Bring role up to spec (2.5+, Debian 9) and introduce LetsEncrypt support (#5)

* Bring role up to spec (2.5+) and introduce LetsEncrypt support
* Add Debian 9 support and fix script args chdir
* Use correct schema for travis and use command instead of script
* Make use of requirements.txt for build and fix syntax
* Got better at reading the docs now
* Minor improvements

.gitignore

@@ -0,0 +1 @@
+.idea

.travis.yml

@@ -12,18 +12,19 @@ addons:
     - python-pip
 
 install:
-  # Install ansible
-  - pip install ansible
+# Install requirements
+- pip install -r requirements.txt -U
 
-  # Check ansible version
-  - ansible --version
+# Check ansible version
+- ansible --version
 
-  # Create ansible.cfg with correct roles_path
-  - printf '[defaults]\nroles_path=../' >ansible.cfg
+# Create ansible.cfg with correct roles_path
+- printf '[defaults]\nroles_path=../' >ansible.cfg
 
 script:
-  # Basic role syntax check
-  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+# Basic role syntax check
+- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
 
 notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/
+  webhooks:
+    - https://galaxy.ansible.com/api/v1/notifications/

defaults/main.yml

@@ -10,143 +10,189 @@ directadmin_setup_path: /root
 directadmin_ethernet_device: eth0
 directadmin_custombuild_options_conf: # like http://yourdomain.com/options.conf
 directadmin_custombuild_version: 2.0
-directadmin_custombuild_path: /usr/local/directadmin/custombuild
+directadmin_path: /usr/local/directadmin/
+directadmin_config_path: "{{ directadmin_path }}conf/directadmin.conf"
+directadmin_custombuild_path: "{{ directadmin_path }}custombuild"
 directadmin_cache_timeout: 3600
+directadmin_letsencrypt: True
 
 # Packages - http://help.directadmin.com/item.php?id=354
 directadmin_debian6_packages:
-  - gcc
-  - g++
-  - make
-  - flex
-  - bison
-  - openssl
-  - libssl-dev
-  - perl
-  - perl-base
-  - perl-modules
-  - libperl-dev
-  - libaio1
-  - libaio-dev
-  - zlib1g
-  - zlib1g-dev
-  - libcap-dev
-  - bzip2
-  - automake
-  - autoconf
-  - libtool
-  - cmake
-  - pkg-config
-  - python
-  - libreadline-dev
-  - libdb4.8-dev
-  - libsasl2-dev
-  - patch
+- gcc
+- g++
+- make
+- flex
+- bison
+- openssl
+- libssl-dev
+- perl
+- perl-base
+- perl-modules
+- libperl-dev
+- libaio1
+- libaio-dev
+- zlib1g
+- zlib1g-dev
+- libcap-dev
+- bzip2
+- automake
+- autoconf
+- libtool
+- cmake
+- pkg-config
+- python
+- libreadline-dev
+- libdb4.8-dev
+- libsasl2-dev
+- patch
 
 directadmin_debian7_packages:
-  - gcc
-  - g++
-  - make
-  - flex
-  - bison
-  - openssl
-  - libssl-dev
-  - perl
-  - perl-base
-  - perl-modules
-  - libperl-dev
-  - libaio1
-  - libaio-dev
-  - zlib1g
-  - zlib1g-dev
-  - libcap-dev
-  - bzip2
-  - automake
-  - autoconf
-  - libtool
-  - cmake
-  - pkg-config
-  - python
-  - libdb-dev
-  - libsasl2-dev
-  - libncurses5-dev
-  - patch
+- gcc
+- g++
+- make
+- flex
+- bison
+- openssl
+- libssl-dev
+- perl
+- perl-base
+- perl-modules
+- libperl-dev
+- libaio1
+- libaio-dev
+- zlib1g
+- zlib1g-dev
+- libcap-dev
+- bzip2
+- automake
+- autoconf
+- libtool
+- cmake
+- pkg-config
+- python
+- libdb-dev
+- libsasl2-dev
+- libncurses5-dev
+- patch
 
 directadmin_debian8_packages:
-  - gcc
-  - g++
-  - make
-  - flex
-  - bison
-  - openssl
-  - libssl-dev
-  - perl
-  - perl-base
-  - perl-modules
-  - libperl-dev
-  - libaio1
-  - libaio-dev
-  - zlib1g
-  - zlib1g-dev
-  - libcap-dev
-  - bzip2
-  - automake
-  - autoconf
-  - libtool
-  - cmake
-  - pkg-config
-  - python
-  - libdb-dev
-  - libsasl2-dev
-  - libncurses5-dev
-  - libsystemd-dev
-  - bind9
-  - quota
-  - libsystemd-daemon0
-  - patch
-  - libjemalloc-dev
+- gcc
+- g++
+- make
+- flex
+- bison
+- openssl
+- libssl-dev
+- perl
+- perl-base
+- perl-modules
+- libperl-dev
+- libaio1
+- libaio-dev
+- zlib1g
+- zlib1g-dev
+- libcap-dev
+- bzip2
+- automake
+- autoconf
+- libtool
+- cmake
+- pkg-config
+- python
+- libdb-dev
+- libsasl2-dev
+- libncurses5-dev
+- libsystemd-dev
+- bind9
+- quota
+- libsystemd-daemon0
+- patch
+- libjemalloc-dev
+
+directadmin_debian9_packages:
+- autoconf
+- automake
+- bind9
+- bison
+- bsd-mailx
+- bzip2
+- cmake
+- cron
+- dnsutils
+- flex
+- g++
+- gcc
+- libaio-dev
+- libaio1
+- libc6-dev
+- libcap-dev
+- libcrypt-openssl-rsa-perl
+- libdb-dev
+- libexpat1-dev
+- libjemalloc-dev
+- libncurses5-dev
+- libnuma-dev
+- libnuma1
+- libperl-dev
+- libsasl2-dev
+- libssl-dev
+- libsystemd-dev
+- libtool
+- logrotate
+- make
+- openssl
+- patch
+- perl
+- perl-base
+- perl-modules
+- pkg-config
+- python
+- quota
+- rsyslog
+- zlib1g
+- zlib1g-dev
 
 directadmin_rhel_generic_packages:
-  - gcc
-  - gcc-c++
-  - flex
-  - bison
-  - make
-  - bind
-  - bind-libs
-  - bind-utils
-  - openssl
-  - openssl-devel
-  - perl
-  - quota
-  - libaio
-  - libcom_err-devel
-  - libcurl-devel
-  - gd
-  - zlib-devel
-  - zip
-  - unzip
-  - libcap-devel
-  - cronie
-  - bzip2
-  - cyrus-sasl-devel
-  - perl-ExtUtils-Embed
-  - autoconf
-  - automake
-  - libtool
-  - which
-  - patch
-  - mailx
-  - bzip2-devel
-  - lsof
+- gcc
+- gcc-c++
+- flex
+- bison
+- make
+- bind
+- bind-libs
+- bind-utils
+- openssl
+- openssl-devel
+- perl
+- quota
+- libaio
+- libcom_err-devel
+- libcurl-devel
+- gd
+- zlib-devel
+- zip
+- unzip
+- libcap-devel
+- cronie
+- bzip2
+- cyrus-sasl-devel
+- perl-ExtUtils-Embed
+- autoconf
+- automake
+- libtool
+- which
+- patch
+- mailx
+- bzip2-devel
+- lsof
 
 directadmin_rhel_packages:
-  - db4-devel
+- db4-devel
 
 directadmin_centos7_packages:
-  - psmisc
-  - net-tools
-  - systemd-devel
-  - libdb-devel
-  - perl-DBI
-  - xfsprogs
+- psmisc
+- net-tools
+- systemd-devel
+- libdb-devel
+- perl-DBI
+- xfsprogs

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart directadmin
+  service:
+    name: directadmin
+    state: restarted

meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: Gerben Geijteman
   description: Deploy DirectAdmin with Ansible
   company: Hyperized Hosting
   license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: 2.5
   platforms:
   - name: EL
     versions:
@@ -16,8 +17,9 @@ galaxy_info:
     - jessie
     - squeeze
     - wheezy
+    - stretch
   galaxy_tags:
-    - system
-    - web
-    - directadmin
+  - system
+  - web
+  - directadmin
 dependencies: []

requirements.txt

@@ -0,0 +1 @@
+ansible

tasks/letsencrypt.yml

@@ -0,0 +1,23 @@
+---
+- name: execute LetsEncrypt setup script
+  command: letsencrypt.sh request_single {{ directadmin_hostname }} 4096
+  args:
+    chdir: /usr/local/directadmin/scripts/
+  register: directadmin_letsencrypt_output
+
+- debug:
+    var: directadmin_letsencrypt_output.stdout_lines
+
+- name: enable SSL with LetsEncrypt for DirectAdmin
+  lineinfile:
+    path: directadmin_config_path
+  regexp: item.regexp
+  line: item.line
+  with_items:
+  - { regexp: '^SSL\=0' , line: 'SSL=1' }
+  - { regexp: '^carootcert=' , line: 'carootcert=/usr/local/directadmin/conf/carootcert.pem' }
+  - { regexp: '^force_hostname=' , line: "force_hostname={{ directadmin_hostname }}" }
+  - { regexp: '^ssl_redirect_host=' , line: "ssl_redirect_host={{ directadmin_hostname }}" }
+  - { regexp: '^letsencrypt=' , line: "letsencrypt=1" }
+  notify:
+  - restart directadmin

tasks/prerequisites-Debian.yml

@@ -6,8 +6,10 @@
     cache_valid_time: "{{ directadmin_cache_timeout }}"
     state: present
   with_items:
-    - "{{ directadmin_debian6_packages }}"
-  when: "ansible_distribution == 'Debian' and ansible_distribution_release == 'squeeze'"
+  - "{{ directadmin_debian6_packages }}"
+  when:
+  - ansible_distribution == 'Debian'
+  - ansible_distribution_release == 'squeeze'
 
 - name: Install dependencies for Debian 7 Wheezy
   apt:
@@ -16,8 +18,10 @@
     cache_valid_time: "{{ directadmin_cache_timeout }}"
     state: present
   with_items:
-    - "{{ directadmin_debian7_packages }}"
-  when: "ansible_distribution == 'Debian' and ansible_distribution_release == 'wheezy'"
+  - "{{ directadmin_debian7_packages }}"
+  when:
+  - ansible_distribution == 'Debian'
+  - ansible_distribution_release == 'wheezy'
 
 - name: Install dependencies for Debian 8 Jessie
   apt:
@@ -26,5 +30,19 @@
     cache_valid_time: "{{ directadmin_cache_timeout }}"
     state: present
   with_items:
+  - "{{ directadmin_debian9_packages }}"
+  when:
+  - ansible_distribution == 'Debian'
+  - ansible_distribution_release == 'jessie'
+
+  - name: Install dependencies for Debian 9 Stretch
+    apt:
+      name: "{{ item }}"
+      update_cache: yes
+      cache_valid_time: "{{ directadmin_cache_timeout }}"
+      state: present
+    with_items:
     - "{{ directadmin_debian8_packages }}"
-  when: "ansible_distribution == 'Debian' and ansible_distribution_release == 'jessie'"
+    when:
+    - ansible_distribution == 'Debian'
+    - ansible_distribution_release == 'jessie'

tasks/prerequisites-RedHat.yml

@@ -5,22 +5,26 @@
     update_cache: yes
     state: present
   with_items:
-    - "{{ directadmin_rhel_packages_generic }}"
+  - "{{ directadmin_rhel_generic_packages }}"
 
 - name: install everywhere but on CentOS7
-    yum:
+  yum:
     name: "{{ item }}"
     update_cache: yes
     state: present
   with_items:
-    - "{{ directadmin_rhel_packages }}"
-  when: ansible_distribution not 'CentOS' and ansible_distribution_version|version_compare('ne', 7)
+  - "{{ directadmin_rhel_packages }}"
+  when:
+  - ansible_distribution not 'CentOS'
+  - ansible_distribution_version is version(7, 'ne')
 
 - name: install CentOS 7 specific requirements
   yum:
     name: "{{ item }}"
-     update_cache: yes
+    update_cache: yes
     state: present
   with_items:
-    - "{{ directadmin_centos7_packages }}"
-  when: ansible_distribution == 'CentOS' and ansible_distribution_version|version_compare('=', 7)
+  - "{{ directadmin_centos7_packages }}"
+  when:
+  - ansible_distribution is 'CentOS'
+  - ansible_distribution_version is version(7, '=')

tasks/prerequisites.yml

@@ -5,9 +5,9 @@
     msg: "Variable: '{{ item }}' is not defined!"
   when: "{{ item }} is undefined or {{ item }} is none"
   with_items:
-    - directadmin_client_id
-    - directadmin_license_id
-    - directadmin_hostname
+  - directadmin_client_id
+  - directadmin_license_id
+  - directadmin_hostname
 
 # Ensure prerequisites are installed for supported OS
 - include: prerequisites-Debian.yml

tasks/setup.yml

@@ -14,28 +14,27 @@
     src: .custombuild.j2
     dest: "{{ directadmin_setup_path }}/.custombuild"
 
-- name: check if DA is already running on host
-  uri:
-    url: http://localhost:2222
-    return_content: no
-  register: da_present
+- name: check if DA is already present on host
+  stat:
+    path: "{{ directadmin_config_path }}"
+  register: directadmin_present
 
 - name: toggle whether to install DA or not
   set_fact:
     directadmin_install: False
-  when: da_present.status == 200
+  when: directadmin_present.stat.exists == True
 
 - block:
-    - name: ensure directadmin path if remote options file is used
-      file:
-        path: "{{ directadmin_custombuild_path }}"
-        recurse: yes
-        state: directory
+  - name: ensure directadmin path if remote options file is used
+    file:
+      path: "{{ directadmin_custombuild_path }}"
+      recurse: yes
+      state: directory
 
-    - name: try remote custombuild options file
-      get_url:
-        url: "{{ directadmin_custombuild_options_conf }}"
-        dest: "{{ directadmin_custombuild_path }}/options.conf"
+  - name: try remote custombuild options file
+    get_url:
+      url: "{{ directadmin_custombuild_options_conf }}"
+      dest: "{{ directadmin_custombuild_path }}/options.conf"
 
   when: directadmin_custombuild_options_conf is defined and directadmin_custombuild_options_conf is not none
 
@@ -54,6 +53,10 @@
     var: setup_output.stdout_lines
   when: directadmin_install
 
+- name: ensure Letsencrypt
+  include: letsencrypt.yml
+  when: directadmin_letsencrypt
+
 - debug:
     msg: "Directadmin is already installed and running, skipping.."
   when: not directadmin_install

tests/test.yml

@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - ansible-directadmin
+  - ansible-directadmin