update..

2023-04-06 11:53:54 +02:00
parent 912ec16cdb
commit 12c86849c2
59 changed files with 1065 additions and 102 deletions
--- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -62,7 +62,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -74,7 +74,7 @@ check_website=false
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
-mysql_credential_args="--login-path=local"
+mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf"


 # - Additional Settings for check_php_fpm
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf
@ -62,7 +62,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
@ -74,7 +74,7 @@ check_website=false
 # -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
 # -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
 # -
-mysql_credential_args="--login-path=local"
+mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf"


 # - Additional Settings for check_php_fpm
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
@ -93,7 +93,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-hosts
@ -70,3 +70,9 @@ convinceandconvert\.com$
 thelargest\.homes$
 eamyobai\.cfd$
 countryfields\.ca$
+urgencypasture\.shop$
+detectivecomics\.net$
+bell\.net$
+beheshtfoundation\.com$
+tohochina\.com$
+mailer-service\.de$
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-nets
@ -133,3 +133,16 @@
 103.114.162.0/24
 # US (u.a.versender50.com)
 204.152.197.0/24
+# US (u.a.vs-dienst.com)
+45.134.11.0/24
+212.83.56.0/24
+# US ( u.a. urgencypasture.shop)
+194.87.84.0/24
+# US ( u.a. dkdirekt.com)
+64.188.1.176/28
+# CA (Canada) (u.a. bell.net)
+209.71.192.0/18
+# HU (u.a. beheshtfoundation.com)
+83.137.158.0/24
+# US (u.a. josephraffael.com / auftrag@v-markt-direkt.com)
+64.188.4.0/22
--- a/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
+++ b/roles/common/files/mailserver/etc/postfix/postfwd.bl-sender
@ -92,4 +92,13 @@ firmen-infos\.com$
 ^info@webmeinung\.de$
 ^info@handel-versand\.com$
 ^order@direktversender\.net$
-versender.*.com$
+versender.*\.com$
+vs-dienst\.com$
+urgencypasture\.shop$
+dkdirekt\.com$
+nb\.sympatico\.ca$
+beheshtfoundation\.com$
+josephraffael\.com$
+v-markt-direkt\.com$
+mailer-service\.de$
+swissad\.biz$
--- a/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
@ -69,7 +69,7 @@ curl_check_host=127.0.0.1
 # - Example:
 # -    php_versions="5.4 5.6 7.0 7.1"
 # -
-php_versions="7.4"
+php_versions="8.1"

 # - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
 # - set the value given in your ping.path setting here. Give ping_path also
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -63,8 +63,10 @@
    state: restarted

 - name: Restart redis-server
+  vars:
+    _daemon: "{{ 'redis' if ansible_distribution == 'CentOS' else 'redis-server' }}"
  service:
-    name: redis-server
+    name: "{{ _daemon }}"
    state: restarted

 - name: Restart tor service
--- a/roles/common/tasks/basic.yml
+++ b/roles/common/tasks/basic.yml
@ -11,6 +11,8 @@
    name: "{{ item }}"
    state: present
  with_items: "{{ locales }}"
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - locales

@ -150,28 +152,38 @@

 - name: (basic.yml) install unattended-upgrades
  apt: pkg=unattended-upgrades state=present
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades

 - name: (basic.yml) install apt-listchanges
  apt: pkg=apt-listchanges state=present
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades

 - name: (basic.yml) remove apticron
  apt: pkg=apticron state=absent
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades

 - name: (basic.yml) check if /etc/apt/apt.conf.d/20auto-upgrades exists
  stat: path=/etc/apt/apt.conf.d/20auto-upgrades
  register: ua_enabled
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades

 - name: (basic.yml) activate unattended upgrades
  shell: DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true dpkg-reconfigure -plow unattended-upgrades
-  when: ua_enabled.stat.exists == False
+  when: 
+    - ansible_facts['distribution'] == "Debian"
+    - ua_enabled.stat.exists == False
  tags:
    - unattended-upgrades

@ -182,6 +194,8 @@
    owner: root
    group: root
    mode: 0644
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades

@ -193,5 +207,7 @@
    owner: root
    group: root
    mode: 0644
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - unattended-upgrades
--- a/roles/common/tasks/caching-nameserver.yml
+++ b/roles/common/tasks/caching-nameserver.yml
@ -1,11 +1,17 @@

 ---

+# ---
+# Install 'bind' apt based OS
+# ---
+
 - name: (caching-nameserver.yml) update
  apt:
    update_cache: true
    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
-  when: apt_update|bool
+  when:
+    - ansible_distribution == "Debian"
+    - apt_update|bool
  tags:
    - apt-caching-nameserver

@ -17,7 +23,9 @@
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
-  when: apt_dpkg_configure|bool
+  when:
+    - ansible_distribution == "Debian"
+    - apt_update|bool
  tags:
    - apt-caching-nameserver

@ -27,19 +35,52 @@
    upgrade: "{{ apt_upgrade_type }}"
    update_cache: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
-  when: apt_upgrade|bool
+  when:
+    - ansible_distribution == "Debian"
+    - apt_dpkg_configure|bool
  tags:
    - apt-caching-nameserver


- name: (caching-nameserver.yml) Install bind9 packages
+- name: (caching-nameserver.yml) Install bind packages (using apt)
  apt:
-    name: "{{ apt_bind9_pkgs }}"
+    name: "{{ apt_bind_pkgs }}"
    state: present
-  when: apt_install_bind9_packages|bool == true
+  when:
+    - ansible_distribution == "Debian"
+    - install_bind_packages|bool == true
  tags:
    - apt-caching-nameserver

+# ---
+# Install 'bind' - yum based OS
+# ---
+
+- name: (yum.yml) Install system updates for centos systems
+  yum:
+    name: '*'
+    state: latest
+    update_cache: yes
+    #cache_valid_time: 3600
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+  tags:
+    - yum-update
+
+- name: (yum.yml) Install bind packages (using yum)
+  yum:
+    name: "{{ yum_bind_pks }}"
+    state: "{{ yum_install_state }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+  tags:
+    - yum-caching-nameserver
+
+# ---
+# Configure bind on debian systems
+# --

 - name: (caching-nameserver.yml) Create directory /var/log/named if it does not exist
  file:
@ -48,6 +89,8 @@
    owner: bind
    group: bind
    mode: '0755'
+  when:
+    - ansible_distribution == "Debian"


 - name: (caching-nameserver.yml) update named.conf.options configuration file (normal server)
@ -64,6 +107,7 @@
    - apt-caching-nameserver
    - caching-nameserver
  when: 
+    - ansible_distribution == "Debian"
    - inventory_hostname not in groups["gateway_server"]

 # --------------------
@ -89,6 +133,7 @@
    - apt-caching-nameserver
    - caching-nameserver
  when: 
+    - ansible_distribution == "Debian"
    - inventory_hostname in groups["gateway_server"]
 #    - not file_named_conf_options.stat.exists

@ -107,4 +152,6 @@
    mode: '0644'
  tags:
    - apt-caching-nameserver
+  when: 
+    - ansible_distribution == "Debian"

--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -26,11 +26,26 @@
 #   apt-autoremove
 #   apt-clean
 - import_tasks: apt.yml
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags: apt

+#
+#    yum-update
+#    yum-base-install
+#    yum-initial-install
+- import_tasks: yum.yml
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+  tags: yum
+
+

 - import_tasks: tor.yml
-  when: inventory_hostname in groups['mail_server']
+  when:
+    - inventory_hostname in groups['mail_server']
+    - ansible_facts['distribution'] == "Debian"
  tags: 
    - tor-service

@ -44,6 +59,8 @@
 #  zsh-config
 #
 - import_tasks: shell.yml
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
     - shell-config
     - vim-config
@ -208,7 +225,23 @@
 # tags supportetd inside caching-nameserver.yml
 #
 # apt-caching-nameserver
+# yum-caching-nameserver
+#
 - import_tasks: caching-nameserver.yml
  when: groups['caching_nameserver']|string is search(inventory_hostname)
  tags: caching-nameserver

+
+- import_tasks: systemd-services_debian_based_OS.yml
+  when:
+    - ansible_os_family == "Debian"
+  tags:
+    - services
+
+
+- import_tasks: systemd-services_redhat_based_OS.yml
+  when:
+    - ansible_os_family == "RedHat"
+  tags:
+    - services
+
--- a/roles/common/tasks/redis-server.yml
+++ b/roles/common/tasks/redis-server.yml
@ -1,11 +1,17 @@

 ---

+- name: (redis-server.yml) Set var '_redis_conf'
+  set_fact:
+     _redis_conf: "{{ '/etc/redis.conf' if ansible_distribution == 'CentOS' else '/etc/redis/redis.conf' }}"
+
 - name: (redis-server.yml) update
  apt:
    update_cache: true
    cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
-  when: apt_update|bool
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_update|bool
  tags:
    - redis-server

@ -17,7 +23,9 @@
    warn: false
  changed_when: _dpkg_configure.stdout_lines | length
  register: _dpkg_configure
-  when: apt_dpkg_configure|bool
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_update|bool
  tags:
    - redis-server

@ -27,15 +35,30 @@
    upgrade: "{{ apt_upgrade_type }}"
    update_cache: true
    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
-  when: apt_upgrade|bool
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - apt_upgrade|bool
  tags:
    - redis-server


- name: (redis-server.yml) Install redis-server packages
+- name: (redis-server.yml) Install redis-server packages (debian system)
  apt:
    name: redis-server
    state: present
+  when:
+    - ansible_facts['distribution'] == "Debian"
+  tags:
+    - redis-server
+
+- name: (redis-server.yml) Install redis packages (centos system)
+  yum:
+    name: redis
+    state: latest
+    update_cache: yes
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
  tags:
    - redis-server

@ -79,23 +102,23 @@
  tags:
    - redis-server

- name: (redis-server.yml)  Check if file '/etc/redis/redis.conf.ORIG' exists
+- name: (redis-server.yml)  Check if redis configuration file exists
  stat:
-    path: /etc/redis/redis.conf.ORIG
+    path: "{{ _redis_conf }}.ORIG"
  register: redis_conf_exists
  tags:
    - redis-server

- name: (redis-server.yml) Backup existing file /etc/redis/redis.conf.
-  command: cp -a /etc/redis/redis.conf /etc/redis/redis.conf.ORIG
+- name: (redis-server.yml) Backup existing redis configuration file.
+  command: cp -a  "{{ _redis_conf }}" "{{ _redis_conf }}".ORIG
  when:
    - redis_conf_exists.stat.exists == False
  tags:
    - redis-server

- name: (redis-server.yml) adjust configuration '/etc/redis/redis.conf'
+- name: (redis-server.yml) adjust redis configuration 
  lineinfile:
-    dest: /etc/redis/redis.conf
+    dest: "{{ _redis_conf }}"
    regexp: "{{ item.regexp }}"
    insertafter: "{{ item.insertafter }}"
    line: "{{ item.key }} {{ item.val }}"
--- a/roles/common/tasks/samba-config-server.yml
+++ b/roles/common/tasks/samba-config-server.yml
@ -19,7 +19,7 @@
    path: "{{ item.path }}"
    owner: "root"
    group: "{{ item.group_write_list | default('root', true) }}"
-    mode: '2770'
+    mode: "{{ dir_create_mask | default('2770', true) }}"
    state: directory
    recurse: no
  with_items: "{{ samba_shares }}"
--- a/roles/common/tasks/systemd-services_debian_based_OS.yml
+++ b/roles/common/tasks/systemd-services_debian_based_OS.yml
@ -0,0 +1,61 @@
+---
+
+- name: (systemd-services.yml) Check if Service Exists (Debian based OS)
+  shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
+  changed_when: "service_exists.rc > 1"
+  failed_when: "service_exists.rc > 1"
+  register: service_exists
+  with_items: 
+    - "{{ debian_services_active_and_started }}"
+
+#- debug: msg="{{ service_exists.results }}"
+
+- name: (systemd-services.yml) Check if Service is disabled (Debian based OS)
+  shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service"  | grep -q "disabled";'
+  register: service_is_enabled
+  changed_when: "service_is_enabled.rc == 0"
+  failed_when: "service_is_enabled.rc > 1"
+  with_items: 
+    - "{{ service_exists.results }}"
+  loop_control:
+    label: '{{ item.item }}'
+  when: 
+    - item.rc == 0 
+
+#- debug: msg="{{ service_is_enabled.results }}"
+
+- name: (systemd-services.yml) Enable service
+  systemd:
+    name: "{{ item.item.item }}.service"
+    enabled: true
+  with_items:
+    - "{{ service_is_enabled.results }}"
+  loop_control:
+    label: '{{ item.item.item }}'
+  when:
+    - item.changed
+
+- name: (systemd-services.yml) Check if Service is active
+  shell: 'systemctl is-active {{ item.item }}.service'
+  register: service_is_active
+  changed_when: 'service_is_active.stdout == "inactive"'
+  failed_when: 'service_is_active.rc > 3'
+  with_items:
+    - "{{ service_exists.results }}"
+  loop_control:
+    label: '{{ item.item }}'
+  when:
+    - item.rc == 0
+
+
+
+- name: (systemd-services.yml) Start service
+  systemd:
+    name: "{{ item.item.item }}.service"
+    state: started
+  with_items:
+    - "{{ service_is_active.results }}"
+  loop_control:
+    label: '{{ item.item.item }}'
+  when:
+    - item.changed
--- a/roles/common/tasks/systemd-services_redhat_based_OS.yml
+++ b/roles/common/tasks/systemd-services_redhat_based_OS.yml
@ -0,0 +1,64 @@
+---
+
+- name: (systemd-services.yml) Check if Service Exists (RedHat based OS)
+  shell: 'systemctl list-unit-files | grep -q -e "^{{ item }}.service";'
+  changed_when: "service_exists.rc > 1"
+  failed_when: "service_exists.rc > 1"
+  register: service_exists
+  with_items: 
+    - "{{ redhat_services_active_and_started }}"
+  when: 
+    - ansible_os_family == "RedHat"
+
+#- debug: msg="{{ service_exists.results }}"
+
+- name: (systemd-services.yml) Check if Service is disabled (RedHat based OS)
+  shell: 'systemctl list-unit-files | grep -e "^{{ item.item }}.service"  | grep -q "disabled";'
+  register: service_is_enabled
+  changed_when: "service_is_enabled.rc == 0"
+  failed_when: "service_is_enabled.rc > 1"
+  with_items: 
+    - "{{ service_exists.results }}"
+  loop_control:
+    label: '{{ item.item }}'
+  when: 
+    - item.rc == 0 
+    - ansible_os_family == "RedHat"
+
+#- debug: msg="{{ service_is_enabled.results }}"
+
+- name: (systemd-services.yml) Enable service
+  systemd:
+    name: "{{ item.item.item }}.service"
+    enabled: true
+  with_items:
+    - "{{ service_is_enabled.results }}"
+  loop_control:
+    label: '{{ item.item.item }}'
+  when:
+    - item.changed
+
+- name: (systemd-services.yml) Check if Service is active
+  shell: 'systemctl is-active {{ item.item }}.service'
+  register: service_is_active
+  changed_when: 'service_is_active.stdout == "inactive"'
+  failed_when: 'service_is_active.rc > 3'
+  with_items:
+    - "{{ service_exists.results }}"
+  loop_control:
+    label: '{{ item.item }}'
+  when:
+    - item.rc == 0
+
+
+
+- name: (systemd-services.yml) Start service
+  systemd:
+    name: "{{ item.item.item }}.service"
+    state: started
+  with_items:
+    - "{{ service_is_active.results }}"
+  loop_control:
+    label: '{{ item.item.item }}'
+  when:
+    - item.changed
--- a/roles/common/tasks/users-systemfiles.yml
+++ b/roles/common/tasks/users-systemfiles.yml
@ -83,7 +83,7 @@
    - bash

 # --
-# Copy .profile
+# Copy .profile (Debian System)
 # ---

 - name: (users-systemfiles.yml) Check if users file '.profile.ORIG' exists
@ -93,6 +93,8 @@
  loop: "{{ default_user }}"
  loop_control:
    label: '{{ item.name }}'
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - profile

@ -101,7 +103,9 @@
  loop: "{{ profile_user_orig_exists.results }}"
  loop_control:
    label: '{{ item.item.name }}'
-  when: item.stat.exists == False 
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - item.stat.exists == False
  tags:
    - profile
    
@ -116,6 +120,7 @@
  loop_control:
    label: '{{ item.item.name }}'
  when:
+    - ansible_facts['distribution'] == "Debian"
    - item.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
  tags:
@ -125,12 +130,16 @@
  stat:
    path: /root/.profile.ORIG
  register: profile_root_orig_exists
+  when:
+    - ansible_facts['distribution'] == "Debian"
  tags:
    - profile

 - name: (users-systemfiles.yml) Backup existing users .profile file
  command: cp -a /root/.profile /root/.profile.ORIG
-  when: profile_root_orig_exists.stat.exists == False 
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - profile_root_orig_exists.stat.exists == False
  tags:
    - profile

@ -142,10 +151,87 @@
    group: root
    mode: 0644
  when: 
+    - ansible_facts['distribution'] == "Debian"
    - local_template_dir_root.stat.exists
    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
  tags:
    - profile
+
+# --
+# Copy .bash_profile (CentOS/Fedora?/RedHat? System)
+# ---
+
+- name: (users-systemfiles.yml) Check if users file '.bash_profile.ORIG' exists
+  stat:
+    path: "~{{ item.name }}/.bash_profile.ORIG"
+  register: bash_profile_user_orig_exists
+  loop: "{{ default_user }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) Backup existing users .bash_profile file
+  command: cp -a ~{{ item.item.name }}/.bash_profile ~{{ item.item.name }}/.bash_profile.ORIG
+  loop: "{{ bash_profile_user_orig_exists.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+    - item.stat.exists == False
+  tags:
+    - profile
+    
+- name: (users-systemfiles.yml) copy .bash_profile if it exists
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile') }}"
+    dest: "~{{ item.item.name }}/.bash_profile"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0644
+  loop: "{{  local_template_dir_default_user.results }}"
+  loop_control:
+    label: '{{ item.item.name }}'
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+    - item.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bash_profile')
+  tags:
+    - profile
+
+
+- name: (users-systemfiles.yml) Check if file '/root/.bash_profile.ORIG' exists
+  stat:
+    path: /root/.bash_profile.ORIG
+  register: profile_root_orig_exists
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) Backup existing users .bash_profile file
+  command: cp -a /root/.bash_profile /root/.bash_profile.ORIG
+  when:
+    - ansible_facts['distribution'] == "CentOS"
+    - profile_root_orig_exists.stat.exists == False
+  tags:
+    - profile
+
+- name: (users-systemfiles.yml) copy .bash_profile for user root
+  copy: 
+    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile') }}"
+    dest: "/root/.bash_profile"
+    owner: root
+    group: root
+    mode: 0644
+  when: 
+    - ansible_facts['distribution'] == "CentOS"
+    - local_template_dir_root.stat.exists
+    - lookup('fileglob', inventory_dir + '/files/homedirs/root/_bash_profile')
+  tags:
+    - profile
    
 # --
 # Copy .vimrc
--- a/roles/common/tasks/yum.yml
+++ b/roles/common/tasks/yum.yml
@ -0,0 +1,53 @@
+---
+
+- name: (yum.yml) Install system updates for centos systems
+  yum:
+    name: '*'
+    state: latest
+    update_cache: yes
+    #cache_valid_time: 3600
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+  tags:
+    - yum-update
+
+
+- name: Install the EPEL Repository in CentOS 7
+  yum:
+    name: epel-release
+    state: latest
+
+
+# Its more eficient to in
+- name: (yum.yml) Base install CentOS packages (CentOS 7)
+  yum:
+    name: "{{ yum_base_install_centos_7 }}"
+    state: "{{ yum_install_state }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "7"
+  tags:
+    - yum-base-install
+
+- name: (yum.yml) Initial install CentOS packages (CentOS 7)
+  yum:
+    name: "{{ yum_initial_install_centos_7 }}"
+    state: "{{ yum_install_state }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution == "CentOS"
+    - ansible_distribution_major_version == "7"
+  tags:
+    - yum-initial-install
+
+
+- name: (yum.yml) Install lxc_host related packages
+  yum:
+    name: "{{ yum_lxc_host_pkgs }}"
+    state: "{{ yum_install_state }}"
+  when:
+    - groups['lxc_host']|string is search(inventory_hostname)
+  tags:
+    - yum-lxc-hosts-pkgs
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfixadmin.conf.j2
@ -147,7 +147,7 @@ APACHE_SERVER_KEY="privkey.pem"
 # -    '/etc/mysql/debian.cnf' if MySQL is installed from debian package system
 # -    '/usr/local/mysql/sys-maint.cnf' otherwise
 # -
-#MYSQL_CREDENTIALS=""
+MYSQL_CREDENTIALS='{{ mysql_credentials | default(omit) }}'


 # - The wa passwords will be encrypted.