From e93bdb2c915ac5044f15c8e15e9c64674770f06d Mon Sep 17 00:00:00 2001
From: Greg Harvey <greg.harvey@gmail.com>
Date: Mon, 13 Jan 2025 18:41:53 +0100
Subject: [PATCH 1/4] Catching docs-2.x up with 2.x (#2223)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Publish docs pr 2.x (#2193)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* r71115-default-ldap-ca-cert (#2197)

* Documentation update - 2.x (#2198)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Publish docs pr 2.x (#2203)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Publish docs pr 2.x (#2205)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Documentation update - 2.x (#2200)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Enhanced quick start pr 2.x (#2207)

* Added more generic firewall rules that might be useful.

* Added an update step to the installer.

* Providing some default playbooks people can use in ce-provision.

* Slight docs tweak for showtime!

* Documentation update - 2.x (#2208)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Enhanced quick start pr 2.x (#2211)

* Added more generic firewall rules that might be useful.

* Added an update step to the installer.

* Providing some default playbooks people can use in ce-provision.

* Slight docs tweak for showtime!

* Modernising hostname handling to use systemd.

* Switching default key type to ED25519 because it is supported by both Debian and GitLab.

* Switching to ED25519 SSH keys and adding hostname and hosts handling to installer.

* Adding iproute2 package so hosts role works.

* Also need an apt-get update in CI.

* Change of plan, stop hosts running in containers.

* Small inline docs change.

* Providing sane defaults for VPC security groups.

* Making key name dynamic in the installer.

* Error in variable namespace.

* Publish docs pr 2.x (#2216)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Publish docs pr 2.x (#2218)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Documentation update - 2.x (#2213)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Publish docs pr 2.x (#2220)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

---------

Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com>
Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>
Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Dionisio <dionisiofernandez83@gmail.com>
Co-authored-by: pascal <pascal.morin@codeenigma.com>
Co-authored-by: Jamie Wiseman <instanceofjamie@users.noreply.github.com>
Co-authored-by: mdecorniquet <43240244+mdecorniquet@users.noreply.github.com>
Co-authored-by: Matthieu Decorniquet <matthieu.decorniquet@codeenigma.com>
Co-authored-by: Dionisio <dionisio.fernandez@codeenigma.com>
Co-authored-by: Jean Pierre Dentone <jp@perudevops.com>
Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com>
Co-authored-by: tim <tymofii.sobchenko@codeenigma.com>
Co-authored-by: Nick Fawbert <nick.fawbert@codeenigma.com>
Co-authored-by: Miro Michalicka <miro.michalicka@gmail.com>
Co-authored-by: Miro Michalicka <miro.michalicka@jobiqo.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Sunil Odedra <122627205+sunilodedra@users.noreply.github.com>
Co-authored-by: Sunny <odedras@gmail.com>
Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com>
Co-authored-by: Matej Štajduhar <30931414+matej5@users.noreply.github.com>
Co-authored-by: Klaus Purer <klaus.purer@jobiqo.com>
Co-authored-by: Klaus Purer <klaus.purer@protonmail.ch>
Co-authored-by: Filip Rupic <123341158+filiprupic@users.noreply.github.com>
Co-authored-by: filip <filip.rupic@codeenigma.com>
---
 .../workflows/ce-provision-publish-docs.yml   |  31 ++--
 docs/roles/_init.md                           |   7 +
 docs/roles/aws/aws_ami.md                     |   2 +-
 docs/roles/aws/aws_vpc.md                     | 133 ++++++++++++++++--
 docs/roles/debian/ce_deploy.md                |   6 +-
 docs/roles/debian/ce_provision.md             |   6 +-
 docs/roles/debian/firewall_config.md          |  24 ++++
 install.sh                                    |  40 ++++--
 plays/aws_account/README.md                   |   3 +
 plays/aws_account/aws_account.yml             |  16 +++
 plays/aws_asg/README.md                       |  14 ++
 plays/aws_asg/ami.yml                         |  35 +++++
 plays/aws_asg/asg.yml                         |  25 ++++
 plays/aws_asg/cluster.yml                     |   5 +
 plays/aws_ec2_standalone/README.md            |   8 ++
 plays/aws_ec2_standalone/ami.yml              |  20 +++
 plays/aws_ec2_standalone/ec2.yml              |  24 ++++
 plays/aws_ec2_standalone/launch.yml           |  38 +++++
 plays/aws_ec2_standalone/mysql_client.yml     |  32 +++++
 plays/aws_ec2_standalone/provision.yml        |  29 ++++
 plays/aws_ec2_standalone/rds.yml              |  56 ++++++++
 plays/aws_ec2_standalone/server.yml           |  11 ++
 plays/aws_region/README.md                    |   3 +
 plays/aws_region/aws_region.yml               |  17 +++
 plays/controller/README.md                    |  31 ++++
 plays/controller/aws_controller.yml           |   7 +
 plays/controller/provision.yml                |  22 +++
 plays/deploy/README.md                        |  31 ++++
 plays/deploy/aws_deploy.yml                   |   7 +
 plays/deploy/provision.yml                    |  22 +++
 roles/_init/README.md                         |   7 +
 roles/_init/defaults/main.yml                 |   7 +
 roles/aws/aws_ami/README.md                   |   2 +-
 roles/aws/aws_ami/defaults/main.yml           |   2 +-
 roles/aws/aws_vpc/README.md                   | 133 ++++++++++++++++--
 roles/aws/aws_vpc/defaults/main.yml           | 133 ++++++++++++++++--
 roles/debian/ce_deploy/README.md              |   6 +-
 roles/debian/ce_deploy/defaults/main.yml      |   6 +-
 roles/debian/ce_provision/README.md           |   6 +-
 roles/debian/ce_provision/defaults/main.yml   |   6 +-
 roles/debian/firewall_config/README.md        |  24 ++++
 .../debian/firewall_config/defaults/main.yml  |  24 ++++
 roles/debian/hosts/tasks/main.yml             |  12 +-
 roles/debian/hosts/templates/hostname.j2      |   1 -
 roles/debian/pam_ldap/templates/ldap.conf.j2  |   4 +-
 45 files changed, 991 insertions(+), 87 deletions(-)
 create mode 100644 plays/aws_account/README.md
 create mode 100644 plays/aws_account/aws_account.yml
 create mode 100644 plays/aws_asg/README.md
 create mode 100644 plays/aws_asg/ami.yml
 create mode 100644 plays/aws_asg/asg.yml
 create mode 100644 plays/aws_asg/cluster.yml
 create mode 100644 plays/aws_ec2_standalone/README.md
 create mode 100644 plays/aws_ec2_standalone/ami.yml
 create mode 100644 plays/aws_ec2_standalone/ec2.yml
 create mode 100644 plays/aws_ec2_standalone/launch.yml
 create mode 100644 plays/aws_ec2_standalone/mysql_client.yml
 create mode 100644 plays/aws_ec2_standalone/provision.yml
 create mode 100644 plays/aws_ec2_standalone/rds.yml
 create mode 100644 plays/aws_ec2_standalone/server.yml
 create mode 100644 plays/aws_region/README.md
 create mode 100644 plays/aws_region/aws_region.yml
 create mode 100644 plays/controller/README.md
 create mode 100644 plays/controller/aws_controller.yml
 create mode 100644 plays/controller/provision.yml
 create mode 100644 plays/deploy/README.md
 create mode 100644 plays/deploy/aws_deploy.yml
 create mode 100644 plays/deploy/provision.yml
 delete mode 100644 roles/debian/hosts/templates/hostname.j2

diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml
index dceaf2687..b87f9afe5 100644
--- a/.github/workflows/ce-provision-publish-docs.yml
+++ b/.github/workflows/ce-provision-publish-docs.yml
@@ -8,16 +8,29 @@ on:
       - 1.x
       - 2.x
   workflow_dispatch:
+# Set target docs branch name
+env:
+  docs_branch: docs-${{ github.event.pull_request.base.ref }}
 
 jobs:
-  # Set the job key. The key is displayed as the job name
-  # when a job name is not provided
-  public-docs:
-    # Only run the job if it is not coming from a documentation branch
-    if: ${{ github.event.pull_request.head.ref != 'docs-${{ github.event.pull_request.base.ref }}' }}
-    # Name the Job
+  # See https://stackoverflow.com/a/74378072
+  set-docs-branch:
+    name: Make docs branch name available to publish-docs job
+    runs-on: ubuntu-latest
+    outputs:
+      docs_branch: ${{ steps.init.outputs.docs_branch }}
+
+    steps:
+      - name: Make environment variables global
+        id: init
+        run: |
+          echo "docs_branch=${{ env.docs_branch }}" >> $GITHUB_OUTPUT
+
+  publish-docs:
     name: Publish the ce-provision docs to GitHub
-    # Set the type of machine to run on
+    # Only run the job if it is not coming from a documentation branch
+    needs: set-docs-branch
+    if: ${{ github.event.pull_request.head.ref != needs.set-docs-branch.outputs.docs_branch }}
     runs-on: ubuntu-latest
 
     # Use our ce-dev Debian base container
@@ -47,8 +60,8 @@ jobs:
         run: |
           /bin/sh contribute/toc.sh
           /usr/bin/find . -name "*.md" | xargs git add
-          /usr/bin/git diff --quiet && git diff --staged --quiet || git commit -am "GitHub Actions - updating markdown docs - ${{ steps.date.outputs.date }}"
-          /usr/bin/git push
+          /usr/bin/git diff --staged --quiet || /usr/bin/git commit -am "GitHub Actions - updating markdown docs - ${{ github.event.repository.updated_at }}"
+          /usr/bin/git push origin docs-${{ github.event.pull_request.base.ref }}
 
       # Create docs pull request
       - name: Create documentation pull requests
diff --git a/docs/roles/_init.md b/docs/roles/_init.md
index e619e5656..7dd7ab3fb 100644
--- a/docs/roles/_init.md
+++ b/docs/roles/_init.md
@@ -22,6 +22,13 @@ _ce_ansible_timer_name: upgrade_ansible
 # Generally it is recommended to place these in your ce-provision-config repository under hosts/group_vars/all
 #_aws_profile: example # boto profile name
 #_aws_region: eu-west-1
+_aws_vpc_cidr_base: 10.0
+
+# AWS tags
+_aws_resource_name: "" # Name
+# _profile: web_server # Profile
+# _env_type: dev # Env
+# _infra_name: acme # Infra
 
 _init:
   # A list of var directories to include. We only support .yml extensions.
diff --git a/docs/roles/aws/aws_ami.md b/docs/roles/aws/aws_ami.md
index acc2f10e4..9ab978044 100644
--- a/docs/roles/aws/aws_ami.md
+++ b/docs/roles/aws/aws_ami.md
@@ -29,7 +29,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
-  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
+  public_key_name: id_ed25519.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs
diff --git a/docs/roles/aws/aws_vpc.md b/docs/roles/aws/aws_vpc.md
index a11d512ed..57ef8041c 100644
--- a/docs/roles/aws/aws_vpc.md
+++ b/docs/roles/aws/aws_vpc.md
@@ -10,23 +10,132 @@ aws_vpc:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
   name: example-vpc-2
-  cidr_block: "10.0.0.0/16"
+  cidr_block: "{{ _aws_vpc_cidr_base }}.0.0/16"
   # ipv6_cidr: true # uncomment to request an Amazon-provided IPv6 CIDR block with /56 prefix length.
   tags: {}
     #Type: "util"
   state: present
   assign_instances_ipv6: false
-  security_groups:
-    []
-    # - name: web - open
-    #   description: Allow all incoming traffic on ports 80 and 443
-    #   rules:
-    #     - proto: tcp
-    #       ports:
-    #         - 80
-    #         - 443
-    #       cidr_ip: 0.0.0.0/0
-    #       rule_desc: Allow all incoming traffic on ports 80 and 443
+  # List of security groups to create in this VPC, see below for example structure.
+  security_groups: "{{ _security_groups_defaults }}"
+
+# Load common security groups below into a list to use with the aws_vpc.security_groups variable.
+_security_groups_defaults:
+  - "{{ _common_security_groups.common_network }}"
+  - "{{ _common_security_groups.ssh_open }}"
+  - "{{ _common_security_groups.web_open }}"
+  - "{{ _common_security_groups.mailpit_open }}"
+  - "{{ _common_security_groups.ftp_open }}"
+  - "{{ _common_security_groups.sftp_open }}"
+  - "{{ _common_security_groups.ossec }}"
+  - "{{ _common_security_groups.openvpn }}"
+
+# Here is a set of example and commonly required security groups.
+# This closely follows our common firewall rules in roles/debian/firewall_config.
+_common_security_groups:
+  common_network:
+    name: common_network
+    description: Common network access configuration for all servers.
+    rules:
+      - proto: icmp
+        from_port: 8 # ICMP type (8 is IPv4 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow ICMP IPv4 ping.
+      - proto: icmp
+        from_port: 128 # ICMP type (128 is IPv6 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ipv6: "::/0"
+        rule_desc: Allow ICMP IPv6 ping.
+      - proto: tcp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16" # see _init - 10.0.0.0/16 by default
+        ports:
+          - 0-65535
+        rule_desc: Allow all tcp traffic on internal network.
+      - proto: udp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16"
+        ports:
+          - 0-65535
+        rule_desc: Allow all udp traffic on internal network.
+    rules_egress:
+      - proto: tcp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+          - 2049
+        rule_desc: Allow ports 1-1024 and 2049 for NFS over tcp as standard.
+      - proto: udp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+        rule_desc: Allow ports 1-1024 over udp as standard.
+  ssh_open:
+    name: ssh_open
+    description: Allow all incoming traffic on port 22.
+    rules:
+      - proto: tcp
+        ports:
+          - 22
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 22.
+  web_open:
+    name: web_open
+    description: Allow all incoming web traffic on ports 80 and 443.
+    rules:
+      - proto: tcp
+        ports:
+          - 80
+          - 443
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 80 and 443.
+  mailpit_open:
+    name: mailpit_open
+    description: Allow all incoming traffic on port 8025 for Mailpit.
+    rules:
+      - proto: tcp
+        ports:
+          - 8025
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 8025.
+  ftp_open:
+    name: ftp_open
+    description: Allow all incoming traffic on ports 20 and 21 for FTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 20
+          - 21
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 20 and 21.
+  sftp_open:
+    name: sftp_open
+    description: Allow all incoming traffic on ports 989 and 990 for sFTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 898
+          - 990
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 989 and 990.
+  ossec:
+    name: ossec
+    description: Allow all incoming traffic on ports 1514 and 1515 for OSSEC.
+    rules:
+      - proto: udp
+        ports:
+          - 1514
+          - 1515
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on ports 1514 and 1515.
+  openvpn:
+    name: openvpn
+    description: Allow all incoming traffic on port 1194 for OpenVPN.
+    rules:
+      - proto: udp
+        ports:
+          - 1194
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on port 1194.
 
 ```
 
diff --git a/docs/roles/debian/ce_deploy.md b/docs/roles/debian/ce_deploy.md
index 743cbf8cd..51083b275 100644
--- a/docs/roles/debian/ce_deploy.md
+++ b/docs/roles/debian/ce_deploy.md
@@ -20,9 +20,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"
diff --git a/docs/roles/debian/ce_provision.md b/docs/roles/debian/ce_provision.md
index 6de9e0e9b..b42f10c79 100644
--- a/docs/roles/debian/ce_provision.md
+++ b/docs/roles/debian/ce_provision.md
@@ -21,9 +21,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"
diff --git a/docs/roles/debian/firewall_config.md b/docs/roles/debian/firewall_config.md
index 1577b0c12..d91d889f4 100644
--- a/docs/roles/debian/firewall_config.md
+++ b/docs/roles/debian/firewall_config.md
@@ -61,6 +61,7 @@ firewall_config:
   rulesets:
     - ssh_open
     - web_open
+    - common_network # rule always needs to be last so the DROP rules in the OUTPUT chain get applied at the end
 
   # Ruleset definitions
   # Permitted rule lists
@@ -91,6 +92,29 @@ firewall_config:
   letsencrypt:
     firewall_allowed_tcp_ports:
       - "80"
+  # Standard ports for Prometheus outbound rules to allow scraping of exporters
+  prometheus_server_scraping:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 9100 -j ACCEPT" # allow scraping node exporter
+      - "iptables -A OUTPUT -p tcp --dport 9101 -j ACCEPT" # allow scraping process exporter
+      - "iptables -A OUTPUT -p tcp --dport 9093 -j ACCEPT" # allow posting to alertmanager
+      - "iptables -A OUTPUT -p tcp --dport 9115 -j ACCEPT" # allow scraping blackbox exporter
+  # Commonly required outbound ports for PHP web servers
+  common_web:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p udp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p tcp --dport 3306 -j ACCEPT" # allow MySQL
+  # Recommended general firewall settings
+  common_network:
+    firewall_additional_rules:
+      - "iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A INPUT -p icmp --icmp-type 128 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT" # ICMP ping out
+      - "iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" # established connections out
+      - "iptables -A OUTPUT -o lo -j ACCEPT" # allow all local traffic
+      - "iptables -A OUTPUT -p tcp --dport 1025:65535 -j DROP" # block high port tcp traffic outbound
+      - "iptables -A OUTPUT -p udp --dport 1025:65535 -j DROP" # block high port udp traffic outbound
   ossec:
     firewall_allowed_udp_ports:
       - "1514"
diff --git a/install.sh b/install.sh
index 0776988a7..8ecf56643 100755
--- a/install.sh
+++ b/install.sh
@@ -15,6 +15,7 @@ usage(){
   /usr/bin/echo '--user: Ansible controller user (default: controller)'
   /usr/bin/echo '--config: Git URL to your ce-provision Ansible config repository (default: https://github.com/codeenigma/ce-provision-config-example.git)'
   /usr/bin/echo '--config-branch: branch of your Ansible config repository to use (default: 2.x)'
+  /usr/bin/echo '--hostname: the server hostname to set (default: depends on system or provider)'
   /usr/bin/echo '--no-firewall: skip installing iptables with ports 22, 80 and 443 open'
   /usr/bin/echo '--gitlab: install GitLab CE on this server (default: no, set to desired GitLab address to install, e.g. gitlab.example.com)'
   /usr/bin/echo '--letsencrypt: try to create an SSL certificate with LetsEncrypt (requires DNS pointing at this server for provided GitLab URL)'
@@ -43,6 +44,10 @@ parse_options(){
           shift
           CONFIG_REPO_BRANCH="$1"
         ;;
+      "--hostname")
+          shift
+          SERVER_HOSTNAME="$1"
+        ;;
       "--gitlab")
           shift
           GITLAB_URL="$1"
@@ -83,11 +88,6 @@ SERVER_HOSTNAME=$(hostname)
 # Parse options.
 parse_options "$@"
 
-# Set the hostname for Git email to our GitLab URL, if set.
-if [ "$GITLAB_URL" != "no" ]; then
-  SERVER_HOSTNAME=$GITLAB_URL
-fi
-
 # Check root user.
 if [ "$(id -u)" -ne 0 ]
   then echo "Please run this script as root or using sudo!"
@@ -161,7 +161,9 @@ if [ ! -d "/home/$CONTROLLER_USER/ce-provision" ]; then
   /usr/bin/su - "$CONTROLLER_USER" -c "git clone --branch $CONFIG_REPO_BRANCH $CONFIG_REPO /home/$CONTROLLER_USER/ce-provision/config"
   /usr/bin/su - "$CONTROLLER_USER" -c "/usr/bin/ln -s /home/$CONTROLLER_USER/ce-provision/config/ansible.cfg /home/$CONTROLLER_USER/ce-provision/ansible.cfg"
 else
-  /usr/bin/echo "ce-provision directory at /home/$CONTROLLER_USER/ce-provision already exists. Skipping."
+  /usr/bin/echo "ce-provision directory at /home/$CONTROLLER_USER/ce-provision already exists. Updating."
+  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && git pull origin $VERSION"
+  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision/config && git pull origin $CONFIG_REPO_BRANCH"
   /usr/bin/echo "-------------------------------------------------"
 fi
 /usr/bin/mkdir -p "/home/$CONTROLLER_USER/ce-provision/galaxy/roles"
@@ -173,6 +175,10 @@ fi
   vars_files:
     - vars.yml
   tasks:
+    - name: Configure system hosts file.
+      ansible.builtin.import_role:
+        name: debian/hosts
+      when: not is_local
     - name: Install ce-provision.
       ansible.builtin.import_role:
         name: debian/ce_provision
@@ -186,6 +192,10 @@ EOL
 _domain_name: ${SERVER_HOSTNAME}
 _ce_provision_data_dir: /home/${CONTROLLER_USER}/ce-provision/data
 _ce_provision_username: ${CONTROLLER_USER}
+hosts_hostname: ${SERVER_HOSTNAME}
+hosts_entries:
+  - name: ${SERVER_HOSTNAME}
+    ip: 127.0.0.1
 ce_provision:
   venv_path: /home/${CONTROLLER_USER}/ce-python
   venv_command: /usr/bin/python3 -m venv
@@ -195,8 +205,8 @@ ce_provision:
   new_user: ${CONTROLLER_USER}
   username: ${CONTROLLER_USER}
   ssh_key_bits: "521"
-  ssh_key_type: ecdsa
-  public_key_name: id_ecdsa.pub
+  ssh_key_type: ed25519
+  public_key_name: id_ed25519.pub
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "${VERSION}"
   own_repository_skip_checkout: false
@@ -229,7 +239,7 @@ user_provision:
   groups:
     - bypass2fa
   ssh_keys:
-    - "{{ lookup('file', '/home/${CONTROLLER_USER}/ce-provision/data/localhost/home/${CONTROLLER_USER}/.ssh/id_ecdsa.pub') }}"
+    - "{{ lookup('file', '/home/${CONTROLLER_USER}/ce-provision/data/localhost/home/${CONTROLLER_USER}/.ssh/' + ce_provision.public_key_name) }}"
   ssh_private_keys: []
   known_hosts: []
   known_hosts_hash: true
@@ -294,6 +304,10 @@ if [ "$GITLAB_URL" != "no" ]; then
   vars_files:
     - vars.yml
   tasks:
+    - name: Configure system hosts file.
+      ansible.builtin.import_role:
+        name: debian/hosts
+      when: not is_local
     - name: Install GitLab Runner.
       ansible.builtin.import_role:
         name: debian/gitlab_runner
@@ -305,6 +319,12 @@ EOL
   /bin/cat >"/home/$CONTROLLER_USER/ce-provision/vars.yml" << EOL
 ---
 _domain_name: ${SERVER_HOSTNAME}
+hosts_hostname: ${SERVER_HOSTNAME}
+hosts_entries:
+  - name: ${SERVER_HOSTNAME}
+    ip: 127.0.0.1
+    aliases:
+      - ${GITLAB_URL}
 gitlab_runner:
   apt_origin: "origin=packages.gitlab.com/runner/gitlab-runner,codename=\${distro_codename},label=gitlab-runner" # used by apt_unattended_upgrades
   apt_signed_by: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
@@ -339,7 +359,7 @@ gitlab:
   private_projects: true
   unicorn_worker_processes: 2
   puma_worker_processes: 2
-  initial_root_password: "Ch@ng3m3"
+  initial_root_password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits') }}"
   ldap:
     enable: false
   mattermost: false
diff --git a/plays/aws_account/README.md b/plays/aws_account/README.md
new file mode 100644
index 000000000..b47a9d428
--- /dev/null
+++ b/plays/aws_account/README.md
@@ -0,0 +1,3 @@
+# Base playbook for configuring an AWS account.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/aws_account/aws_account.yml b/plays/aws_account/aws_account.yml
new file mode 100644
index 000000000..f6184b34c
--- /dev/null
+++ b/plays/aws_account/aws_account.yml
@@ -0,0 +1,16 @@
+---
+# Global infra setup.
+- hosts: localhost
+  connection: local
+  become: false
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+    # used for tagging
+    _profile: core
+    _env_type: core
+  roles:
+    - _init
+    - _meta/aws_account
+    - _exit
diff --git a/plays/aws_asg/README.md b/plays/aws_asg/README.md
new file mode 100644
index 000000000..9ee9b5757
--- /dev/null
+++ b/plays/aws_asg/README.md
@@ -0,0 +1,14 @@
+# Base playbooks for creating a new AWS ASG.
+For a standard ASG build just add `cluster.yml` to your environment play, like this:
+
+```yaml
+- import_playbook: "{{ _ce_provision_base_dir }}/plays/aws_asg/cluster.yml"
+  vars:
+    _aws_region: eu-west-1
+    _env_type: dev
+    _aws_resource_name: cluster-acme-com
+```
+
+If you have specific requirements for your AMIs you can copy these plays to your infra repository and alter them accordingly. Don't forget to copy/include `launch.yml` from the `_ec2_standalone` plays or orchestration of brand new clusters will fail.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/aws_asg/ami.yml b/plays/aws_asg/ami.yml
new file mode 100644
index 000000000..5a82deac5
--- /dev/null
+++ b/plays/aws_asg/ami.yml
@@ -0,0 +1,35 @@
+---
+# This is the provisioning for the AMI and will run inside a temporary instance using Packer.
+- hosts: default
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+    _profile: asg
+
+  tasks:
+    - name: Upgrade the system and update cache
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: true
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: _meta/aws_client_instance
+    - ansible.builtin.import_role:
+        name: _meta/webserver
+    - ansible.builtin.import_role:
+        name: debian/aws_efs_client
+    - ansible.builtin.import_role:
+        name: debian/squashfs
+    - ansible.builtin.import_role:
+        name: debian/mount_sync
+    - ansible.builtin.import_role:
+        name: debian/swap
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_asg/asg.yml b/plays/aws_asg/asg.yml
new file mode 100644
index 000000000..9a1367869
--- /dev/null
+++ b/plays/aws_asg/asg.yml
@@ -0,0 +1,25 @@
+---
+# Common ASG infra.
+- hosts: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+  connection: local
+  become: false
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+    _profile: asg
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+      run_once: true
+    - ansible.builtin.import_role:
+        name: aws/aws_ec2_autoscale_cluster
+      run_once: true
+    - ansible.builtin.import_role:
+        name: _exit
+      run_once: true
diff --git a/plays/aws_asg/cluster.yml b/plays/aws_asg/cluster.yml
new file mode 100644
index 000000000..9a2f93f03
--- /dev/null
+++ b/plays/aws_asg/cluster.yml
@@ -0,0 +1,5 @@
+---
+# Creates hosts entry so play isn't skipped.
+- ansible.builtin.import_playbook: ../aws_ec2_standalone/launch.yml
+# Spins up the cluster.
+- ansible.builtin.import_playbook: asg.yml
diff --git a/plays/aws_ec2_standalone/README.md b/plays/aws_ec2_standalone/README.md
new file mode 100644
index 000000000..7c7872193
--- /dev/null
+++ b/plays/aws_ec2_standalone/README.md
@@ -0,0 +1,8 @@
+# Base playbook for setting up a standalone EC2 instance.
+IMPORTANT: these plays deliberately exclude the `_init._profile` variable because it usually needs to be set at runtime or in a separate infrastructure config repo.
+
+The `server.yml` file is the 'main' play, to customise we suggest this is copied to an infra repo and renamed as `hostname.yml` e.g. `acme-dev1.yml`.  You also need to copy `provision.yml` so you can control what is provisioned. The `provision.yml` file is intended only as a model.
+
+If you want a separate RDS instance to pair with your EC2 instance then uncomment the last two play import lines in `server.yml`, however note you do need to sort out outbound firewall ports in iptables and a Security Group for inbound traffic to the RDS instance - usually port `3306` outbound from the EC2 instance in `firewall_config` and an SG that allows `3306` inbound to RDS.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/aws_ec2_standalone/ami.yml b/plays/aws_ec2_standalone/ami.yml
new file mode 100644
index 000000000..e2fa4297d
--- /dev/null
+++ b/plays/aws_ec2_standalone/ami.yml
@@ -0,0 +1,20 @@
+---
+# This is the bare provisioning for the AMI.
+- hosts: default
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: debian/user_provision
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_ec2_standalone/ec2.yml b/plays/aws_ec2_standalone/ec2.yml
new file mode 100644
index 000000000..84b2bcfbc
--- /dev/null
+++ b/plays/aws_ec2_standalone/ec2.yml
@@ -0,0 +1,24 @@
+---
+# First step. Spin up a "blank" instance from a fresh AMI.
+- hosts: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+  connection: local
+  become: false
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: aws/aws_ami
+    - ansible.builtin.import_role:
+        name: aws/aws_ec2_with_eip
+    - ansible.builtin.import_role:
+        name: _exit
+    - ansible.builtin.meta: refresh_inventory
diff --git a/plays/aws_ec2_standalone/launch.yml b/plays/aws_ec2_standalone/launch.yml
new file mode 100644
index 000000000..2d9f13ac6
--- /dev/null
+++ b/plays/aws_ec2_standalone/launch.yml
@@ -0,0 +1,38 @@
+---
+# Prepare the ground for a new EC2 machine
+- hosts: localhost
+  connection: local
+  become: false
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+    # copied from aws_ami.yml in group_vars/all because we do not want to load aws_ami vars yet
+    ami_groups:
+      - "all"
+      - "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+      - "_{{ _infra_name | regex_replace('-', '_') }}"
+      - "_{{ _env_type | regex_replace('-', '_') }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - name: Blank the _aws_hostname variable.
+      ansible.builtin.set_fact:
+        _aws_hostname: ""
+    - name: Check to see if an Ansible host exists.
+      ansible.builtin.set_fact:
+        _aws_hostname: "{{ item }}"
+      with_inventory_hostnames:
+        - "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+    - name: If an Ansible host is not found, create it so we can execute EC2 orchestration.
+      ansible.builtin.add_host:
+        name: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+        groups: "{{ ami_groups }}"
+      when: _aws_hostname | length == 0
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_ec2_standalone/mysql_client.yml b/plays/aws_ec2_standalone/mysql_client.yml
new file mode 100644
index 000000000..b39135fbc
--- /dev/null
+++ b/plays/aws_ec2_standalone/mysql_client.yml
@@ -0,0 +1,32 @@
+---
+- hosts: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: debian/user_deploy
+    # Look up RDS hostname
+    - name: Get information about an instance
+      community.aws.rds_instance_info:
+        region: "{{ _aws_region }}"
+        profile: "{{ _aws_profile }}"
+        db_instance_identifier: "{{ _aws_resource_name }}"
+      become: true
+      become_user: "{{ user_provision.username }}"
+      delegate_to: localhost # needs to run on controller
+      register: _database_info
+    # Install MySQL client
+    - ansible.builtin.import_role:
+        name: debian/mysql_client
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_ec2_standalone/provision.yml b/plays/aws_ec2_standalone/provision.yml
new file mode 100644
index 000000000..bbe70e8dd
--- /dev/null
+++ b/plays/aws_ec2_standalone/provision.yml
@@ -0,0 +1,29 @@
+---
+- hosts: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: ce_ldap_safelist
+    - ansible.builtin.import_role:
+        name: _meta/common_base
+    - ansible.builtin.import_role:
+        name: _meta/aws_client_instance
+    - ansible.builtin.import_role:
+        name: debian/ssh_server
+    - ansible.builtin.import_role:
+        name: debian/firewall_config
+    - ansible.builtin.import_role:
+        name: debian/swap
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_ec2_standalone/rds.yml b/plays/aws_ec2_standalone/rds.yml
new file mode 100644
index 000000000..5815bb2dd
--- /dev/null
+++ b/plays/aws_ec2_standalone/rds.yml
@@ -0,0 +1,56 @@
+---
+# Create an RDS instance.
+- hosts: "_{{ _aws_resource_name | regex_replace('-', '_') }}"
+  connection: local
+  become: false
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+
+    # Automate subnet fetching
+    - name: Create empty var to hold subnet IDs.
+      ansible.builtin.set_fact:
+        _aws_rds_vpc_subnet_ids: []
+
+    - name: Gather VPC information.
+      amazon.aws.ec2_vpc_net_info:
+        profile: "{{ aws_rds.aws_profile }}"
+        region: "{{ aws_rds.region }}"
+        filters:
+          "tag:Name": "{{ _infra_name }}"
+      register: _aws_rds_vpc
+
+    - name: Set the VPC id from name.
+      ansible.builtin.set_fact:
+        _aws_rds_vpc_id: "{{ _aws_rds_vpc.vpcs[0].vpc_id }}"
+
+    - name: Gather public subnet information.
+      amazon.aws.ec2_vpc_subnet_info:
+        profile: "{{ aws_rds.aws_profile }}"
+        region: "{{ aws_rds.region }}"
+        filters:
+          vpc-id: "{{ _aws_rds_vpc_id }}"
+          tag:Env: "{{ _env_type }}"
+          tag:Profile: "core"
+      register: _aws_rds_vpc_subnets
+
+    - name: Place subnet IDs in a list.
+      ansible.builtin.set_fact:
+        _aws_rds_vpc_subnet_ids: "{{ _aws_rds_vpc_subnet_ids + [item.subnet_id] }}"
+      loop: "{{ _aws_rds_vpc_subnets.subnets }}"
+
+    # Build the RDS instance.
+    - ansible.builtin.import_role:
+        name: aws/aws_rds
+
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/aws_ec2_standalone/server.yml b/plays/aws_ec2_standalone/server.yml
new file mode 100644
index 000000000..282a73f16
--- /dev/null
+++ b/plays/aws_ec2_standalone/server.yml
@@ -0,0 +1,11 @@
+# Prepares a host entry so the ec2.yml play succeeds.
+- ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/aws_ec2_standalone/launch.yml"
+# Spins up the instance.
+# We use the central _deploy role to provision the EC2 instance to avoid duplication.
+- ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/aws_ec2_standalone/ec2.yml"
+# Actual provisioning
+- ansible.builtin.import_playbook: provision.yml
+# RDS instance
+#- ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/aws_ec2_standalone/rds.yml"
+# MySQL client - needs to happen after RDS instance is created
+#- ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/aws_ec2_standalone/mysql_client.yml"
diff --git a/plays/aws_region/README.md b/plays/aws_region/README.md
new file mode 100644
index 000000000..8073b43fc
--- /dev/null
+++ b/plays/aws_region/README.md
@@ -0,0 +1,3 @@
+# Base playbook for configuring an AWS region.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/aws_region/aws_region.yml b/plays/aws_region/aws_region.yml
new file mode 100644
index 000000000..38974eeda
--- /dev/null
+++ b/plays/aws_region/aws_region.yml
@@ -0,0 +1,17 @@
+---
+# Global infra setup.
+- hosts: localhost
+  connection: local
+  become: false
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+    # used for tagging
+    _profile: core
+  roles:
+    - _init
+    - _meta/aws_region
+    - _exit
diff --git a/plays/controller/README.md b/plays/controller/README.md
new file mode 100644
index 000000000..f27e06a85
--- /dev/null
+++ b/plays/controller/README.md
@@ -0,0 +1,31 @@
+# Base playbook for setting up an infra controller.
+This playbook provides a model for managing an Ansible infra controller with ce-provision based at AWS.
+
+If your server is not in AWS or you are not using the AWS EC2 inventory plugin, you must ensure your server's hostname is in your Ansible hosts file (`config/hosts/hosts` or `hosts.yml`) and provide the same hostname in the `_provision_host` variable. Then call `provision.yml` directly, for example:
+
+```yaml
+---
+- name: Configure my controller server.
+  ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/controller/provision.yml"
+  vars:
+    _env_type: util
+    _provision_host: controller.acme.com
+    _profile: controller
+```
+
+If you are using the AWS EC2 inventory plugin and the Code Enigme recommended set-up, you must provide the `_aws_resource_name` variable - note, this is hyphenated, no dots - and call `aws_controller.yml`, for example:
+
+```yaml
+---
+- name: Configure my controller server at AWS.
+  ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/controller/aws_controller.yml"
+  vars:
+    _env_type: util
+    _aws_region: eu-west-1
+    _aws_resource_name: controller-acme-com
+    _profile: controller
+```
+
+This will create or find an EC2 instance with the AWS tag of `Name: controller-acme-com` which will be in an inventory group called `_controller_acme_com`.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/controller/aws_controller.yml b/plays/controller/aws_controller.yml
new file mode 100644
index 000000000..2c3380008
--- /dev/null
+++ b/plays/controller/aws_controller.yml
@@ -0,0 +1,7 @@
+---
+# Creates hosts entry so play isn't skipped.
+- ansible.builtin.import_playbook: ../aws_ec2_standalone/launch.yml
+# Spins up the instance.
+- ansible.builtin.import_playbook: ../aws_ec2_standalone/ec2.yml
+# Actual provisioning
+- ansible.builtin.import_playbook: provision.yml
diff --git a/plays/controller/provision.yml b/plays/controller/provision.yml
new file mode 100644
index 000000000..7ef6c54ea
--- /dev/null
+++ b/plays/controller/provision.yml
@@ -0,0 +1,22 @@
+---
+- hosts: "{{ _provision_host | default('_' + _aws_resource_name | regex_replace('-', '_')) }}"
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+    _profile: controller
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: _meta/aws_client_instance
+    - ansible.builtin.import_role:
+        name: _meta/controller
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/plays/deploy/README.md b/plays/deploy/README.md
new file mode 100644
index 000000000..498355b3e
--- /dev/null
+++ b/plays/deploy/README.md
@@ -0,0 +1,31 @@
+# Base playbook for setting up a deploy server.
+This playbook provides a model for managing an Ansible application deployment server with ce-deploy based at AWS.
+
+If your server is not in AWS or you are not using the AWS EC2 inventory plugin, you must ensure your server's hostname is in your Ansible hosts file (`config/hosts/hosts` or `hosts.yml`) and provide the same hostname in the `_provision_host` variable. Then call `provision.yml` directly, for example:
+
+```yaml
+---
+- name: Configure my deploy server.
+  ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/deploy/provision.yml"
+  vars:
+    _env_type: util
+    _provision_host: deploy.acme.com
+    _profile: deploy
+```
+
+If you are using the AWS EC2 inventory plugin and the Code Enigme recommended set-up, you must provide the `_aws_resource_name` variable - note, this is hyphenated, no dots - and call `aws_deploy.yml`, for example:
+
+```yaml
+---
+- name: Configure my deploy server at AWS.
+  ansible.builtin.import_playbook: "{{ _ce_provision_base_dir }}/plays/deploy/aws_deploy.yml"
+  vars:
+    _env_type: util
+    _aws_region: eu-west-1
+    _aws_resource_name: deploy-acme-com
+    _profile: deploy
+```
+
+This will create or find an EC2 instance with the AWS tag of `Name: deploy-acme-com` which will be in an inventory group called `_deploy_acme_com`.
+
+@TODO provide example infra repo for use with the AWS EC2 inventory plugin.
diff --git a/plays/deploy/aws_deploy.yml b/plays/deploy/aws_deploy.yml
new file mode 100644
index 000000000..2c3380008
--- /dev/null
+++ b/plays/deploy/aws_deploy.yml
@@ -0,0 +1,7 @@
+---
+# Creates hosts entry so play isn't skipped.
+- ansible.builtin.import_playbook: ../aws_ec2_standalone/launch.yml
+# Spins up the instance.
+- ansible.builtin.import_playbook: ../aws_ec2_standalone/ec2.yml
+# Actual provisioning
+- ansible.builtin.import_playbook: provision.yml
diff --git a/plays/deploy/provision.yml b/plays/deploy/provision.yml
new file mode 100644
index 000000000..4d4baac7e
--- /dev/null
+++ b/plays/deploy/provision.yml
@@ -0,0 +1,22 @@
+---
+- hosts: "{{ _provision_host | default('_' + _aws_resource_name | regex_replace('-', '_')) }}"
+  become: true
+
+  vars:
+    _init:
+      vars_dirs:
+        - "{{ _ce_provision_build_dir }}/vars/_global"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/_common"
+        - "{{ _ce_provision_build_dir }}/vars/_regions/{{ _aws_region }}/{{ _env_type }}"
+        - "{{ _ce_provision_build_dir }}/vars/{{ _aws_resource_name }}"
+    _profile: deploy
+
+  tasks:
+    - ansible.builtin.import_role:
+        name: _init
+    - ansible.builtin.import_role:
+        name: _meta/aws_client_instance
+    - ansible.builtin.import_role:
+        name: _meta/deploy
+    - ansible.builtin.import_role:
+        name: _exit
diff --git a/roles/_init/README.md b/roles/_init/README.md
index e619e5656..7dd7ab3fb 100644
--- a/roles/_init/README.md
+++ b/roles/_init/README.md
@@ -22,6 +22,13 @@ _ce_ansible_timer_name: upgrade_ansible
 # Generally it is recommended to place these in your ce-provision-config repository under hosts/group_vars/all
 #_aws_profile: example # boto profile name
 #_aws_region: eu-west-1
+_aws_vpc_cidr_base: 10.0
+
+# AWS tags
+_aws_resource_name: "" # Name
+# _profile: web_server # Profile
+# _env_type: dev # Env
+# _infra_name: acme # Infra
 
 _init:
   # A list of var directories to include. We only support .yml extensions.
diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml
index 5c2d85d42..cfee2615b 100644
--- a/roles/_init/defaults/main.yml
+++ b/roles/_init/defaults/main.yml
@@ -12,6 +12,13 @@ _ce_ansible_timer_name: upgrade_ansible
 # Generally it is recommended to place these in your ce-provision-config repository under hosts/group_vars/all
 #_aws_profile: example # boto profile name
 #_aws_region: eu-west-1
+_aws_vpc_cidr_base: 10.0
+
+# AWS tags
+_aws_resource_name: "" # Name
+# _profile: web_server # Profile
+# _env_type: dev # Env
+# _infra_name: acme # Infra
 
 _init:
   # A list of var directories to include. We only support .yml extensions.
diff --git a/roles/aws/aws_ami/README.md b/roles/aws/aws_ami/README.md
index acc2f10e4..9ab978044 100644
--- a/roles/aws/aws_ami/README.md
+++ b/roles/aws/aws_ami/README.md
@@ -29,7 +29,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
-  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
+  public_key_name: id_ed25519.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs
diff --git a/roles/aws/aws_ami/defaults/main.yml b/roles/aws/aws_ami/defaults/main.yml
index c828adaec..64908bacf 100644
--- a/roles/aws/aws_ami/defaults/main.yml
+++ b/roles/aws/aws_ami/defaults/main.yml
@@ -9,7 +9,7 @@ aws_ami:
   ami_name: "example"
   owner: "136693071363" # Global AWS account ID of owner, defaults to Debian official
   ssh_username: "admin"
-  public_key_name: id_ecdsa.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
+  public_key_name: id_ed25519.pub # from Debian 12 (Bookworm) onwards RSA keys, i.e. id_rsa.pub, are deprecated
   encrypt_boot: false
   # EBS volume options
   device_name: /dev/xvda # default for Debian AMIs
diff --git a/roles/aws/aws_vpc/README.md b/roles/aws/aws_vpc/README.md
index a11d512ed..57ef8041c 100644
--- a/roles/aws/aws_vpc/README.md
+++ b/roles/aws/aws_vpc/README.md
@@ -10,23 +10,132 @@ aws_vpc:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
   name: example-vpc-2
-  cidr_block: "10.0.0.0/16"
+  cidr_block: "{{ _aws_vpc_cidr_base }}.0.0/16"
   # ipv6_cidr: true # uncomment to request an Amazon-provided IPv6 CIDR block with /56 prefix length.
   tags: {}
     #Type: "util"
   state: present
   assign_instances_ipv6: false
-  security_groups:
-    []
-    # - name: web - open
-    #   description: Allow all incoming traffic on ports 80 and 443
-    #   rules:
-    #     - proto: tcp
-    #       ports:
-    #         - 80
-    #         - 443
-    #       cidr_ip: 0.0.0.0/0
-    #       rule_desc: Allow all incoming traffic on ports 80 and 443
+  # List of security groups to create in this VPC, see below for example structure.
+  security_groups: "{{ _security_groups_defaults }}"
+
+# Load common security groups below into a list to use with the aws_vpc.security_groups variable.
+_security_groups_defaults:
+  - "{{ _common_security_groups.common_network }}"
+  - "{{ _common_security_groups.ssh_open }}"
+  - "{{ _common_security_groups.web_open }}"
+  - "{{ _common_security_groups.mailpit_open }}"
+  - "{{ _common_security_groups.ftp_open }}"
+  - "{{ _common_security_groups.sftp_open }}"
+  - "{{ _common_security_groups.ossec }}"
+  - "{{ _common_security_groups.openvpn }}"
+
+# Here is a set of example and commonly required security groups.
+# This closely follows our common firewall rules in roles/debian/firewall_config.
+_common_security_groups:
+  common_network:
+    name: common_network
+    description: Common network access configuration for all servers.
+    rules:
+      - proto: icmp
+        from_port: 8 # ICMP type (8 is IPv4 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow ICMP IPv4 ping.
+      - proto: icmp
+        from_port: 128 # ICMP type (128 is IPv6 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ipv6: "::/0"
+        rule_desc: Allow ICMP IPv6 ping.
+      - proto: tcp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16" # see _init - 10.0.0.0/16 by default
+        ports:
+          - 0-65535
+        rule_desc: Allow all tcp traffic on internal network.
+      - proto: udp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16"
+        ports:
+          - 0-65535
+        rule_desc: Allow all udp traffic on internal network.
+    rules_egress:
+      - proto: tcp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+          - 2049
+        rule_desc: Allow ports 1-1024 and 2049 for NFS over tcp as standard.
+      - proto: udp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+        rule_desc: Allow ports 1-1024 over udp as standard.
+  ssh_open:
+    name: ssh_open
+    description: Allow all incoming traffic on port 22.
+    rules:
+      - proto: tcp
+        ports:
+          - 22
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 22.
+  web_open:
+    name: web_open
+    description: Allow all incoming web traffic on ports 80 and 443.
+    rules:
+      - proto: tcp
+        ports:
+          - 80
+          - 443
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 80 and 443.
+  mailpit_open:
+    name: mailpit_open
+    description: Allow all incoming traffic on port 8025 for Mailpit.
+    rules:
+      - proto: tcp
+        ports:
+          - 8025
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 8025.
+  ftp_open:
+    name: ftp_open
+    description: Allow all incoming traffic on ports 20 and 21 for FTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 20
+          - 21
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 20 and 21.
+  sftp_open:
+    name: sftp_open
+    description: Allow all incoming traffic on ports 989 and 990 for sFTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 898
+          - 990
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 989 and 990.
+  ossec:
+    name: ossec
+    description: Allow all incoming traffic on ports 1514 and 1515 for OSSEC.
+    rules:
+      - proto: udp
+        ports:
+          - 1514
+          - 1515
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on ports 1514 and 1515.
+  openvpn:
+    name: openvpn
+    description: Allow all incoming traffic on port 1194 for OpenVPN.
+    rules:
+      - proto: udp
+        ports:
+          - 1194
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on port 1194.
 
 ```
 
diff --git a/roles/aws/aws_vpc/defaults/main.yml b/roles/aws/aws_vpc/defaults/main.yml
index cc2ae84be..0642713d2 100644
--- a/roles/aws/aws_vpc/defaults/main.yml
+++ b/roles/aws/aws_vpc/defaults/main.yml
@@ -2,20 +2,129 @@ aws_vpc:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
   name: example-vpc-2
-  cidr_block: "10.0.0.0/16"
+  cidr_block: "{{ _aws_vpc_cidr_base }}.0.0/16"
   # ipv6_cidr: true # uncomment to request an Amazon-provided IPv6 CIDR block with /56 prefix length.
   tags: {}
     #Type: "util"
   state: present
   assign_instances_ipv6: false
-  security_groups:
-    []
-    # - name: web - open
-    #   description: Allow all incoming traffic on ports 80 and 443
-    #   rules:
-    #     - proto: tcp
-    #       ports:
-    #         - 80
-    #         - 443
-    #       cidr_ip: 0.0.0.0/0
-    #       rule_desc: Allow all incoming traffic on ports 80 and 443
+  # List of security groups to create in this VPC, see below for example structure.
+  security_groups: "{{ _security_groups_defaults }}"
+
+# Load common security groups below into a list to use with the aws_vpc.security_groups variable.
+_security_groups_defaults:
+  - "{{ _common_security_groups.common_network }}"
+  - "{{ _common_security_groups.ssh_open }}"
+  - "{{ _common_security_groups.web_open }}"
+  - "{{ _common_security_groups.mailpit_open }}"
+  - "{{ _common_security_groups.ftp_open }}"
+  - "{{ _common_security_groups.sftp_open }}"
+  - "{{ _common_security_groups.ossec }}"
+  - "{{ _common_security_groups.openvpn }}"
+
+# Here is a set of example and commonly required security groups.
+# This closely follows our common firewall rules in roles/debian/firewall_config.
+_common_security_groups:
+  common_network:
+    name: common_network
+    description: Common network access configuration for all servers.
+    rules:
+      - proto: icmp
+        from_port: 8 # ICMP type (8 is IPv4 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow ICMP IPv4 ping.
+      - proto: icmp
+        from_port: 128 # ICMP type (128 is IPv6 echo)
+        to_port: -1 # ICMP subtype (-1 for any)
+        cidr_ipv6: "::/0"
+        rule_desc: Allow ICMP IPv6 ping.
+      - proto: tcp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16" # see _init - 10.0.0.0/16 by default
+        ports:
+          - 0-65535
+        rule_desc: Allow all tcp traffic on internal network.
+      - proto: udp
+        cidr_ip: "{{ _aws_vpc_cidr_base }}.0.0/16"
+        ports:
+          - 0-65535
+        rule_desc: Allow all udp traffic on internal network.
+    rules_egress:
+      - proto: tcp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+          - 2049
+        rule_desc: Allow ports 1-1024 and 2049 for NFS over tcp as standard.
+      - proto: udp
+        cidr_ip: 0.0.0.0/0
+        ports:
+          - 1-1024
+        rule_desc: Allow ports 1-1024 over udp as standard.
+  ssh_open:
+    name: ssh_open
+    description: Allow all incoming traffic on port 22.
+    rules:
+      - proto: tcp
+        ports:
+          - 22
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 22.
+  web_open:
+    name: web_open
+    description: Allow all incoming web traffic on ports 80 and 443.
+    rules:
+      - proto: tcp
+        ports:
+          - 80
+          - 443
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 80 and 443.
+  mailpit_open:
+    name: mailpit_open
+    description: Allow all incoming traffic on port 8025 for Mailpit.
+    rules:
+      - proto: tcp
+        ports:
+          - 8025
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on port 8025.
+  ftp_open:
+    name: ftp_open
+    description: Allow all incoming traffic on ports 20 and 21 for FTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 20
+          - 21
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 20 and 21.
+  sftp_open:
+    name: sftp_open
+    description: Allow all incoming traffic on ports 989 and 990 for sFTP.
+    rules:
+      - proto: tcp
+        ports:
+          - 898
+          - 990
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming tcp traffic on ports 989 and 990.
+  ossec:
+    name: ossec
+    description: Allow all incoming traffic on ports 1514 and 1515 for OSSEC.
+    rules:
+      - proto: udp
+        ports:
+          - 1514
+          - 1515
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on ports 1514 and 1515.
+  openvpn:
+    name: openvpn
+    description: Allow all incoming traffic on port 1194 for OpenVPN.
+    rules:
+      - proto: udp
+        ports:
+          - 1194
+        cidr_ip: 0.0.0.0/0
+        rule_desc: Allow all incoming udp traffic on port 1194.
diff --git a/roles/debian/ce_deploy/README.md b/roles/debian/ce_deploy/README.md
index 743cbf8cd..51083b275 100644
--- a/roles/debian/ce_deploy/README.md
+++ b/roles/debian/ce_deploy/README.md
@@ -20,9 +20,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"
diff --git a/roles/debian/ce_deploy/defaults/main.yml b/roles/debian/ce_deploy/defaults/main.yml
index b4af9748b..c54c30192 100644
--- a/roles/debian/ce_deploy/defaults/main.yml
+++ b/roles/debian/ce_deploy/defaults/main.yml
@@ -12,9 +12,9 @@ ce_deploy:
   # Other ce-deploy settings.
   aws_support: true # installs boto3
   new_user: true # set to false if user already exists or is ephemeral, e.g. an LDAP user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   username: "{{ _ce_deploy.username }}"
   own_repository: "https://github.com/codeenigma/ce-deploy.git"
   own_repository_branch: "master"
diff --git a/roles/debian/ce_provision/README.md b/roles/debian/ce_provision/README.md
index 6de9e0e9b..b42f10c79 100644
--- a/roles/debian/ce_provision/README.md
+++ b/roles/debian/ce_provision/README.md
@@ -21,9 +21,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"
diff --git a/roles/debian/ce_provision/defaults/main.yml b/roles/debian/ce_provision/defaults/main.yml
index a0048a3bf..121244dee 100644
--- a/roles/debian/ce_provision/defaults/main.yml
+++ b/roles/debian/ce_provision/defaults/main.yml
@@ -12,9 +12,9 @@ ce_provision:
   new_user: "{{ _init.ce_provision_new_user }}" # see _init defaults, set to false if user already exists or is ephemeral, e.g. an LDAP user
   username: "{{ _ce_provision_username }}" # see _init defaults
   #uid: "{{ _init.ce_provision_uid }}" # see _init defaults, optionally hardcode the UID for this user
-  ssh_key_bits: "521" # recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
-  ssh_key_type: ecdsa # set to rsa to create an RSA key
-  public_key_name: id_ecdsa.pub # this might be id_rsa.pub for RSA keys, existing users may have a key of a different name
+  ssh_key_bits: "521" # ignored for ED25519 keys, recommended to use 4096 for RSA keys, 521 is the maximum for ECDSA keys
+  ssh_key_type: ed25519 # set to rsa to create an RSA key or ecdsa to create an ECDSA key
+  public_key_name: id_ed25519.pub # this might be id_rsa.pub for RSA keys or id_ecdsa.pub for ECDSA keys, existing users may have a key of a different name
   # Main repo.
   own_repository: "https://github.com/codeenigma/ce-provision.git"
   own_repository_branch: "master"
diff --git a/roles/debian/firewall_config/README.md b/roles/debian/firewall_config/README.md
index 1577b0c12..d91d889f4 100644
--- a/roles/debian/firewall_config/README.md
+++ b/roles/debian/firewall_config/README.md
@@ -61,6 +61,7 @@ firewall_config:
   rulesets:
     - ssh_open
     - web_open
+    - common_network # rule always needs to be last so the DROP rules in the OUTPUT chain get applied at the end
 
   # Ruleset definitions
   # Permitted rule lists
@@ -91,6 +92,29 @@ firewall_config:
   letsencrypt:
     firewall_allowed_tcp_ports:
       - "80"
+  # Standard ports for Prometheus outbound rules to allow scraping of exporters
+  prometheus_server_scraping:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 9100 -j ACCEPT" # allow scraping node exporter
+      - "iptables -A OUTPUT -p tcp --dport 9101 -j ACCEPT" # allow scraping process exporter
+      - "iptables -A OUTPUT -p tcp --dport 9093 -j ACCEPT" # allow posting to alertmanager
+      - "iptables -A OUTPUT -p tcp --dport 9115 -j ACCEPT" # allow scraping blackbox exporter
+  # Commonly required outbound ports for PHP web servers
+  common_web:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p udp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p tcp --dport 3306 -j ACCEPT" # allow MySQL
+  # Recommended general firewall settings
+  common_network:
+    firewall_additional_rules:
+      - "iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A INPUT -p icmp --icmp-type 128 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT" # ICMP ping out
+      - "iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" # established connections out
+      - "iptables -A OUTPUT -o lo -j ACCEPT" # allow all local traffic
+      - "iptables -A OUTPUT -p tcp --dport 1025:65535 -j DROP" # block high port tcp traffic outbound
+      - "iptables -A OUTPUT -p udp --dport 1025:65535 -j DROP" # block high port udp traffic outbound
   ossec:
     firewall_allowed_udp_ports:
       - "1514"
diff --git a/roles/debian/firewall_config/defaults/main.yml b/roles/debian/firewall_config/defaults/main.yml
index 7c9193af6..4ccc5600f 100644
--- a/roles/debian/firewall_config/defaults/main.yml
+++ b/roles/debian/firewall_config/defaults/main.yml
@@ -13,6 +13,7 @@ firewall_config:
   rulesets:
     - ssh_open
     - web_open
+    - common_network # rule always needs to be last so the DROP rules in the OUTPUT chain get applied at the end
 
   # Ruleset definitions
   # Permitted rule lists
@@ -43,6 +44,29 @@ firewall_config:
   letsencrypt:
     firewall_allowed_tcp_ports:
       - "80"
+  # Standard ports for Prometheus outbound rules to allow scraping of exporters
+  prometheus_server_scraping:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 9100 -j ACCEPT" # allow scraping node exporter
+      - "iptables -A OUTPUT -p tcp --dport 9101 -j ACCEPT" # allow scraping process exporter
+      - "iptables -A OUTPUT -p tcp --dport 9093 -j ACCEPT" # allow posting to alertmanager
+      - "iptables -A OUTPUT -p tcp --dport 9115 -j ACCEPT" # allow scraping blackbox exporter
+  # Commonly required outbound ports for PHP web servers
+  common_web:
+    firewall_additional_rules:
+      - "iptables -A OUTPUT -p tcp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p udp --dport 2049 -j ACCEPT" # allow NFS
+      - "iptables -A OUTPUT -p tcp --dport 3306 -j ACCEPT" # allow MySQL
+  # Recommended general firewall settings
+  common_network:
+    firewall_additional_rules:
+      - "iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A INPUT -p icmp --icmp-type 128 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" # ICMP ping in
+      - "iptables -A OUTPUT -p icmp --icmp-type 0 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT" # ICMP ping out
+      - "iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" # established connections out
+      - "iptables -A OUTPUT -o lo -j ACCEPT" # allow all local traffic
+      - "iptables -A OUTPUT -p tcp --dport 1025:65535 -j DROP" # block high port tcp traffic outbound
+      - "iptables -A OUTPUT -p udp --dport 1025:65535 -j DROP" # block high port udp traffic outbound
   ossec:
     firewall_allowed_udp_ports:
       - "1514"
diff --git a/roles/debian/hosts/tasks/main.yml b/roles/debian/hosts/tasks/main.yml
index fc8d9b80f..6d902fbfc 100644
--- a/roles/debian/hosts/tasks/main.yml
+++ b/roles/debian/hosts/tasks/main.yml
@@ -23,14 +23,10 @@
     path: "{{ cloud_init_file.stat.path }}"
     regexp: "manage_etc_hosts: true"
     line: "manage_etc_hosts: false"
-  when:
-    - cloud_init_file.stat.exists
+  when: cloud_init_file.stat.exists
 
 - name: Set system hostname.
-  ansible.builtin.template:
-    src: hostname.j2
-    dest: /etc/hostname
-    owner: root
-    group: root
-    mode: 0644
+  ansible.builtin.hostname:
+    name: "{{ hosts_hostname }}"
+    use: systemd
   when: hosts_hostname | length > 0
diff --git a/roles/debian/hosts/templates/hostname.j2 b/roles/debian/hosts/templates/hostname.j2
deleted file mode 100644
index 6c9f6f6d9..000000000
--- a/roles/debian/hosts/templates/hostname.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ hosts_hostname }}
diff --git a/roles/debian/pam_ldap/templates/ldap.conf.j2 b/roles/debian/pam_ldap/templates/ldap.conf.j2
index b613deaea..a4f1ddca7 100644
--- a/roles/debian/pam_ldap/templates/ldap.conf.j2
+++ b/roles/debian/pam_ldap/templates/ldap.conf.j2
@@ -1,7 +1,7 @@
 BASE {{ pam_ldap.lookup_base }}
 URI	{{ pam_ldap.endpoints | join(' ') }}
 {% if pam_ldap.ssl_certificate is defined and pam_ldap.ssl_certificate %}
-TLS_CACERT /etc/ldap/ssl/{{ pam_ldap.ssl_certificate | basename }}
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
 {% endif %}
 BIND_TIMELIMIT	5
 TIMEOUT 5
@@ -11,4 +11,4 @@ pam_lookup_policy yes
 
 {% if pam_ldap.ssl_certificate_check is defined and not pam_ldap.ssl_certificate_check %}
 TLS_REQCERT never
-{% endif %}
\ No newline at end of file
+{% endif %}

From 630d3224cfe7bcdf7aba7ed18c1d920e60247a7e Mon Sep 17 00:00:00 2001
From: Greg Harvey <greg.harvey@gmail.com>
Date: Wed, 15 Jan 2025 13:59:16 +0100
Subject: [PATCH 2/4] Catching up docs-2.x (#2236)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Publish docs pr 2.x (#2193)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* r71115-default-ldap-ca-cert (#2197)

* Documentation update - 2.x (#2198)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Publish docs pr 2.x (#2203)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Publish docs pr 2.x (#2205)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Documentation update - 2.x (#2200)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Enhanced quick start pr 2.x (#2207)

* Added more generic firewall rules that might be useful.

* Added an update step to the installer.

* Providing some default playbooks people can use in ce-provision.

* Slight docs tweak for showtime!

* Documentation update - 2.x (#2208)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Enhanced quick start pr 2.x (#2211)

* Added more generic firewall rules that might be useful.

* Added an update step to the installer.

* Providing some default playbooks people can use in ce-provision.

* Slight docs tweak for showtime!

* Modernising hostname handling to use systemd.

* Switching default key type to ED25519 because it is supported by both Debian and GitLab.

* Switching to ED25519 SSH keys and adding hostname and hosts handling to installer.

* Adding iproute2 package so hosts role works.

* Also need an apt-get update in CI.

* Change of plan, stop hosts running in containers.

* Small inline docs change.

* Providing sane defaults for VPC security groups.

* Making key name dynamic in the installer.

* Error in variable namespace.

* Publish docs pr 2.x (#2216)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Publish docs pr 2.x (#2218)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Documentation update - 2.x (#2213)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Publish docs pr 2.x (#2220)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing spac…

* Bug fixes 2.x pr 2.x (#2225)

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Improving GitLab vars and adding force stop feature.

* Not installed aws_credentials in meta roles if AWS support disabled.

* Bug fixes 2.x pr 2.x (#2229)

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Improving GitLab vars and adding force stop feature.

* Not installed aws_credentials in meta roles if AWS support disabled.

* Most people will not want pam_ldap or pam_linotp, should not be in meta.

* If you don't create LDAP SSL certs you might not have a /etc/ldap directory.

* Documentation update - 2.x (#2226)

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* Fixing CI vars.

* Fixing CI vars.

* Fix managed SSL key perms and the variable used for the private key. (#575)

* Ec2 subnet lookup pr 1.x (#583)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Ec2 subnet lookup pr 1.x (#589)

* First pass at EC2 subnet detection.

* Touching subnet file to ensure it exists.

* Trying a different approach, file module didn't work.

* Switching back to file module.

* We need to create the directory for new servers too.

* Bad variable name.

* Changing subnet lookup order to check for defined subnet first.

* Fixing gitlab-runner overriders so upgrades do not break the runner. (#586)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Gitlab runner service override pr 1.x (#591)

* Fixing gitlab-runner overriders so upgrades do not break the runner.

* Fixing override file template.

* Hopefully fixing CI.

* Making sure the service directory exists.

* We cannot use the deploy meta role in CI because of LDAP.

* Changing dir perms and adding a force.

* Debugging gitlab-runner directory creation issues in CI.

* Fixing linting error.

* Removing verbosity again but leaving 'stat' command in.

* Pass db_cluster_identifier for RDS instance during ASG build (#600)

* Pass RDS db_cluster_identifier, if present, during an ASG build.

* Use correct variable name for RDS db_cluster_identifier.

* Add a commented variable to ASG role for db_cluster_identifier so it's documented.

* Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605)

* Removing obsolete MySQL config option log_syslog from template. (#607)

* GitHub Actions - Rebuilt documentation. (#536)

Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>

* Consistent default region pr 1.x (#611)

* Moving all region settings to _aws_region var and adding README update.

* Documentation update.

* No need for region, IAM SAML setup is global, (#617)

* Support ebs encryption pr 1.x (#609)

* Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2.

* Setting more sane default instance sizes.

* Adding more EBS options for ASGs.

* Setting encryption to match AMI settings.

* Setting encryption to match AMI settings.

* We also need to dynamically set the ASGs own encrypt_boot var.

* We need to merge the new branch changes before we can rebuild the docs.

* Fixing merge command in CI.

* Not sure toc.sh is actually executing.

* Refactoring encrypt EBS flags to avoid detected loop condition in vars.

* Safer CI, only adds .md files.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying to figure out CI logic for building docs.

* Trying adding a git pull.

* Setting git pull config options.

* Reordering things.

* Adding --allow-unrelated-histories to the git pull.

* Trying a feature branch approach.

* Forcing the GitHub action to fetch all git history.

* Bad whitespace, naughty whitespace.

* Trying a different PR action.

* Do not merge the branch in, we only want the markdown changes.

* Keeping the documentation branch clean.

* We need to push a detached HEAD.

* Do we need the checkout at all?

* Adding a docs pull.

* Allow install|update scripts in Drupal8+ (#599)

* Add some flexibility to Packer (#633)

* Add ability to pass on-error and force to Packer.

* Add new Packer options to the ASG role as well.

* Packer build options need to be declared before the file that is being built.

* Allow Packer ssh_username to be set.

* Making PHP >= 8.0 compatible (#634)

* Packer VPC filtering (#638)

* Add ability to set vpc_filter and subnet AZ for Packer builds.

* Add fqcn-builtins to .ansible-lint warn_list for now.

* GitHub Actions seemingly ignores warn_list.

* Use simplified variables for Packer VPC stuff.

* Only use one filter when filtering VPCs for Packer.

* Cert management pr 1.x (#640)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Cert management pr 1.x (#642)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* Cert management pr 1.x (#644)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Cert management pr 1.x (#647)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Fix Nginx auth_message in vhost (#653)

* Revert auth_message change in Nginx role for now.

* Revert "Revert auth_message change in Nginx role for now."

This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179.

* Add default for Nginx auth_message.

* Cert management pr 1.x (#655)

* Making sure we can't accidentally commit AWS API credentials.

* Initial commit of ACM role.

* Only pause for a get-certificate call if we want to export.

* Updating docs.

* Missed a couple of variables to update.

* We cannot rely on the variable being nonexistent here.

* Allowing ce-provision to set the basic auth message for Nginx.

* Supporting SAN certs and tags on ACM certificates.

* Fixing namespacing.

* Auto-generating SSL certs for ALB and CloudFront.

* More namespace fixes.

* Fixing CI issue with missing AWS region var.

* Reinstating replace_batch_size for ASGs to see if it speeds up infra builds.

* Adding public IP option to LC config for ASGs.

* Refactoring ACM domain handling so we can create DNS entries for each SAN domain.

* Fixing mistake in domains set_fact.

* Fixing AnsibleUndefined bug caused by skipped task.

* Handling multiple domain validations for SAN certs.

* Fixing bad variable name.

* Fixing ASG DNS entries so it adds entries for SAN cert domains too.

* For DNS validation we should not use --domain-validation-options at all.

* Writing over the aws_acm.extra_domains var didn't work, setting a new var instead.

* Bad dict structure.

* Improving multi domain handling for ASG DNS.

* Supporting multiple CloudFront aliases for an ASG.

* Adding options to disable sign-up, sign-in and private projects. (#663)

* Making ALB healthchecks optional and defaulting to disabled. (#670)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Remove alb healthchecks pr 1.x (#673)

* Making ALB healthchecks optional and defaulting to disabled.

* Defaulting back to ELB health checks.

* Making sure new clusters won't fail because no ALB yet.

* Allow user to set cachetool version in the opcache role. (#665)

* Allow user to set cachetool version in the opcache role.

* Adding a comment for a future improvement.

* Adding a 'repack' option for AMIs and ASGs. (#675)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Ami repack option pr 1.x (#707)

* Adding a 'repack' option for AMIs and ASGs.

* Adding an option to force a Packer rebuild in an ASG.

* Fixing EC2 instance look-up to use cluster name.

* Separating AMI provisioning tasks into a tasks file that can be included.

* Refactoring AMI operation to allow current behaviour to remain default.

* Trying to delegate tasks to target repack instance.

* Switching from import_tasks to include_tasks.

* Fixing the instance DNS name var.

* Changing approach to make a standalone machine to generate AMI from.

* Gah! Typo!

* AMI generation requires region and profile.

* Didn't wrap instance_id lookup properly.

* Fixing some missing namespaces.

* Missed a bad var when fixing.

* Adding full set of variables for EC2 instance.

* Fixing AWS SSH key name.

* Decided not to use the EC2 + EIP role.

* Trying to add a pause after instance launch.

* Passing the target branch to Ansible as a var.

* Support absolute paths to playbooks.

* Refactoring to make ce-provision call itself for AMI packing tasks.

* Doubled up the script path.

* Switching to base dir var for ce-provision call.

* Moving temp EC2 instances for AMI creation to subnet with IGW.

* State of EC2 instance needs to be started instead of running.

* We need to delete the AMI we created before making another one.

* Refactoring AMI repack variables for readability and removing volume size.

* Missed a refactored var.

* Defending against AMI volume size issues for ASGs.

* Refactoring extra vars handling.

* For some reason Packer seems to double the brackets.

* Revert "For some reason Packer seems to double the brackets."

This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5.

* Fixing packer.json white space.

* We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it.

* Slight refactor to move the extra vars building to the relevant included tasks.

* Slight documentation change.

* Moved config extra vars to ce-provision as they are globally sane.

* Error in jinja list building for RDS.

* Trailing VPC ID fields using the wrong variable.

* Editing GitLab config so LE is enabled and auto-renewing by default. (#709)

* Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712)

* Add a task in ASG role to add an Aurora RDS endpoint. (#714)

* Ssl le fixes pr 1.x (#725)

* Allow multiple domains to be passed.

* Ensuring we don't break older implementations.

* First pass at a bash script we can run on cron for LE renewals.

* Place the autorenewal script and create a cron entry.

* Allowing the HTTP-01 listen port to be set to something other than 80.

* Need single quotes within our double quotes.

* Adding optional proxy for LE.

* Revert "Adding optional proxy for LE."

This reverts commit cf5720b450744915872eacafee82164300df90aa.

* Adding support for apache and nginx plugins for certbot.

* Fixing quote error.

* Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains.

* Fixing issue with selecting first domain.

* Correcting variable names.

* LE cron template missing an endfor.

* Missing carriage return in LE cron script.

* Turns out you can't alter facts passed in via vars by include_role.

* Fixing SSL defaults.

* Realised if there are multiple different LE runs each needs it's own renewal cron.

* Ensure builds don't fail if ssl.web_server isn't provided.

* Defending against empty SSL services list.

* Improving vhost template LE handling.

* Adjusting SSL cert and key var names.

* Adding a temporary vhost so newly added domains can request LE certs.

* Tabbing error.

* Fixing possible 'resolver' errors in Nginx if you use localhost.

* Renaming loopvar from domain to certificate_domain to avoid clash with nginx role.

* Tweaking Nginx LE handling and making certbot commands customisable.

* Fixing minor typo.

* Trying giving include_role the public flag.

* Documentation updates.

* Adding default value to Nginx vhost template.

* Move drupal8 install/update config to drupal_common under if local block. (#733)

* WIP: 58848 apache role pr 1.x (#667)

* Catching up devel. (#243)

* Devel (#175)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Override fastcgi_read_timeout in Nginx (#41)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Add ability to override Nginx fastcgi_read_timeout value.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Generate saml sso requirements devel (#42)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Generate saml sso requirements devel (#43)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Wrapping the LinOTP code in the SAML template in an 'if' statement.

* Extending the check to make sure LinOTP var isn't empty.

* Removing references to LDAP in SAML groups attribute config, no need to assume.

* Adding docs for the aws_iam_saml role.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding aws_iam_saml docs (#45)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40)

* Generate saml sso requirements 1x (#44)

* Wrong filter for efs info

* Fix indentation error

* Do not purge tags on existing EFS

* Wrong name for updating EFS targets

* Remove leftover loop

* Fix error in subnet gathering

* Split EFS creation

* Use subnet ids

* Wrong var name

* Remove dead code

* Wrong var

* Missing subnet ids

* Try not to loose existing SGs

* Try to dedupe targets

* Wrong syntax for combine

* Typo in combining tupples

* Wrong var name for append items

* Fix appending subnets

* Wrong list transformation

* Switch to community module for efs

* Remove unecessary complexity

* Update documentation

* Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task.

* Remove replace_batch_size from ASG creation task, so it now defaults to 1.

* Wrap Postfix handler commands in quotes. (#26)

* Try using shell instead of command in Postfix handlers.

* GitHub Actions integration (#29)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Use correct variable when setting the RDS instance type as part of ASG creation. (#32)

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Fix alb health check (#31)

* It's traffic-port, not target-port. Doh.

* Update documentation.

Co-authored-by: Emlyn Kinzett <emlyn.kinzett@codeenigma.com>

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Generate saml sso requirements (#33)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Generate saml sso requirements devel (#36)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* Cleaning variables to be generic and improving LDAP role handling.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Generate saml sso requirements devel (#37)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Cleaning variables to be generic and improving LDAP role handling.

* Adding modified iam_alis module found on GitHub.

* Adding management of IAM account alias.

* Revert "Merge branch 'devel' into generate_saml_sso_requirements"

This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing
changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177.

* Adding note on existence of 'config' directory for de-deploy to work.

* Adding link to provided example config directory.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Fixing conflict with ce-dev/README.md.

* Adding a template for SimpleSAMLphp account SPs.

* Renaming template file for SAML and adding an include file for SAML admins.

* Renaming template file for SAML admins.

* phpfpm variables (#38)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provision.

* Explicitly stating bash again in YML.

* Turns out the mkcert binary is out of date.

* Compiled mkcert from source.

* Fixing curl error.

* Switching to wget.

* Starting the linter again and renaming job.

* Only lint changed files.

* Linting a non-existent branch!

* Tidying the documentation check.

* Revert "Making /bin/bash the shell for provision."

This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422.

* Revert "Making /bin/bash the shell."

This reverts commit df585b36877aa2328adc228cd8f76950e2853d36.

* Revert "Tidying the documentation check."

This reverts commit a0c964e15003c8486f4d01232af6e855a475298e.

* Swapping Super-Linter for ansible-lint.

* Running ansible-lint directly in the container.

* Updating to latest Ubuntu.

* Revert "Fixing test.sh to explicitly call bash."

This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad.

* Fixing ansible-lint issues.

* Revert "Fixing ansible-lint issues."

This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48.

* Removing old travis config.

* Spacing issue fix.

* Running tests on pull_request only.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini.

Co-authored-by: Greg Harvey <greg.harvey@gmail.com>

* Adding tasks for handling SimpleSAMLphp repo actions.

* Refactoring git commits to defend against existing files causing commit fails.

* Moving X509Certificate to a variable.

* Generate saml sso requirements devel (#39)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Adding AWS CLI and credentials files to local ce-dev.

* New AWS IAM Ansible role for creating the necessary IdP and role for admin access.

* GitHub actions into v1. (#30)

* Adding Super Linter workflow for GitHub Actions.

* Adding the documentation checker.

* Getting GitHub Actions to continue on failure.

* Seeing if Git exists.

* Missing space.

* Re-adding the checkout and the git commands.

* Trying Pascal's script.

* Adding both lines to the same 'run' command.

* GitHub Actions wtf - splitting into two steps.

* Trying steps on branch name.

* Trying steps on branch name AGAIN.

* Would be good to get the syntax right.

* Trying different quotes.

* Checking the contents of the github.ref variable.

* Trying to add in Pascal's testing step.

* Adding in /bin/sh to hopefully make test.sh run.

* Google says try it with /bin/bash.

* Trying a different Ubuntu version.

* Installing net-tools to have ifconfig.

* Updating testing shell (#28)

* Use correct variable when setting the RDS instance type as part of ASG creation. (#27)

* Fixing test.sh to explicitly call bash.

GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line.

Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>

* We probably don't need /bin/bash

* Making test.sh executable.

* Checking shell.

* Explicitly setting shell to bash in provision.sh.

* Trying ubuntu-16.04 as Travis used this.

* Putting shell back.

* Update provision.sh

* Making /bin/bash the shell.

* Making /bin/bash the shell for provi…

* Bug fixes 2.x pr 2.x (#2231)

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Improving GitLab vars and adding force stop feature.

* Not installed aws_credentials in meta roles if AWS support disabled.

* Most people will not want pam_ldap or pam_linotp, should not be in meta.

* If you don't create LDAP SSL certs you might not have a /etc/ldap directory.

* Adding a merge of the main branch into the docs branch to CI.

* Adding comment to not use hyphens in boto profile names.

* Supporting different key types to publish to AWS.

* Bug fixes 2.x pr 2.x (#2233)

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Improving GitLab vars and adding force stop feature.

* Not installed aws_credentials in meta roles if AWS support disabled.

* Most people will not want pam_ldap or pam_linotp, should not be in meta.

* If you don't create LDAP SSL certs you might not have a /etc/ldap directory.

* Adding a merge of the main branch into the docs branch to CI.

* Adding comment to not use hyphens in boto profile names.

* Supporting different key types to publish to AWS.

* Adding a git fetch before the merge in docs publishing.

* Using the safer _ce_provision_username var in AWS key role.

* Bug fixes 2.x pr 2.x (#2235)

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Improving GitLab vars and adding force stop feature.

* Not installed aws_credentials in meta roles if AWS support disabled.

* Most people will not want pam_ldap or pam_linotp, should not be in meta.

* If you don't create LDAP SSL certs you might not have a /etc/ldap directory.

* Adding a merge of the main branch into the docs branch to CI.

* Adding comment to not use hyphens in boto profile names.

* Supporting different key types to publish to AWS.

* Adding a git fetch before the merge in docs publishing.

* Using the safer _ce_provision_username var in AWS key role.

* Adding the --allow-unrelated-histories flag to git merge in CI.

* Commenting out some of the AWS ACL rulesets to leave them as examples.

---------

Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com>
Co-authored-by: Code Enigma CI <sysadm@codeenigma.com>
Co-authored-by: EmlynK <emlyn.kinzett@codeenigma.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Dionisio <dionisiofernandez83@gmail.com>
Co-authored-by: pascal <pascal.morin@codeenigma.com>
Co-authored-by: Jamie Wiseman <instanceofjamie@users.noreply.github.com>
Co-authored-by: mdecorniquet <43240244+mdecorniquet@users.noreply.github.com>
Co-authored-by: Matthieu Decorniquet <matthieu.decorniquet@codeenigma.com>
Co-authored-by: Dionisio <dionisio.fernandez@codeenigma.com>
Co-authored-by: Jean Pierre Dentone <jp@perudevops.com>
Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com>
Co-authored-by: tim <tymofii.sobchenko@codeenigma.com>
Co-authored-by: Nick Fawbert <nick.fawbert@codeenigma.com>
Co-authored-by: Miro Michalicka <miro.michalicka@gmail.com>
Co-authored-by: Miro Michalicka <miro.michalicka@jobiqo.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Sunil Odedra <122627205+sunilodedra@users.noreply.github.com>
Co-authored-by: Sunny <odedras@gmail.com>
Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com>
Co-authored-by: Matej Štajduhar <30931414+matej5@users.noreply.github.com>
Co-authored-by: Klaus Purer <klaus.purer@jobiqo.com>
Co-authored-by: Klaus Purer <klaus.purer@protonmail.ch>
Co-authored-by: Filip Rupic <123341158+filiprupic@users.noreply.github.com>
Co-authored-by: filip <filip.rupic@codeenigma.com>
---
 .../workflows/ce-provision-publish-docs.yml   |  2 +
 roles/_meta/controller/meta/main.yml          |  4 +-
 roles/_meta/deploy/meta/main.yml              |  4 +-
 roles/aws/aws_acl/defaults/main.yml           | 52 +++++++++++--------
 roles/aws/aws_credentials/defaults/main.yml   |  2 +-
 .../defaults/main.yml                         |  3 +-
 .../aws_provision_ec2_keypair/tasks/main.yml  |  2 +-
 roles/debian/gitlab/defaults/main.yml         | 11 ++--
 roles/debian/gitlab/tasks/main.yml            |  2 +
 roles/debian/pam_ldap/tasks/main.yml          |  5 ++
 10 files changed, 51 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml
index b87f9afe5..232a71d99 100644
--- a/.github/workflows/ce-provision-publish-docs.yml
+++ b/.github/workflows/ce-provision-publish-docs.yml
@@ -58,6 +58,8 @@ jobs:
       # First build and publish the markdown docs
       - name: Build and commit table of contents and README files back to the repo
         run: |
+          /usr/bin/git fetch origin 2.x
+          /usr/bin/git merge origin/${{ github.event.pull_request.base.ref }} --allow-unrelated-histories
           /bin/sh contribute/toc.sh
           /usr/bin/find . -name "*.md" | xargs git add
           /usr/bin/git diff --staged --quiet || /usr/bin/git commit -am "GitHub Actions - updating markdown docs - ${{ github.event.repository.updated_at }}"
diff --git a/roles/_meta/controller/meta/main.yml b/roles/_meta/controller/meta/main.yml
index 955a23613..a876c8c89 100644
--- a/roles/_meta/controller/meta/main.yml
+++ b/roles/_meta/controller/meta/main.yml
@@ -3,11 +3,9 @@ dependencies:
   - role: debian/user_provision
   - { role: debian/ssh_server, when: ( is_local is not defined or not is_local ) }
   - role: _meta/common_base
-  - role: aws/aws_credentials
+  - { role: aws/aws_credentials, when ce_provision.aws_support }
   - role: debian/ce_provision
   - role: debian/gitlab
   - role: debian/gitlab_runner
   - role: debian/sops
   - role: debian/gpg_key
-  - role: debian/pam_ldap
-  - role: debian/pam_linotp
diff --git a/roles/_meta/deploy/meta/main.yml b/roles/_meta/deploy/meta/main.yml
index 4409e5701..cc6ce64c2 100644
--- a/roles/_meta/deploy/meta/main.yml
+++ b/roles/_meta/deploy/meta/main.yml
@@ -4,10 +4,8 @@ dependencies:
   - { role: debian/ssh_server, when: ( is_local is not defined or not is_local ) }
   - role: _meta/common_base
   - role: debian/ce_deploy
-  - role: aws/aws_credentials
+  - { role: aws/aws_credentials, when: ce_deploy.aws_support }
   - role: debian/gitlab
   - role: debian/gitlab_runner
   - role: debian/sops
   - role: debian/gpg_key
-  - role: debian/pam_ldap
-  - role: debian/pam_linotp
diff --git a/roles/aws/aws_acl/defaults/main.yml b/roles/aws/aws_acl/defaults/main.yml
index 2757cffc6..d74402f89 100644
--- a/roles/aws/aws_acl/defaults/main.yml
+++ b/roles/aws/aws_acl/defaults/main.yml
@@ -10,29 +10,37 @@ aws_acl:
       rate_limit:
         value: 600 # set to 0 to skip rate limit rule, set to a value to set how many requests to allow in period before blocking
         priority: 2 # can be float with 1 decimal place
-      ip_sets:
-        - rule_name: "Allowed-IPs-rule"
-          set_name: "Allowed-IPs-set"
-          description: "List of IPs to whitelist - Ansible managed"
-          action: allow
-          priority: 1
-          list:
-            - 1.1.1.1/32
-            - 2.2.2.2/32
-      country_codes:
-        - name: "allowed-countries"
-          action: allow
-          priority: 0.2
-          list:
-            - GB
-            - HR
-        - name: "blocked-countries"
-          action: block
-          priority: 8
-          list:
-            - RU
-            - CN
+      ip_sets: []
+#   Example IP set to allow a list of safe IPs
+#        - rule_name: "Allowed-IPs-rule"
+#          set_name: "Allowed-IPs-set"
+#          description: "List of IPs to safelist - Ansible managed"
+#          action: allow
+#          priority: 1
+#          list:
+#            - 1.1.1.1/32
+#            - 2.2.2.2/32
+#            - 30.30.30.0/24
+#   Example country code ruleset allowing one set of countries and blocking another
+#      country_codes:
+#        - name: "allowed-countries"
+#          action: allow
+#          priority: 0.2
+#          list:
+#            - GB
+#            - HR
+#            - FR
+#            - ES
+#            - UY
+#            - JP
+#        - name: "blocked-countries"
+#          action: block
+#          priority: 8
+#          list:
+#            - RU
+#            - CN
       regular_rules:
+        # Commonly required Drupal rule to allow Panels to function
         - name: allow_panels
           action: allow
           statements_type: "single" # supported "single", "and", "or" and "not" ("and" and "or" supports multiple statements)
diff --git a/roles/aws/aws_credentials/defaults/main.yml b/roles/aws/aws_credentials/defaults/main.yml
index 8e58eb78d..80a5430fe 100644
--- a/roles/aws/aws_credentials/defaults/main.yml
+++ b/roles/aws/aws_credentials/defaults/main.yml
@@ -2,7 +2,7 @@
 aws_credentials:
   - user: ce-dev
     profiles:
-      - name: profile1
+      - name: profile1 # profiles should never contain hyphens
         access_key_id: XXX
         secret_access_key: XXXX
       - name: example
diff --git a/roles/aws/aws_provision_ec2_keypair/defaults/main.yml b/roles/aws/aws_provision_ec2_keypair/defaults/main.yml
index 51e053f91..efd4af9c0 100644
--- a/roles/aws/aws_provision_ec2_keypair/defaults/main.yml
+++ b/roles/aws/aws_provision_ec2_keypair/defaults/main.yml
@@ -2,4 +2,5 @@
 aws_provision_ec2_keypair:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
-  key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}"
+  key_name: "{{ _ce_provision_username }}@{{ ansible_hostname }}"
+  key_type: ed25519 # defaults to ed25519 as used in the ce_provision role, set to rsa to or ecdsa as necessary
diff --git a/roles/aws/aws_provision_ec2_keypair/tasks/main.yml b/roles/aws/aws_provision_ec2_keypair/tasks/main.yml
index a0c5124d7..4eb8f2c98 100644
--- a/roles/aws/aws_provision_ec2_keypair/tasks/main.yml
+++ b/roles/aws/aws_provision_ec2_keypair/tasks/main.yml
@@ -2,6 +2,6 @@
 - name: Create EC2 key pair.
   amazon.aws.ec2_key:
     name: "{{ aws_provision_ec2_keypair.key_name }}"
-    key_material: "{{ lookup('file', '/home/{{ ce_provision.username }}/.ssh/id_rsa.pub') }}"
+    key_material: "{{ lookup('file', '/home/{{ _ce_provision_username }}/.ssh/id_{{ aws_provision_ec2_keypair.key_type }}.pub') }}"
     profile: "{{ aws_provision_ec2_keypair.aws_profile }}"
     region: "{{ aws_provision_ec2_keypair.region }}"
diff --git a/roles/debian/gitlab/defaults/main.yml b/roles/debian/gitlab/defaults/main.yml
index e2ed2ff05..ba7d1b4e5 100644
--- a/roles/debian/gitlab/defaults/main.yml
+++ b/roles/debian/gitlab/defaults/main.yml
@@ -11,14 +11,15 @@ gitlab:
   apt_origin: "origin=packages.gitlab.com/gitlab/gitlab-ce,codename=${distro_codename},label=gitlab-ce" # used by apt_unattended_upgrades
   apt_signed_by: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
   server_name: "gitlab.{{ _domain_name }}"
+  force_stop: true # whether to stop GitLab to reconfigure or not
   # Add a record for GitLab in AWS Route 53
   # If you use the aws_ec2_with_eip role to create your server this will not be necessary
   gitlab_route_53:
     state: present
     zone: "" # empty zone skips DNS creation
-    record: "{{ _domain_name }}"
-    type: A # change to CNAME if required
-    value: 1.2.3.4 # set IP if type: A and target hostname if type: CNAME
+    record: "gitlab.{{ _domain_name }}"
+    type: CNAME # change to A if required
+    value: "{{ _domain_name }}" # set IP if type: A and target hostname if type: CNAME
     aws_profile: another # Not necessarily the same as the "target" one for the server
     wildcard: true # Creates a matching wildcard CNAME  letsencrypt: "true" # use built-in GitLab LetsEncrypt support by default
   letsencrypt: "true" # GitLab's built in SSL handling enabled by default
@@ -77,10 +78,10 @@ gitlab:
   omniauth_auto_link_saml_user: "false"
   omniauth_block_auto_created_users: "true"
   omniauth_login_button_label: "Login with SAML"
-  omniauth_consumer_service_url: "https://{{ _domain_name }}/users/auth/saml/callback"
+  omniauth_consumer_service_url: "https://gitlab.{{ _domain_name }}/users/auth/saml/callback"
   omniauth_saml_cert_fingerprint: "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" # fingerprint of the SAML server's certificate
   omniauth_saml_endpoint_url: https://login.example.com/simplesaml/saml2/idp/SSOService.php # typical endpoint if you followed the SimpleSAMLphp QuickStart - https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html
-  omniauth_saml_entity_id: "{{ _domain_name }}" # can be any string, typically just the domain name
+  omniauth_saml_entity_id: "gitlab.{{ _domain_name }}" # can be any string, typically just the domain name
   omniauth_saml_attribute_statements: "uid: ['uid']" # typical basic set-up if your SAML authsource is OpenLDAP
   # Other services
   prometheus: "true" # enable/disable built-in Prometheus
diff --git a/roles/debian/gitlab/tasks/main.yml b/roles/debian/gitlab/tasks/main.yml
index 00b55e162..766ec8097 100644
--- a/roles/debian/gitlab/tasks/main.yml
+++ b/roles/debian/gitlab/tasks/main.yml
@@ -96,6 +96,7 @@
 
 - name: Stop Gitlab.
   ansible.builtin.command: /opt/gitlab/bin/gitlab-ctl stop
+  when: gitlab.force_stop
 
 - name: Reconfigure Gitlab.
   ansible.builtin.command: /opt/gitlab/bin/gitlab-ctl reconfigure
@@ -126,6 +127,7 @@
 
 - name: Ensure GitLab is started.
   ansible.builtin.command: /opt/gitlab/bin/gitlab-ctl start
+  when: gitlab.force_stop
 
 # @TODO - this task fails in CI with GitHub Actions because PostGreSQL isn't running
 - name: Run the GitLab configuration script for config that cannot be set in gitlab.rb.
diff --git a/roles/debian/pam_ldap/tasks/main.yml b/roles/debian/pam_ldap/tasks/main.yml
index c66ba85f7..b2a4de250 100644
--- a/roles/debian/pam_ldap/tasks/main.yml
+++ b/roles/debian/pam_ldap/tasks/main.yml
@@ -5,6 +5,11 @@
     state: present
     update_cache: true
 
+- name: Create LDAP config directory.
+  ansible.builtin.file:
+    path: /etc/ldap
+    state: directory
+
 - name: Create certificate directory.
   ansible.builtin.file:
     path: /etc/ldap/ssl

From edde33b349112482c8be7bcb698dc77aaf6e0845 Mon Sep 17 00:00:00 2001
From: Code Enigma CI <sysadm@codeenigma.com>
Date: Wed, 15 Jan 2025 18:41:49 +0000
Subject: [PATCH 3/4] GitHub Actions - updating markdown docs -
 2025-01-15T18:30:36Z

---
 docs/roles/aws/aws_acl.md                     | 52 +++++++++++--------
 docs/roles/aws/aws_credentials.md             |  2 +-
 docs/roles/aws/aws_provision_ec2_keypair.md   |  3 +-
 docs/roles/debian/gitlab.md                   | 11 ++--
 roles/aws/aws_acl/README.md                   | 52 +++++++++++--------
 roles/aws/aws_credentials/README.md           |  2 +-
 roles/aws/aws_provision_ec2_keypair/README.md |  3 +-
 roles/debian/gitlab/README.md                 | 11 ++--
 8 files changed, 78 insertions(+), 58 deletions(-)

diff --git a/docs/roles/aws/aws_acl.md b/docs/roles/aws/aws_acl.md
index f802c46a2..8cf21ccce 100644
--- a/docs/roles/aws/aws_acl.md
+++ b/docs/roles/aws/aws_acl.md
@@ -19,29 +19,37 @@ aws_acl:
       rate_limit:
         value: 600 # set to 0 to skip rate limit rule, set to a value to set how many requests to allow in period before blocking
         priority: 2 # can be float with 1 decimal place
-      ip_sets:
-        - rule_name: "Allowed-IPs-rule"
-          set_name: "Allowed-IPs-set"
-          description: "List of IPs to whitelist - Ansible managed"
-          action: allow
-          priority: 1
-          list:
-            - 1.1.1.1/32
-            - 2.2.2.2/32
-      country_codes:
-        - name: "allowed-countries"
-          action: allow
-          priority: 0.2
-          list:
-            - GB
-            - HR
-        - name: "blocked-countries"
-          action: block
-          priority: 8
-          list:
-            - RU
-            - CN
+      ip_sets: []
+#   Example IP set to allow a list of safe IPs
+#        - rule_name: "Allowed-IPs-rule"
+#          set_name: "Allowed-IPs-set"
+#          description: "List of IPs to safelist - Ansible managed"
+#          action: allow
+#          priority: 1
+#          list:
+#            - 1.1.1.1/32
+#            - 2.2.2.2/32
+#            - 30.30.30.0/24
+#   Example country code ruleset allowing one set of countries and blocking another
+#      country_codes:
+#        - name: "allowed-countries"
+#          action: allow
+#          priority: 0.2
+#          list:
+#            - GB
+#            - HR
+#            - FR
+#            - ES
+#            - UY
+#            - JP
+#        - name: "blocked-countries"
+#          action: block
+#          priority: 8
+#          list:
+#            - RU
+#            - CN
       regular_rules:
+        # Commonly required Drupal rule to allow Panels to function
         - name: allow_panels
           action: allow
           statements_type: "single" # supported "single", "and", "or" and "not" ("and" and "or" supports multiple statements)
diff --git a/docs/roles/aws/aws_credentials.md b/docs/roles/aws/aws_credentials.md
index feee7956b..1ebd66959 100644
--- a/docs/roles/aws/aws_credentials.md
+++ b/docs/roles/aws/aws_credentials.md
@@ -12,7 +12,7 @@ Simple role generating credentials "profiles" in users $HOME/.aws/credentials.
 aws_credentials:
   - user: ce-dev
     profiles:
-      - name: profile1
+      - name: profile1 # profiles should never contain hyphens
         access_key_id: XXX
         secret_access_key: XXXX
       - name: example
diff --git a/docs/roles/aws/aws_provision_ec2_keypair.md b/docs/roles/aws/aws_provision_ec2_keypair.md
index 5267a111c..2a9bc39ae 100644
--- a/docs/roles/aws/aws_provision_ec2_keypair.md
+++ b/docs/roles/aws/aws_provision_ec2_keypair.md
@@ -10,7 +10,8 @@ Creates a key pair for the current "provision user"
 aws_provision_ec2_keypair:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
-  key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}"
+  key_name: "{{ _ce_provision_username }}@{{ ansible_hostname }}"
+  key_type: ed25519 # defaults to ed25519 as used in the ce_provision role, set to rsa to or ecdsa as necessary
 
 ```
 
diff --git a/docs/roles/debian/gitlab.md b/docs/roles/debian/gitlab.md
index f4b11638b..de9001f30 100644
--- a/docs/roles/debian/gitlab.md
+++ b/docs/roles/debian/gitlab.md
@@ -24,14 +24,15 @@ gitlab:
   apt_origin: "origin=packages.gitlab.com/gitlab/gitlab-ce,codename=${distro_codename},label=gitlab-ce" # used by apt_unattended_upgrades
   apt_signed_by: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
   server_name: "gitlab.{{ _domain_name }}"
+  force_stop: true # whether to stop GitLab to reconfigure or not
   # Add a record for GitLab in AWS Route 53
   # If you use the aws_ec2_with_eip role to create your server this will not be necessary
   gitlab_route_53:
     state: present
     zone: "" # empty zone skips DNS creation
-    record: "{{ _domain_name }}"
-    type: A # change to CNAME if required
-    value: 1.2.3.4 # set IP if type: A and target hostname if type: CNAME
+    record: "gitlab.{{ _domain_name }}"
+    type: CNAME # change to A if required
+    value: "{{ _domain_name }}" # set IP if type: A and target hostname if type: CNAME
     aws_profile: another # Not necessarily the same as the "target" one for the server
     wildcard: true # Creates a matching wildcard CNAME  letsencrypt: "true" # use built-in GitLab LetsEncrypt support by default
   letsencrypt: "true" # GitLab's built in SSL handling enabled by default
@@ -90,10 +91,10 @@ gitlab:
   omniauth_auto_link_saml_user: "false"
   omniauth_block_auto_created_users: "true"
   omniauth_login_button_label: "Login with SAML"
-  omniauth_consumer_service_url: "https://{{ _domain_name }}/users/auth/saml/callback"
+  omniauth_consumer_service_url: "https://gitlab.{{ _domain_name }}/users/auth/saml/callback"
   omniauth_saml_cert_fingerprint: "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" # fingerprint of the SAML server's certificate
   omniauth_saml_endpoint_url: https://login.example.com/simplesaml/saml2/idp/SSOService.php # typical endpoint if you followed the SimpleSAMLphp QuickStart - https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html
-  omniauth_saml_entity_id: "{{ _domain_name }}" # can be any string, typically just the domain name
+  omniauth_saml_entity_id: "gitlab.{{ _domain_name }}" # can be any string, typically just the domain name
   omniauth_saml_attribute_statements: "uid: ['uid']" # typical basic set-up if your SAML authsource is OpenLDAP
   # Other services
   prometheus: "true" # enable/disable built-in Prometheus
diff --git a/roles/aws/aws_acl/README.md b/roles/aws/aws_acl/README.md
index f802c46a2..8cf21ccce 100644
--- a/roles/aws/aws_acl/README.md
+++ b/roles/aws/aws_acl/README.md
@@ -19,29 +19,37 @@ aws_acl:
       rate_limit:
         value: 600 # set to 0 to skip rate limit rule, set to a value to set how many requests to allow in period before blocking
         priority: 2 # can be float with 1 decimal place
-      ip_sets:
-        - rule_name: "Allowed-IPs-rule"
-          set_name: "Allowed-IPs-set"
-          description: "List of IPs to whitelist - Ansible managed"
-          action: allow
-          priority: 1
-          list:
-            - 1.1.1.1/32
-            - 2.2.2.2/32
-      country_codes:
-        - name: "allowed-countries"
-          action: allow
-          priority: 0.2
-          list:
-            - GB
-            - HR
-        - name: "blocked-countries"
-          action: block
-          priority: 8
-          list:
-            - RU
-            - CN
+      ip_sets: []
+#   Example IP set to allow a list of safe IPs
+#        - rule_name: "Allowed-IPs-rule"
+#          set_name: "Allowed-IPs-set"
+#          description: "List of IPs to safelist - Ansible managed"
+#          action: allow
+#          priority: 1
+#          list:
+#            - 1.1.1.1/32
+#            - 2.2.2.2/32
+#            - 30.30.30.0/24
+#   Example country code ruleset allowing one set of countries and blocking another
+#      country_codes:
+#        - name: "allowed-countries"
+#          action: allow
+#          priority: 0.2
+#          list:
+#            - GB
+#            - HR
+#            - FR
+#            - ES
+#            - UY
+#            - JP
+#        - name: "blocked-countries"
+#          action: block
+#          priority: 8
+#          list:
+#            - RU
+#            - CN
       regular_rules:
+        # Commonly required Drupal rule to allow Panels to function
         - name: allow_panels
           action: allow
           statements_type: "single" # supported "single", "and", "or" and "not" ("and" and "or" supports multiple statements)
diff --git a/roles/aws/aws_credentials/README.md b/roles/aws/aws_credentials/README.md
index feee7956b..1ebd66959 100644
--- a/roles/aws/aws_credentials/README.md
+++ b/roles/aws/aws_credentials/README.md
@@ -12,7 +12,7 @@ Simple role generating credentials "profiles" in users $HOME/.aws/credentials.
 aws_credentials:
   - user: ce-dev
     profiles:
-      - name: profile1
+      - name: profile1 # profiles should never contain hyphens
         access_key_id: XXX
         secret_access_key: XXXX
       - name: example
diff --git a/roles/aws/aws_provision_ec2_keypair/README.md b/roles/aws/aws_provision_ec2_keypair/README.md
index 5267a111c..2a9bc39ae 100644
--- a/roles/aws/aws_provision_ec2_keypair/README.md
+++ b/roles/aws/aws_provision_ec2_keypair/README.md
@@ -10,7 +10,8 @@ Creates a key pair for the current "provision user"
 aws_provision_ec2_keypair:
   aws_profile: "{{ _aws_profile }}"
   region: "{{ _aws_region }}"
-  key_name: "{{ ce_provision.username }}@{{ ansible_hostname }}"
+  key_name: "{{ _ce_provision_username }}@{{ ansible_hostname }}"
+  key_type: ed25519 # defaults to ed25519 as used in the ce_provision role, set to rsa to or ecdsa as necessary
 
 ```
 
diff --git a/roles/debian/gitlab/README.md b/roles/debian/gitlab/README.md
index f4b11638b..de9001f30 100644
--- a/roles/debian/gitlab/README.md
+++ b/roles/debian/gitlab/README.md
@@ -24,14 +24,15 @@ gitlab:
   apt_origin: "origin=packages.gitlab.com/gitlab/gitlab-ce,codename=${distro_codename},label=gitlab-ce" # used by apt_unattended_upgrades
   apt_signed_by: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
   server_name: "gitlab.{{ _domain_name }}"
+  force_stop: true # whether to stop GitLab to reconfigure or not
   # Add a record for GitLab in AWS Route 53
   # If you use the aws_ec2_with_eip role to create your server this will not be necessary
   gitlab_route_53:
     state: present
     zone: "" # empty zone skips DNS creation
-    record: "{{ _domain_name }}"
-    type: A # change to CNAME if required
-    value: 1.2.3.4 # set IP if type: A and target hostname if type: CNAME
+    record: "gitlab.{{ _domain_name }}"
+    type: CNAME # change to A if required
+    value: "{{ _domain_name }}" # set IP if type: A and target hostname if type: CNAME
     aws_profile: another # Not necessarily the same as the "target" one for the server
     wildcard: true # Creates a matching wildcard CNAME  letsencrypt: "true" # use built-in GitLab LetsEncrypt support by default
   letsencrypt: "true" # GitLab's built in SSL handling enabled by default
@@ -90,10 +91,10 @@ gitlab:
   omniauth_auto_link_saml_user: "false"
   omniauth_block_auto_created_users: "true"
   omniauth_login_button_label: "Login with SAML"
-  omniauth_consumer_service_url: "https://{{ _domain_name }}/users/auth/saml/callback"
+  omniauth_consumer_service_url: "https://gitlab.{{ _domain_name }}/users/auth/saml/callback"
   omniauth_saml_cert_fingerprint: "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00" # fingerprint of the SAML server's certificate
   omniauth_saml_endpoint_url: https://login.example.com/simplesaml/saml2/idp/SSOService.php # typical endpoint if you followed the SimpleSAMLphp QuickStart - https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html
-  omniauth_saml_entity_id: "{{ _domain_name }}" # can be any string, typically just the domain name
+  omniauth_saml_entity_id: "gitlab.{{ _domain_name }}" # can be any string, typically just the domain name
   omniauth_saml_attribute_statements: "uid: ['uid']" # typical basic set-up if your SAML authsource is OpenLDAP
   # Other services
   prometheus: "true" # enable/disable built-in Prometheus

From d6068277aea4c6d8e165ac18782625b4043c545c Mon Sep 17 00:00:00 2001
From: Code Enigma CI <sysadm@codeenigma.com>
Date: Thu, 16 Jan 2025 16:40:35 +0000
Subject: [PATCH 4/4] GitHub Actions - updating markdown docs -
 2025-01-15T18:47:34Z

---
 docs/_Sidebar.md               | 22 +++++++++++-----------
 docs/roles/aws/aws_acl.md      | 25 +++++++++++++++++++++++++
 docs/roles/debian/gpg_key.md   |  1 +
 roles/aws/aws_acl/README.md    |  1 +
 roles/debian/gpg_key/README.md |  1 +
 5 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md
index f6637bbc3..540826797 100644
--- a/docs/_Sidebar.md
+++ b/docs/_Sidebar.md
@@ -3,11 +3,18 @@
   - [Install](install)
   - [Usage](scripts)
   - [Roles](roles)
+     - [Init role](/roles/_init)
+     - ["Meta" roles that group individual roles together.](/roles/_meta)
+       - [AWS account](/roles/_meta/aws_account)
+       - [AWS client](/roles/_meta/aws_client_instance)
+       - [AWS region](/roles/_meta/aws_region)
+     - [\_overrides.](/roles/_overrides)
      - [AWS Infrastructure](/roles/aws)
+       - [AWS Network Info](/roles/aws/_aws_network_info)
        - [AWS ACL](/roles/aws/aws_acl)
        - [AWS Certificate Manager](/roles/aws/aws_acm)
-       - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup)
        - [AWS AMI](/roles/aws/aws_ami)
+       - [AWS AMI ASG Cleanup](/roles/aws/aws_ami_asg_cleanup)
        - [AWS Backup](/roles/aws/aws_backup)
        - [AWS Backup Validation](/roles/aws/aws_backup_validation)
        - [AWS CloudFront distribution](/roles/aws/aws_cloudfront_distribution)
@@ -20,7 +27,6 @@
        - [AWS ElastiCache](/roles/aws/aws_elasticache)
        - [AWS IAM EC2](/roles/aws/aws_iam_role)
        - [AWS IAM SAML](/roles/aws/aws_iam_saml)
-       - [AWS Network Info](/roles/aws/_aws_network_info)
        - [AWS OpenSearch](/roles/aws/aws_opensearch)
        - [AWS key pair.](/roles/aws/aws_provision_ec2_keypair)
        - [AWS RDS](/roles/aws/aws_rds)
@@ -34,8 +40,8 @@
        - [VPC](/roles/aws/aws_vpc_subnet)
      - [Contributed roles](/roles/contrib)
      - [Debian Packages](/roles/debian)
-       - [Ansible Galaxy](/roles/debian/ansible_galaxy)
        - [Ansible](/roles/debian/ansible)
+       - [Ansible Galaxy](/roles/debian/ansible_galaxy)
        - [APACHE](/roles/debian/apache)
        - [Apparmor](/roles/debian/apparmor)
        - [Extra packages](/roles/debian/apt_extra_packages)
@@ -75,10 +81,10 @@
        - [PAM LinOTP](/roles/debian/pam_linotp)
        - [PHP terminal client](/roles/debian/php-cli)
        - [PHP common components](/roles/debian/php-common)
-       - [PHP Composer](/roles/debian/php_composer)
        - [PHP-FPM](/roles/debian/php-fpm)
-       - [phpMyAdmin](/roles/debian/phpmyadmin)
+       - [PHP Composer](/roles/debian/php_composer)
        - [PHP XDebug](/roles/debian/php_xdebug)
+       - [phpMyAdmin](/roles/debian/phpmyadmin)
        - [Postfix](/roles/debian/postfix)
        - [Process Manager](/roles/debian/process_manager)
        - [Python Boto](/roles/debian/python_boto)
@@ -95,9 +101,3 @@
        - [User Ansible](/roles/debian/user_ansible)
        - [varnish_config](/roles/debian/varnish_config)
        - [wazuh](/roles/debian/wazuh)
-     - [Init role](/roles/_init)
-     - ["Meta" roles that group individual roles together.](/roles/_meta)
-       - [AWS account](/roles/_meta/aws_account)
-       - [AWS client](/roles/_meta/aws_client_instance)
-       - [AWS region](/roles/_meta/aws_region)
-     - [\_overrides.](/roles/_overrides)
diff --git a/docs/roles/aws/aws_acl.md b/docs/roles/aws/aws_acl.md
index 8cf21ccce..030a017ca 100644
--- a/docs/roles/aws/aws_acl.md
+++ b/docs/roles/aws/aws_acl.md
@@ -1,6 +1,31 @@
 # AWS ACL
 Creates an ACL to be attached to a CloudFront distribution or an Application Load Balancer (ALB).
 
+## Default variables to create WAF
+If the var is list type, it will go through the process of creating and assignng rules to WAF
+aws_acl.yml needs to be located in global or regional vars
+
+If you don't need one of the rules on the WAF, we can just remove it from the "rules"
+
+Since IP set is a thing under WAF, we have option to create, update and use existing set:
+
+IP set with a list of IPs will be marked as a thing that needs to be created/updated
+
+If its defined only with rule_name, set_name, action and priority (leaving the list empty) it will just search existing set and assign it to WAF
+
+## Default variables to Assign WAF to CF/ALB
+If the var is dict type, it will go through the process assignng WAF to CF/ALB
+aws_acl.yml needs to be located in resource vars
+
+Make sure to use "us-east-1" for CLOUDFRONT scope
+or define region where the ALB is located with REGIONAL scope
+```yaml
+---
+aws_acl:
+  name: "{{ _infra_name }}_main_acl"
+  scope: CLOUDFRONT # Can be REGIONAL for ALBs
+  region: "us-east-1"
+```
 <!--TOC-->
 <!--ENDTOC-->
 
diff --git a/docs/roles/debian/gpg_key.md b/docs/roles/debian/gpg_key.md
index 66f867ba5..4bac2216c 100644
--- a/docs/roles/debian/gpg_key.md
+++ b/docs/roles/debian/gpg_key.md
@@ -8,6 +8,7 @@ Generates a passwordless GPG key for a given user or users.
 ```yaml
 ---
 gpg_key_servers:
+  - hkps://keyserver.ubuntu.com
   - hkps://pgp.mit.edu
   - hkps://keys.openpgp.org
 gpg_key:
diff --git a/roles/aws/aws_acl/README.md b/roles/aws/aws_acl/README.md
index de013688e..030a017ca 100644
--- a/roles/aws/aws_acl/README.md
+++ b/roles/aws/aws_acl/README.md
@@ -133,4 +133,5 @@ aws_acl:
         priority: 13
 
 ```
+
 <!--ENDROLEVARS-->
diff --git a/roles/debian/gpg_key/README.md b/roles/debian/gpg_key/README.md
index 66f867ba5..4bac2216c 100644
--- a/roles/debian/gpg_key/README.md
+++ b/roles/debian/gpg_key/README.md
@@ -8,6 +8,7 @@ Generates a passwordless GPG key for a given user or users.
 ```yaml
 ---
 gpg_key_servers:
+  - hkps://keyserver.ubuntu.com
   - hkps://pgp.mit.edu
   - hkps://keys.openpgp.org
 gpg_key: