLs for OpenCart
+  try_files $uri $uri/ @opencart;
+}
+location @opencart {
+  rewrite ^/(.+)$ /index.php?_route_=$1 last;
+}

apps/roles/role_nginx/files/rewrite/thinkcmf.conf

@@ -0,0 +1,13 @@
+# Rewrite rules from : https://www.kancloud.cn/thinkcmf/faq/493494
+
+location / {
+            index  index.php index.html index.htm;
+             #如果请求既不是一个文件，也不是一个目录，则执行一下重写规则
+             if (!-e $request_filename)
+             {
+                #地址作为将参数rewrite到index.php上。
+                rewrite ^/(.*)$ /index.php?s=$1;
+                #若是子目录则使用下面这句，将subdir改成目录名称即可。
+                #rewrite ^/subdir/(.*)$ /subdir/index.php?s=$1;
+             }
+        }

apps/roles/role_nginx/files/rewrite/thinkphp.conf

@@ -0,0 +1,6 @@
+location / {
+  if (!-e $request_filename) {
+    rewrite ^(.*)$ /index.php?s=$1 last;
+    break;
+  }
+}

apps/roles/role_nginx/files/rewrite/typecho.conf

@@ -0,0 +1,3 @@
+if (!-e $request_filename) {
+  rewrite ^(.*)$ /index.php$1 last;
+}

apps/roles/role_nginx/files/rewrite/wordpress.conf

@@ -0,0 +1,7 @@
+location / {
+  try_files $uri $uri/ /index.php?$args;
+}
+rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+location ~* ^/wp-content/uploads/.*\.php$ {
+  deny all;
+}

apps/roles/role_nginx/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: check_nginx_service
+  debug:
+    var: check_nginx_service.stdout

apps/roles/role_nginx/meta/main.yml

@@ -0,0 +1,19 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: 
+  description:
+  company: 
+  license: 
+  min_ansible_version: 
+  platforms:
+    - name: EL
+      versions:
+        - 7
+    - name: Ubuntu
+      versions:
+        - 18.04
+
+  galaxy_tags:
+

apps/roles/role_nginx/tasks/Debian.yml

@@ -0,0 +1,45 @@
+#1  install snap tools
+- block:
+  - name: Install snap tools
+    apt: 
+      name: snapd
+      update_cache: yes
+      
+  - name: Install and upgrade core 
+    shell: |
+      snap install core 
+      snap refresh core
+      ln -sf /snap /data
+    failed_when: false
+  when: nginx_certbot
+    
+#2 Install and config Nginx
+- name: import an official nginx signing key
+  apt_key: 
+    url: https://nginx.org/keys/nginx_signing.key
+    state: present
+
+- name: Import Nginx Official Repo
+  apt_repository:
+    repo: deb [arch=amd64] http://nginx.org/packages/ubuntu {{ansible_distribution_release}} nginx
+    filename: nginx
+    update_cache: yes
+
+- name: Install Nginx 
+  apt:
+    name: nginx
+
+- name: Install htpassword
+  apt: 
+    name: apache2-utils
+  when: nginx_login_account is defined and nginx_login_account != none
+
+- name: Change Directory Owner
+  file:
+    path: /data/{{item}}
+    state: directory
+    owner: www-data
+    group: www-data
+  with_items:
+    - wwwroot
+    - cert

apps/roles/role_nginx/tasks/RedHat.yml

@@ -0,0 +1,82 @@
+# install snap toos,
+- block:   
+  - name: Install snap tools
+    yum: 
+      name: snapd
+      update_cache: yes      
+  
+  - name: enable and create link for snap
+    shell: |
+      systemctl enable --now snapd.socket
+      ln -sf /var/lib/snapd/snap /snap
+      
+  - name: Install and upgrade core 
+    shell: |
+      snap install core 
+      snap refresh core
+      ln -sf /snap /data
+    failed_when: false
+  when: nginx_certbot
+  
+- block:
+  - name: Import Nginx Official stable Repo
+    yum_repository:
+      name: nginx-stable-repo
+      description: nginx stable repo
+      file: nginx-stable
+      baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
+      gpgcheck: yes
+      enabled: yes
+      gpgkey: https://nginx.org/keys/nginx_signing.key
+
+  - name: Import Nginx Official mainline Repo
+    yum_repository:
+      name: nginx-mainline-repo
+      description: nginx mainline repo
+      file: nginx-mainline
+      baseurl: http://nginx.org/packages/mainline/centos/$releasever/$basearch/
+      gpgcheck: yes
+      enabled: no
+      gpgkey: https://nginx.org/keys/nginx_signing.key
+  when: ansible_distribution == 'CentOS'
+
+- block:
+  - name: Import Nginx Official stable Repo
+    yum_repository:
+      name: nginx-stable-repo
+      description: nginx stable repo
+      file: nginx-stable
+      baseurl: http://nginx.org/packages/centos/7/$basearch/
+      gpgcheck: yes
+      enabled: yes
+      gpgkey: https://nginx.org/keys/nginx_signing.key
+
+  - name: Import Nginx Official mainline Repo
+    yum_repository:
+      name: nginx-mainline-repo
+      description: nginx mainline repo
+      file: nginx-mainline
+      baseurl: http://nginx.org/packages/mainline/centos/7/$basearch/
+      gpgcheck: yes
+      enabled: no
+      gpgkey: https://nginx.org/keys/nginx_signing.key
+  when: ansible_distribution == 'Amazon'
+
+- name: Install Nginx
+  yum:
+    name: nginx
+    
+- name: Install htpassword
+  yum: 
+    name: httpd-tools
+  when: nginx_login_account is defined and nginx_login_account != none
+  
+- name: Change Directory Owner
+  file:
+    path: /data/{{item}}
+    state: directory
+    owner: nginx
+    group: nginx
+  with_items:
+    - wwwroot
+    - cert

apps/roles/role_nginx/tasks/main.yml

@@ -0,0 +1,76 @@
+- name: Install this role on {{ansible_os_family}}
+  include: "{{ansible_os_family}}.yml"
+  
+# install Certbot for Nginx
+- name: Install certbot
+  shell: |
+    snap install --classic certbot
+    ln -sf /snap/bin/certbot /usr/bin/certbot
+  when: nginx_certbot
+  
+- name: Configure Nginx
+  copy:
+    src: nginx.conf
+    dest: /etc/nginx/
+
+- name: Create a Nginx Log symbolic link
+  file:
+    src: '{{item.src}}'
+    dest: '{{item.dest}}'
+    state: link
+  with_items:
+    - {src: /etc/nginx/conf.d,dest: /data/config/nginx}  
+    - {src: /var/log/nginx,dest: /data/logs/nginx}
+
+- name: Set Reverse proxy
+  template:
+    src: default.jinja2
+    dest: /etc/nginx/conf.d/default.conf
+
+- name: create nginx's Directory
+  file:
+    path: "{{item}}"
+    state: directory
+    recurse: true
+  loop:
+    - /etc/nginx/extra
+
+- block:
+  - name: Copy rewrite file
+    copy:
+      src: rewrite
+      dest: /etc/nginx/conf.d/
+
+  - name: Create nginx_appname.conf in /etc/nginx/conf.d/rewrite
+    shell: if [ ! $( ls | grep "{{nginx_appname}}") ]; then touch {{nginx_appname}}.conf ; fi
+    args:
+      chdir: /etc/nginx/conf.d/rewrite
+    
+# add new user and password on nginx
+- block: 
+  - name: Insert ngnix service password authority segment
+    blockinfile:
+      path: /etc/nginx/conf.d/default.conf
+      insertbefore: "}"
+      block: |
+        auth_basic "Restricted Content";
+        auth_basic_user_file /etc/nginx/.htpasswd;
+  - name: Init nginx password
+    shell: |
+      htpasswd -bc /etc/nginx/.htpasswd  {{nginx_login_account[0]}} {{nginx_login_account[1]}}
+  when: nginx_login_account is defined and nginx_login_account != none
+        
+- name: Start Nginx
+  service:
+    name: nginx
+    state: restarted
+    enabled: yes
+
+# display version and service state of components
+- name: Get Nginx version
+  shell: sudo sh -c "nginx -v 2>> /data/logs/install_version.txt"
+
+- name: Check Nginx Service
+  shell: systemctl status nginx | grep Active*
+  register: check_nginx_service
+  notify: check_nginx_service 

apps/roles/role_nginx/templates/default.jinja2

@@ -0,0 +1,91 @@
+{% if nginx_vhost_mode == 'reverse' or nginx_reverse_proxy_port  is not none %}
+server {
+    listen {{ nginx_listen_port }};
+    server_name {{nginx_appname}}.yourdomain.com;
+    location / {
+        proxy_pass  http://127.0.0.1:{{ nginx_reverse_proxy_port }};
+        proxy_redirect     off;
+        proxy_set_header   Host             $host;
+        proxy_set_header   X-Real-IP        $remote_addr;
+        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_max_temp_file_size 0;
+        proxy_connect_timeout      90;
+        proxy_send_timeout         90;
+        proxy_read_timeout         90;
+        proxy_buffer_size          4k;
+        proxy_buffers              4 32k;
+        proxy_busy_buffers_size    64k;
+        proxy_temp_file_write_size 64k;
+   }
+   error_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-error.log error;
+   access_log  /var/log/nginx/{{nginx_appname}}.yourdomain.com-access.log;
+
+   include extra/*.conf;
+   
+#------------- SSL Start --------------
+
+#------------- SSL End  ---------------
+}
+{% endif %}
+
+{% if nginx_vhost_mode == 'www' and nginx_reverse_proxy_port  is none %}
+server
+{
+    listen 80;
+    server_name {{nginx_appname}}.yourdomain.com;
+    index index.html index.htm index.php; 
+{% if nginx_app_root is not none %}
+    root  {{nginx_app_root}}; 
+{% else %}
+    root  /data/wwwroot/{{nginx_appname}}; 
+{% endif %}
+    error_log /var/log/nginx/{{nginx_appname}}.yourdomain.com-error.log error;
+    access_log  /var/log/nginx/{{nginx_appname}}.yourdomain.com-access.log;
+
+    include extra/*.conf;
+    include conf.d/rewrite/{{nginx_appname}}.conf;
+
+
+#------------- SSL Start --------------
+
+#------------- SSL End  ---------------
+}
+{% endif %}
+
+{% if nginx_vhost_mode == 'alias' %}
+server {
+    listen 80;
+    server_name {{nginx_appname}}.yourdomain.com;
+    index index.html index.htm index.php;
+    
+    location /{{nginx_appname}} {
+        alias /data/apps/{{nginx_appname}};
+        index index.php index.html;
+        location ~ ^/{{nginx_appname}}/.+\.php$ {
+            alias /data/apps/{{nginx_appname}};
+            fastcgi_pass  unix:/run/php-fpm.sock;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME /data/apps/$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$
+        {
+            expires      30d;
+            access_log off;
+        }
+        location ~ .*\.(js|css)$
+        {
+            expires      12h;
+            access_log off;
+        }
+
+        location ~* \.(ftpquota|htaccess|htpasswd|asp|aspx|jsp|asa|mdb)?$ {
+            deny all;
+        }
+    }
+}
+{% endif %}