diff --git a/roles/common/tasks/firewall.yml b/roles/firewalld/tasks/firewalld.yml
similarity index 100%
rename from roles/common/tasks/firewall.yml
rename to roles/firewalld/tasks/firewalld.yml
diff --git a/roles/mariadb/README.md b/roles/mariadb/README.md
new file mode 100644
index 0000000..fc7c8b0
--- /dev/null
+++ b/roles/mariadb/README.md
@@ -0,0 +1,16 @@
+# mariadb
+
+An Ansible role that installs MariaDB, changes mysql root password, and makes sure it runs on startup.
+
+## Requirements
+
+No specific requirements, just CC7 and Yum.
+
+## Dependencies
+
+None.
+
+## Role Variables
+
+mysql_root_password: password for mysql user root (new one to be set)
+mysql_root_old_password: current password for mysql user root (will be changed)
diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml
new file mode 100644
index 0000000..70f22f6
--- /dev/null
+++ b/roles/mariadb/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+mysql_root_password:
+mysql_root_old_password:
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
new file mode 100644
index 0000000..5f8babe
--- /dev/null
+++ b/roles/mariadb/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+- name: Ensure mariadb is installed
+ yum:
+ name: mariadb-server
+ state: latest
+ update_cache: yes
+ tags: installation
+
+- name: "Ensure mariadb service runs immediately and on startup"
+ systemd:
+ name: mariadb
+ enabled: yes
+ state: started
+ daemon_reload: yes
+ tags: installation
+
+- name: Ensure MySQL-python is installed
+ yum:
+ name: MySQL-python
+ state: latest
+ update_cache: yes
+ tags: installation
+
+- name: Ensure database ports are open
+ firewalld:
+ permanent: true
+ immediate: true
+ port: "{{ item }}/tcp"
+ zone: public
+ state: enabled
+ ignore_errors: yes
+ with_items:
+ - "3306"
+ tags: installation
+
+- name: Set root user password
+ mysql_user: name=root
+ host=localhost
+ password="{{ mysql_root_password }}"
+ check_implicit_admin=yes
+ login_user="root"
+ login_password="{{ mysql_root_old_password }}"
+ state=present
+ tags: configuration
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
new file mode 100644
index 0000000..215ace3
--- /dev/null
+++ b/roles/nginx/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+nginx_port: 80
diff --git a/roles/nginx/files/index.html b/roles/nginx/files/index.html
new file mode 100644
index 0000000..c2725f8
--- /dev/null
+++ b/roles/nginx/files/index.html
@@ -0,0 +1,607 @@
+
+
+ O2 Web UI directory
+
+
+ O2 Web UI directory
+Control
+
+Logging
+
+Quality Control
+
+Monitoring
+
+
+
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..2e593d3
--- /dev/null
+++ b/roles/nginx/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart nginx
+ service:
+ name: nginx
+ state: restarted
diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml
new file mode 100644
index 0000000..7731e6d
--- /dev/null
+++ b/roles/nginx/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: basevars }
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..618c6cf
--- /dev/null
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: Ensure nginx {{ nginx_version }} is present
+ package:
+ name: "https://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-{{ nginx_version }}-1.el7.ngx.x86_64.rpm"
+ state: present
+ update_cache: yes
+ notify: Restart nginx
+ tags: installation
+
+- name: Copy main page
+ copy:
+ src: "{{ role_path }}/files/index.html"
+ dest: /var/www/html/
+ tags: installation
+
+- name: Deploy main configuration file
+ template:
+ src: default.conf.j2
+ dest: /etc/nginx/conf.d/default.conf
+ notify: Restart nginx
+ tags: configuration
+
+- name: Start nginx on boot
+ systemd:
+ name: nginx
+ enabled: yes
+ state: restarted
+ daemon_reload: yes
+ tags: configuration
+
+- name: Open port {{ nginx_port }} in firewall
+ firewalld:
+ port: "{{ nginx_port }}/tcp"
+ permanent: true
+ state: enabled
+ immediate: yes
+ ignore_errors: yes
+ tags: configuration
diff --git a/roles/nginx/templates/default.conf.j2 b/roles/nginx/templates/default.conf.j2
new file mode 100644
index 0000000..4ca359b
--- /dev/null
+++ b/roles/nginx/templates/default.conf.j2
@@ -0,0 +1,10 @@
+server {
+ listen {{ nginx_port }} default_server;
+ listen [::]:{{ nginx_port }} default_server;
+ root /var/www/html;
+ index index.html;
+ server_name {{ ansible_fqdn }};
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md
new file mode 100644
index 0000000..27253ef
--- /dev/null
+++ b/roles/nodejs/README.md
@@ -0,0 +1,11 @@
+# nodejs
+
+An Ansible role that installs and configures [nodejs](https://nodejs.org).
+By default:
+ - Installs NodeJS
+
+## Host Variables (optional)
+
+| Variable | Default value | Notes |
+|----------------------|----------------|------------------------|
+| nodejs_major_version | | - |
diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml
new file mode 100644
index 0000000..c7558be
--- /dev/null
+++ b/roles/nodejs/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Download NodeJS {{ nodejs_major_version }} repo configuration
+ get_url:
+ url: https://rpm.nodesource.com/setup_{{ nodejs_major_version }}
+ dest: /tmp/setup_{{ nodejs_major_version }}
+ validate_certs: False
+ tags: installation
+
+- name: Remove old version of NodeJS
+ yum:
+ name: npm
+ state: absent
+ tags: installation
+
+- name: Configure NodeJS repo
+ shell: bash /tmp/setup_{{ nodejs_major_version }}
+ tags: installation
+
+- name: Install NodeJS
+ package:
+ name: nodejs
+ state: latest
+ tags: installation
+
+- name: Configure npm proxy
+ shell: npm config set proxy {{ ansible_env.http_proxy }} && npm config set https-proxy {{ ansible_env.https_proxy }}
+ when: "'http_proxy' in ansible_env"
+ tags: configurationn
diff --git a/roles/nodejs/vars/main.yml b/roles/nodejs/vars/main.yml
new file mode 100644
index 0000000..8b84f71
--- /dev/null
+++ b/roles/nodejs/vars/main.yml
@@ -0,0 +1,2 @@
+---
+nodejs_major_version: 10.x
diff --git a/roles/ntp-client/defaults/main.yml b/roles/ntp-client/defaults/main.yml
new file mode 100644
index 0000000..01dfef2
--- /dev/null
+++ b/roles/ntp-client/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+ntp_servers:
+ - "137.138.18.69"
+ - "137.138.16.69"
+ - "137.138.17.69"
diff --git a/roles/ntp-client/tasks/main.yml b/roles/ntp-client/tasks/main.yml
new file mode 100644
index 0000000..1f53fa1
--- /dev/null
+++ b/roles/ntp-client/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Install NTP
+ yum:
+ name: ntp
+ state: present
+ tags: installation
+
+- name: Configure NTP
+ template:
+ src: ntp.conf.j2
+ dest: /etc/ntp.conf
+ owner: root
+ group: root
+ mode: 0644
+ tags: configuration
+
+- name: Enable NTP client
+ systemd:
+ name: ntpd
+ state: started
+ enabled: yes
+ daemon_reload: yes
+ tags: configuration
diff --git a/roles/ntp-client/templates/ntp.conf.j2 b/roles/ntp-client/templates/ntp.conf.j2
new file mode 100644
index 0000000..80adf10
--- /dev/null
+++ b/roles/ntp-client/templates/ntp.conf.j2
@@ -0,0 +1,9 @@
+restrict default nomodify notrap noquery
+restrict 127.0.0.1
+driftfile /var/lib/ntp/drift
+logfile /var/log/ntp.log
+# --- Lab Timeservers -----
+{% for srv in ntp_servers %}
+server {{ srv }}
+{% endfor %}
+#