forked from stephenogg/playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test2.yml
63 lines (55 loc) · 2.16 KB
/
test2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
---
- name: omero-monitoring
hosts: omero_training
vars:
omerodir: /opt/omero/server/OMERO.server
venv_server: /opt/omero/server/venv3
password: 'omero'
omero_user: 'root'
host: 'localhost'
environment:
OMERODIR: "{{ omerodir }}"
PATH: "{{ venv_server }}/bin:{{ ansible_env.PATH }}"
tasks:
- name: Create omero-monitoring, a restricted admin who can export prometheus data
shell: "omero user add -a omero-monitoring omero-monitoring omero-monitoring system -P omero-monitoring --ignore-existing -s {{ host | quote }} -u {{ omero_user | quote }} --password {{ password | quote }}"
- name: Retrieve omero-monitoring's omero userid
become: true
become_user: postgres
community.general.postgresql_query:
db: omero
query: "select id from experimenter where firstname = 'omero-monitoring'"
register: result
tags: test
- name: Use omero-monitoroing's id to set restrictions to be a read-only light-admin
shell: "omero obj map-set Experimenter:{{result.query_result[0].id}} config AdminPrivilege:{{item}} false -s {{ host | quote }} -u {{ omero_user | quote }} --password {{ password | quote }}"
tags: test
with_items:
- Sudo
- WriteOwned
- WriteFile
- WriteManagedRepo
- DeleteOwned
- DeleteFile
- DeleteManagedRepo
- Chgrp
- Chown
- ModifyGroup
- ModifyUser
- ModifyGroupMembership
- WriteScriptRepo
- DeleteScriptRepo
# (Total cores / 2), leaving some for WSGI
- name: NGINX - Performance tuning - worker processes
become: true
replace:
dest: "/etc/nginx/nginx.conf"
regexp: '^worker_processes\s+\d+;'
replace: "worker_processes {{ ((ansible_processor_count * ansible_processor_cores) / 2) |round|int }};"
# cf https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration
- name: NGINX - Performance tuning - worker connections
become: true
replace:
path: "/etc/nginx/nginx.conf"
regexp: 'worker_connections\s+\d+;'
replace: "worker_connections 1024;"