From 2c684526ff0bd280d84d583d415008954c188154 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 15 May 2024 15:01:01 +0200 Subject: [PATCH] Update to 2024-05-15 15:01 --- roles/bookstack/defaults/main.yml | 4 +-- roles/bookstack/tasks/conf.yml | 2 +- roles/diagrams/defaults/main.yml | 4 +-- roles/jmeter-server/tasks/conf.yml | 9 +++++++ roles/jmeter-server/templates/log4j2.xml.j2 | 27 +++++++++++++++++++ roles/kimai/defaults/main.yml | 4 +-- roles/lemonldap_ng/vars/RedHat-7.yml | 2 +- roles/lemonldap_ng/vars/RedHat-8.yml | 2 +- roles/lemonldap_ng/vars/RedHat-9.yml | 2 +- roles/nomad/defaults/main.yml | 5 ++++ roles/nomad/tasks/conf.yml | 1 + roles/nomad/templates/nomad.hcl.j2 | 17 ++++++++++++ roles/penpot/tasks/install.yml | 13 ++++++++- roles/penpot/templates/nginx.conf.j2 | 2 ++ .../penpot/templates/penpot-server.service.j2 | 2 +- roles/penpot/vars/RedHat-8.yml | 6 ++--- roles/penpot/vars/RedHat-9.yml | 18 +++++++++++++ roles/prosody/defaults/main.yml | 2 -- roles/repo_lemonldap_ng/tasks/main.yml | 4 ++- 19 files changed, 108 insertions(+), 18 deletions(-) create mode 100644 roles/jmeter-server/tasks/conf.yml create mode 100644 roles/jmeter-server/templates/log4j2.xml.j2 create mode 100644 roles/penpot/vars/RedHat-9.yml diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml index d1ae850..e86b283 100644 --- a/roles/bookstack/defaults/main.yml +++ b/roles/bookstack/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -bookstack_version: '24.02.3' +bookstack_version: '24.05' # URL of the arhive bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz # Expected sha256 of the archive -bookstack_archive_sha256: 55e11562e550722bbbf923fc4b80f185213c033a297a16d2037b793c73464980 +bookstack_archive_sha256: 12673a0c69ce5cea5ae0b0be568da7a88c8510b9cd9e96e7cdeb4026a355482f # Should ansible handle bookstack upgrades or just the inintial install bookstack_manage_upgrade: True diff --git a/roles/bookstack/tasks/conf.yml b/roles/bookstack/tasks/conf.yml index cc0f6ab..5a53a69 100644 --- a/roles/bookstack/tasks/conf.yml +++ b/roles/bookstack/tasks/conf.yml @@ -29,7 +29,7 @@ - when: bookstack_install_mode != 'none' block: - name: Migrate the database - shell: echo yes | /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan migrate + command: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan migrate --force - name: Clear cache command: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan cache:clear diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml index 6949935..e8e2a14 100644 --- a/roles/diagrams/defaults/main.yml +++ b/roles/diagrams/defaults/main.yml @@ -1,11 +1,11 @@ --- # Veresion of diagrams to deploy -diagrams_version: 24.2.2 +diagrams_version: 24.4.0 # URL of the WAR file to deploy diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war # Expected sha256 of the WAR file -diagrams_war_sha256: 049b9d1c97f97c615ed5766c6b68722c73789e138acc26916583f35600abcc9d +diagrams_war_sha256: cea87df556b9fa802a346aabeb16f917e3ecceb1f625f72c05cfc2b9a1318778 # root directory of the installation diagrams_root_dir: /opt/diagrams # Should ansible manage upgrades, or just initial install ? diff --git a/roles/jmeter-server/tasks/conf.yml b/roles/jmeter-server/tasks/conf.yml new file mode 100644 index 0000000..6e082b3 --- /dev/null +++ b/roles/jmeter-server/tasks/conf.yml @@ -0,0 +1,9 @@ +--- + +- name: Deploy configuration + template: src={{ item.src }} dest={ item.dest }} + loop: + - src: log4j2.xml.j2 + dest: "{{ jmeter_root_dir }}/bin/log4j2.xml" + notify: restart jmeter-server + tags: jmeter diff --git a/roles/jmeter-server/templates/log4j2.xml.j2 b/roles/jmeter-server/templates/log4j2.xml.j2 new file mode 100644 index 0000000..9ad10a8 --- /dev/null +++ b/roles/jmeter-server/templates/log4j2.xml.j2 @@ -0,0 +1,27 @@ + + + + %d [%X{idreq} %X{iduser} %X{codeenv}] %-5p + [%c{1}] : %m%n + ${sys:LOG4J_LEVEL:-info} + + + + + + + + + + + + + + + + + + + + + diff --git a/roles/kimai/defaults/main.yml b/roles/kimai/defaults/main.yml index 8200afe..3260402 100644 --- a/roles/kimai/defaults/main.yml +++ b/roles/kimai/defaults/main.yml @@ -5,12 +5,12 @@ # You can set it to a number or a simple string (no special chars) kimai_id: 1 # Kimai version to deploy -kimai_version: '2.16.0' +kimai_version: '2.16.1' # URL of the archive kimai_archive_url: https://github.com/kevinpapst/kimai2/archive/refs/tags/{{ kimai_version }}.tar.gz # Expected sha256 of the archive -kimai_archive_sha256: c2c6d87e1099fc43b01f82a90c3a3523fe5da8aa180b0f0130e32c3e2e3820ef +kimai_archive_sha256: 77c3b470c82552eddaf4da962def94a201d0a60b34bd6cd91128ecc149f59ac5 # Directory where kimai will be installed kimai_root_dir: /opt/kimai_{{ kimai_id }} # Should ansible handle upgrades or only initial install diff --git a/roles/lemonldap_ng/vars/RedHat-7.yml b/roles/lemonldap_ng/vars/RedHat-7.yml index e6586af..5f181bb 100644 --- a/roles/lemonldap_ng/vars/RedHat-7.yml +++ b/roles/lemonldap_ng/vars/RedHat-7.yml @@ -1,7 +1,7 @@ --- llng_common_packages: - - lemonldap-ng-conf + - lemonldap-ng-common - perl-Cache-Cache - lemonldap-ng-fastcgi-server - uwsgi-plugin-psgi diff --git a/roles/lemonldap_ng/vars/RedHat-8.yml b/roles/lemonldap_ng/vars/RedHat-8.yml index 7889807..d542101 100644 --- a/roles/lemonldap_ng/vars/RedHat-8.yml +++ b/roles/lemonldap_ng/vars/RedHat-8.yml @@ -1,7 +1,7 @@ --- llng_common_packages: - - lemonldap-ng-conf + - lemonldap-ng-common - perl-Cache-Cache - lemonldap-ng-fastcgi-server - python3-mysql diff --git a/roles/lemonldap_ng/vars/RedHat-9.yml b/roles/lemonldap_ng/vars/RedHat-9.yml index 4ebca2d..6765380 100644 --- a/roles/lemonldap_ng/vars/RedHat-9.yml +++ b/roles/lemonldap_ng/vars/RedHat-9.yml @@ -1,7 +1,7 @@ --- llng_common_packages: - - lemonldap-ng-conf + - lemonldap-ng-common - perl-Cache-Cache - lemonldap-ng-fastcgi-server - python3-PyMySQL diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 3b0213b..789b936 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -111,6 +111,10 @@ nomad_base_conf: docker: enabled: True allow_privileged: True + disable_log_collection: False + logging: + type: json-file + config: {} volumes: enabled: False # You can set a list of caps allowed for containers. The default is the same set of caps than Docker, minus net_raw @@ -265,3 +269,4 @@ nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursiv # nomad_backup_token: 1677848e-1fcd-b24a-6fb0-56b503d75651 # or a more advanced use # nomad_backup_token: $(VAULT_TOKEN=$(cat /run/vault_agent/vault.token) vault read -field=secret_id nomad/creds/admin ttl=1m) + diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml index 8cf3fd8..94631d8 100644 --- a/roles/nomad/tasks/conf.yml +++ b/roles/nomad/tasks/conf.yml @@ -167,3 +167,4 @@ - subgid when: nomad_conf.client.enabled and 'podman' in nomad_enabled_task_drivers tags: nomad + diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 index 311a51a..5ac317c 100644 --- a/roles/nomad/templates/nomad.hcl.j2 +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -153,6 +153,23 @@ plugin "docker" { auth { config = "{{ nomad_root_dir }}/docker/auth.json" } +{% if nomad_conf.client.task_drivers.docker.disable_log_collection %} + disable_log_collection = true +{% endif %} + logging { + type = "{{ nomad_conf.client.task_drivers.docker.logging.type }}" + config { +{% for log_conf in nomad_conf.client.task_drivers.docker.logging.config.keys() | list %} +{% if nomad_conf.client.task_drivers.docker.logging.config[log_conf] is boolean %} + {{ log_conf }} = {{ nomad_conf.client.task_drivers.docker.logging.config[log_conf] | ternary('true','false') }} +{% elif nomad_conf.client.task_drivers.docker.logging.config[log_conf] is number %} + {{ log_conf }} = {{ nomad_conf.client.task_drivers.docker.logging.config[log_conf] }} +{% else %} + {{ log_conf }} = "{{ nomad_conf.client.task_drivers.docker.logging.config[log_conf] }}" +{% endif %} +{% endfor %} + } + } {% if nomad_conf.client.task_drivers.docker.volumes.enabled %} volumes { enabled = true diff --git a/roles/penpot/tasks/install.yml b/roles/penpot/tasks/install.yml index 9d2e298..3c7ed6c 100644 --- a/roles/penpot/tasks/install.yml +++ b/roles/penpot/tasks/install.yml @@ -7,7 +7,6 @@ - name: Install nodejs tools npm: name={{ item }} global=True loop: - - yarn - sfnt2woff tags: penpot @@ -46,6 +45,15 @@ command: ./scripts/build args: chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/backend" + environment: + PATH: "/usr/lib/jvm/java-21/bin:/opt/penpot/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin" + + - name: Install yarn + shell: | + corepack enable + yarn set version 4.0.2 + args: + chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/frontend" - name: Build penpot frontend command: ./scripts/build @@ -53,11 +61,14 @@ chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/frontend" environment: CURRENT_HASH: "{{ penpot_version }}" + PATH: "/usr/lib/jvm/java-21/bin:/opt/penpot/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin" - name: Build penpot exporter command: ./scripts/build args: chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/exporter" + environment: + PATH: "/usr/lib/jvm/java-21/bin:/opt/penpot/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin" - name: Install penpot exporter dependencies command: yarn install diff --git a/roles/penpot/templates/nginx.conf.j2 b/roles/penpot/templates/nginx.conf.j2 index bcf16eb..262a227 100644 --- a/roles/penpot/templates/nginx.conf.j2 +++ b/roles/penpot/templates/nginx.conf.j2 @@ -45,6 +45,7 @@ server { set $redirect_uri "$upstream_http_location"; set $redirect_host "$upstream_http_x_host"; set $redirect_cache_control "$upstream_http_cache_control"; + set $real_mtype "$upstream_http_x_mtype"; proxy_buffering off; @@ -59,6 +60,7 @@ server { add_header x-internal-redirect "$redirect_uri"; add_header x-cache-control "$redirect_cache_control"; add_header cache-control "$redirect_cache_control"; + add_header content-type "$real_mtype"; } location /assets { diff --git a/roles/penpot/templates/penpot-server.service.j2 b/roles/penpot/templates/penpot-server.service.j2 index 12a2bac..271c779 100644 --- a/roles/penpot/templates/penpot-server.service.j2 +++ b/roles/penpot/templates/penpot-server.service.j2 @@ -7,7 +7,7 @@ Type=simple User={{ penpot_user }} WorkingDirectory={{ penpot_root_dir }}/backend EnvironmentFile={{ penpot_root_dir }}/etc/env -Environment=JAVA_HOME=/usr/lib/jvm/java-17 +Environment=JAVA_HOME=/usr/lib/jvm/java-21 ExecStart={{ penpot_root_dir }}/backend/run.sh SuccessExitStatus=143 PrivateTmp=yes diff --git a/roles/penpot/vars/RedHat-8.yml b/roles/penpot/vars/RedHat-8.yml index cf98f70..14f5298 100644 --- a/roles/penpot/vars/RedHat-8.yml +++ b/roles/penpot/vars/RedHat-8.yml @@ -3,9 +3,9 @@ penpot_packages: - tar - zstd - - postgresql14 - - java-17-openjdk-headless - - java-17-openjdk-devel + - postgresql16 + - java-21-openjdk-headless + - java-21-openjdk-devel - ghostscript - ImageMagick - poppler-utils diff --git a/roles/penpot/vars/RedHat-9.yml b/roles/penpot/vars/RedHat-9.yml new file mode 100644 index 0000000..14f5298 --- /dev/null +++ b/roles/penpot/vars/RedHat-9.yml @@ -0,0 +1,18 @@ +--- + +penpot_packages: + - tar + - zstd + - postgresql16 + - java-21-openjdk-headless + - java-21-openjdk-devel + - ghostscript + - ImageMagick + - poppler-utils + - potrace + - netpbm + - liberation-fonts + - fontforge + - woff2-tools + - git + - bzip2 diff --git a/roles/prosody/defaults/main.yml b/roles/prosody/defaults/main.yml index 56fb4b0..02516cd 100644 --- a/roles/prosody/defaults/main.yml +++ b/roles/prosody/defaults/main.yml @@ -17,8 +17,6 @@ prosody_admin_users: [] # 3rd party modules to install prosody_base_modules: - name: mod_auth_ldap - - name: ext_events.lib - url: https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/ext_events.lib.lua - name: util.lib url: https://raw.githubusercontent.com/jitsi/jitsi-meet/master/resources/prosody-plugins/util.lib.lua - name: mod_speakerstats diff --git a/roles/repo_lemonldap_ng/tasks/main.yml b/roles/repo_lemonldap_ng/tasks/main.yml index bf4bebf..ea49079 100644 --- a/roles/repo_lemonldap_ng/tasks/main.yml +++ b/roles/repo_lemonldap_ng/tasks/main.yml @@ -7,13 +7,15 @@ description: "{{ item.desc }}" baseurl: "{{ item.url }}" gpgcheck: 1 - gpgkey: https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 + gpgkey: "{{ item.gpg_key }}" priority: 80 loop: - repo: lemonldap-ng url: https://lemonldap-ng.org/redhat/stable/$releasever/noarch desc: Lemonldap::NG + gpg_key: https://lemonldap-ng.org/security/GPG-KEY-LLNG-SECURITY.asc - repo: lemonldap-ng-extras url: https://lemonldap-ng.org/redhat/extras/$releasever desc: Lemonldap::NG Extras packages + gpg_key: https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 tags: repo