jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-30 11:15:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
roles/freepbx/defaults/main.yml Normal file
View File

@@ -0,0 +1,52 @@
---
fpbx_version: 15.0
fpbx_archive_sha1: 42aae0f245a5d6297f8f2154281f28436663ee33
fpbx_archive_url: https://mirror.freepbx.org/modules/packages/freepbx/freepbx-{{ fpbx_version }}-latest.tgz
fpbx_root_dir: /opt/freepbx
fpbx_manage_upgrade: True
fpbx_db_server: localhost
fpbx_db_user: freepbx
fpbx_db_name: freepbx
fpbx_cdr_db_name: asteriskcdrdb
# fpbx_db_pass: secret
fpbx_php_version: 56
# fbx_alias: /freepbx
# fpbx_src_ip:
# - 192.168.281.0/24
# fpbx_manager_pass: secret
# Can be set to database to use internal auth. None is used when protecting accessing with the web server
fpbx_auth_type: none
fpbx_mgm_tcp_ports: [ 5038 ]
fpbx_mgm_udp_ports: []
fpbx_voip_tcp_ports:
- 5060 # SIP, chan_pjsip
- 5061 # SIP, chan_sip
fpbx_voip_udp_ports:
- 5060 # SIP, chan_pjsip
- 5160 # SIP, chan_sip
- '10000:20000' # RTP
- 4520 # dundi
- 4569 # IAX2
fpbx_prov_tcp_ports: [ 21 ]
fpbx_prov_udp_ports: [ 69 ]
fpbx_http_ports:
- 80 # Normal HTTP
- 8088 # UCP node
- 8001 # ast WS
fpbx_mgm_src_ip: []
fpbx_voip_src_ip: []
fpbx_http_src_ip: "{{ httpd_src_ip }}"
fpbx_prov_src_ip: "{{ fpbx_voip_src_ip }}"
# Password used for provisioning. The user is phone
# A random one is created if not set here
# fpbx_phone_pass: s3crEt.
# Set to your vhost if you use one
# fpbx_vhost: https://tel.domain.net

23
roles/freepbx/files/agi/jitsi_conf_pin Normal file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/perl
use warnings;
use strict;
use LWP::UserAgent;
use JSON;
my $ret = 'error';
my $url = $ARGV[0] . '?id=' . $ARGV[1];
my $ua = LWP::UserAgent->new(timeout => 10);
$ua->env_proxy;
my $response = $ua->get($url);
if ($response->is_success){
my $json = from_json($response->content);
if (defined $json and defined $json->{conference}){
$ret = $json->{conference};
$ret =~ s/@.*//;
}
}
print "SET VARIABLE JITSI_ROOM $ret\n";

32
roles/freepbx/files/patches/install_dbhost.patch Normal file
View File

@@ -0,0 +1,32 @@
--- ./installlib/installcommand.class.php.orig 2019-05-24 18:06:10.587719554 +0200
+++ ./installlib/installcommand.class.php 2019-05-24 18:09:43.226443972 +0200
@@ -17,6 +17,10 @@
'default' => 'mysql',
'description' => 'Database engine'
),
+ 'dbhost' => array(
+ 'default' => 'localhost',
+ 'description' => 'Database server'
+ ),
'dbname' => array(
'default' => 'asterisk',
'description' => 'Database name'
@@ -366,6 +370,9 @@
if (isset($answers['dbengine'])) {
$amp_conf['AMPDBENGINE'] = $answers['dbengine'];
}
+ if (isset($answers['dbhost'])) {
+ $amp_conf['AMPDBHOST'] = $answers['dbhost'];
+ }
if (isset($answers['dbname'])) {
$amp_conf['AMPDBNAME'] = $answers['dbname'];
}
@@ -415,7 +422,7 @@
$amp_conf['AMPDBUSER'] = $answers['dbuser'];
$amp_conf['AMPDBPASS'] = $answers['dbpass'];
- $amp_conf['AMPDBHOST'] = 'localhost';
+ $amp_conf['AMPDBHOST'] = $answers['dbhost'];
if($dbroot) {
$output->write("Database Root installation checking credentials and permissions..");

21
roles/freepbx/files/patches/webrtc_proxy.patch Normal file
View File

@@ -0,0 +1,21 @@
--- /opt/freepbx/web/admin/modules/webrtc/Webrtc.class.php.orig 2019-11-12 14:47:05.904759608 +0100
+++ /opt/freepbx/web/admin/modules/webrtc/Webrtc.class.php 2019-11-12 14:55:46.392864447 +0100
@@ -374,13 +374,14 @@
$prefix = $this->FreePBX->Config->get('HTTPPREFIX');
$suffix = !empty($prefix) ? "/".$prefix."/ws" : "/ws";
- if($secure && !$this->FreePBX->Config->get('HTTPTLSENABLE')) {
- return array("status" => false, "message" => _("HTTPS is not enabled for Asterisk"));
- }
+ //if($secure && !$this->FreePBX->Config->get('HTTPTLSENABLE')) {
+ // return array("status" => false, "message" => _("HTTPS is not enabled for Asterisk"));
+ //}
$type = ($this->FreePBX->Config->get('HTTPTLSENABLE') && $secure) ? 'wss' : 'ws';
$port = ($this->FreePBX->Config->get('HTTPTLSENABLE') && $secure) ? $this->FreePBX->Config->get('HTTPTLSBINDPORT') : $this->FreePBX->Config->get('HTTPBINDPORT');
- $results['websocket'] = !empty($results['websocket']) ? $results['websocket'] : $type.'://'.$sip_server.':'.$port.$suffix;
+ //$results['websocket'] = !empty($results['websocket']) ? $results['websocket'] : $type.'://'.$sip_server.':'.$port.$suffix;
+ $results['websocket'] = !empty($results['websocket']) ? $results['websocket'] : 'wss://'.$_SERVER['HTTP_HOST'].'/'.$this->FreePBX->Config->get('HTTPPREFIX').'/ws';
try {
$stunaddr = $this->FreePBX->Sipsettings->getConfig("webrtcstunaddr");
$stunaddr = !empty($stunaddr) ? $stunaddr : $this->FreePBX->Sipsettings->getConfig("stunaddr");

228
roles/freepbx/files/safe_asterisk Executable file
View File

@@ -0,0 +1,228 @@
#!/bin/sh
ASTETCDIR="/etc/asterisk"
ASTSBINDIR="/usr/sbin"
ASTVARRUNDIR="/var/run/asterisk"
ASTVARLOGDIR="/var/log/asterisk"
CLIARGS="$*" # Grab any args passed to safe_asterisk
TTY=9 # TTY (if you want one) for Asterisk to run on
CONSOLE=yes # Whether or not you want a console
#NOTIFY=root@localhost # Who to notify about crashes
#EXEC=/path/to/somescript # Run this command if Asterisk crashes
#LOGFILE="${ASTVARLOGDIR}/safe_asterisk.log" # Where to place the normal logfile (disabled if blank)
#SYSLOG=local0 # Which syslog facility to use (disabled if blank)
MACHINE=`hostname` # To specify which machine has crashed when getting the mail
DUMPDROP="${DUMPDROP:-/tmp}"
RUNDIR="${RUNDIR:-/tmp}"
SLEEPSECS=4
ASTPIDFILE="${ASTVARRUNDIR}/asterisk.pid"
# comment this line out to have this script _not_ kill all mpg123 processes when
# asterisk exits
KILLALLMPG123=1
# run asterisk with this priority
PRIORITY=0
# set system filemax on supported OSes if this variable is set
# SYSMAXFILES=262144
# Asterisk allows full permissions by default, so set a umask, if you want
# restricted permissions.
#UMASK=022
# set max files open with ulimit. On linux systems, this will be automatically
# set to the system's maximum files open devided by two, if not set here.
# MAXFILES=32768
message() {
if test -n "$TTY" && test "$TTY" != "no"; then
echo "$1" >/dev/${TTY}
fi
if test -n "$SYSLOG"; then
logger -p "${SYSLOG}.warn" -t safe_asterisk[$$] "$1"
fi
if test -n "$LOGFILE"; then
echo "safe_asterisk[$$]: $1" >>"$LOGFILE"
fi
}
# Check if Asterisk is already running. If it is, then bug out, because
# starting safe_asterisk when Asterisk is running is very bad.
VERSION=`"${ASTSBINDIR}/asterisk" -nrx 'core show version' 2>/dev/null`
if test "`echo $VERSION | cut -c 1-8`" = "Asterisk"; then
message "Asterisk is already running. $0 will exit now."
exit 1
fi
# since we're going to change priority and open files limits, we need to be
# root. if running asterisk as other users, pass that to asterisk on the command
# line.
# if we're not root, fall back to standard everything.
if test `id -u` != 0; then
echo "Oops. I'm not root. Falling back to standard prio and file max." >&2
echo "This is NOT suitable for large systems." >&2
PRIORITY=0
message "safe_asterisk was started by `id -n` (uid `id -u`)."
else
if `uname -s | grep Linux >/dev/null 2>&1`; then
# maximum number of open files is set to the system maximum
# divided by two if MAXFILES is not set.
if test -z "$MAXFILES"; then
# just check if file-max is readable
if test -r /proc/sys/fs/file-max; then
MAXFILES=$((`cat /proc/sys/fs/file-max` / 2))
# don't exceed upper limit of 2^20 for open
# files on systems where file-max is > 2^21
if test $MAXFILES -gt 1048576; then
MAXFILES=1048576
fi
fi
fi
SYSCTL_MAXFILES="fs.file-max"
elif `uname -s | grep Darwin /dev/null 2>&1`; then
SYSCTL_MAXFILES="kern.maxfiles"
fi
if test -n "$SYSMAXFILES"; then
if test -n "$SYSCTL_MAXFILES"; then
sysctl -w $SYSCTL_MAXFILES=$SYSMAXFILES
fi
fi
# set the process's filemax to whatever set above
ulimit -n $MAXFILES
if test ! -d "${ASTVARRUNDIR}"; then
mkdir -p "${ASTVARRUNDIR}"
chmod 770 "${ASTVARRUNDIR}"
fi
fi
if test -n "$UMASK"; then
umask $UMASK
fi
#
# Let Asterisk dump core
#
ulimit -c unlimited
#
# Don't fork when running "safely"
#
ASTARGS=""
if test -n "$TTY" && test "$TTY" != "no"; then
if test -c /dev/tty${TTY}; then
TTY=tty${TTY}
elif test -c /dev/vc/${TTY}; then
TTY=vc/${TTY}
elif test "$TTY" = "9"; then # ignore default if it was untouched
# If there is no /dev/tty9 and not /dev/vc/9 we don't
# necessarily want to die at this point. Pretend that
# TTY wasn't set.
TTY=
else
message "Cannot find specified TTY (${TTY})"
exit 1
fi
if test -n "$TTY"; then
ASTARGS="${ASTARGS} -vvvg"
if test "$CONSOLE" != "no"; then
ASTARGS="${ASTARGS} -c"
fi
fi
fi
if test ! -d "${RUNDIR}"; then
message "${RUNDIR} does not exist, creating"
if ! mkdir -p "${RUNDIR}"; then
message "Unable to create ${RUNDIR}"
exit 1
fi
fi
if test ! -w "${DUMPDROP}"; then
message "Cannot write to ${DUMPDROP}"
exit 1
fi
#
# Don't die if stdout/stderr can't be written to
#
trap '' PIPE
#
# Run scripts to set any environment variables or do any other system-specific setup needed
#
if test -d "${ASTETCDIR}/startup.d"; then
for script in "${ASTETCDIR}/startup.d/"*.sh; do
if test -r "${script}"; then
. "${script}"
fi
done
fi
run_asterisk()
{
while :; do
if test -n "$TTY" && test "$TTY" != "no"; then
cd "${RUNDIR}"
stty sane </dev/${TTY}
nice -n $PRIORITY "${ASTSBINDIR}/asterisk" -f ${CLIARGS} ${ASTARGS} >/dev/${TTY} 2>&1 </dev/${TTY}
else
cd "${RUNDIR}"
nice -n $PRIORITY "${ASTSBINDIR}/asterisk" -f ${CLIARGS} ${ASTARGS} >/dev/null 2>&1 </dev/null
fi
EXITSTATUS=$?
message "Asterisk ended with exit status $EXITSTATUS"
if test $EXITSTATUS -eq 0; then
# Properly shutdown....
message "Asterisk shutdown normally."
exit 0
elif test $EXITSTATUS -gt 128; then
EXITSIGNAL=$((EXITSTATUS - 128))
message "Asterisk exited on signal $EXITSIGNAL."
if test -n "$NOTIFY"; then
echo "Asterisk on $MACHINE exited on signal $EXITSIGNAL. Might want to take a peek." | \
mail -s "Asterisk on $MACHINE died (sig $EXITSIGNAL)" $NOTIFY
fi
if test -n "$EXEC"; then
$EXEC
fi
PID=`cat ${ASTPIDFILE}`
DATE=`date "+%Y-%m-%dT%H:%M:%S%z"`
if test -f "${RUNDIR}/core.${PID}"; then
mv "${RUNDIR}/core.${PID}" "${DUMPDROP}/core.`hostname`-$DATE" &
elif test -f "${RUNDIR}/core"; then
mv "${RUNDIR}/core" "${DUMPDROP}/core.`hostname`-$DATE" &
fi
else
message "Asterisk died with code $EXITSTATUS."
PID=`cat ${ASTPIDFILE}`
DATE=`date "+%Y-%m-%dT%H:%M:%S%z"`
if test -f "${RUNDIR}/core.${PID}"; then
mv "${RUNDIR}/core.${PID}" "${DUMPDROP}/core.`hostname`-$DATE" &
elif test -f "${RUNDIR}/core"; then
mv "${RUNDIR}/core" "${DUMPDROP}/core.`hostname`-$DATE" &
fi
fi
message "Automatically restarting Asterisk."
sleep $SLEEPSECS
if test "0$KILLALLMPG123" -gt 0; then
pkill -9 mpg123
fi
done
}
if test -n "$ASTSAFE_FOREGROUND"; then
run_asterisk
else
run_asterisk &
fi

16
roles/freepbx/handlers/main.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: reload freepbx
service: name=freepbx state=reloaded
- name: restart freepbx
service: name=freepbx state=restarted
- name: fpbx chown
command: /usr/local/bin/fwconsole chown
- name: restart systemd-modules-load
service: name=systemd-modules-load state=restarted
- name: restart vsftpd
service: name=vsftpd state=restarted

9
roles/freepbx/meta/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
dependencies:
- role: repo_asterisk
- role: repo_elrepo
- role: repo_nodejs
- role: httpd_php
- role: mysql_server
when: fpbx_db_server == 'localhost' or fpbx_server == '127.0.0.1'

5
roles/freepbx/tasks/filebeat.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Deploy filebeat configuration
template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/freepbx.yml
tags: fpbx,log

442
roles/freepbx/tasks/main.yml Normal file
View File

@@ -0,0 +1,442 @@
---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
- vars/defaults.yml
tags: fpbx
- name: Install Asterisk and its dependencies
yum: name={{ fpbx_packages }}
tags: fpbx
- name: Build a list of music on hold format to install
set_fact: fpbx_moh_pkg={{ fpbx_moh_pkg | default([ 'asterisk-moh-opsound' ]) + [ 'asterisk-moh-opsound-' ~ item ] }}
loop:
- alaw
- g722
- g729
- gsm
- siren14
- siren7
- sln16
- ulaw
- wav
tags: fpbx
- name: Build a list of languages packages to install
set_fact: fpbx_snd_pkg={{ fpbx_snd_pkg | default([]) + [ 'asterisk-sounds-core-' ~ item.0 ~ '-' ~ item.1 ] }}
with_nested:
- - en
- es
- fr
- it
- - alaw
- g722
- g729
- gsm
- siren14
- siren7
- sln16
- ulaw
- wav
tags: fpbx
- name: Install music on hold and languages packages
yum: name={{ fpbx_moh_pkg + fpbx_snd_pkg }}
tags: fpbx
- import_tasks: ../includes/disable_selinux.yml
tags: fpbx
- block:
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_version }}"
- manage_upgrade: False
- set_fact: fpbx_install_mode={{ (install_mode == 'install') | ternary('install','none') }}
- set_fact: fpbx_current_version={{ current_version | default('') }}
tags: fpbx
- name: Create directories
file: path={{ fpbx_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
loop:
- dir: web
- dir: cgi-bin
- dir: meta
mode: 700
- dir: backup
mode: 700
- dir: tmp
- dir: sessions
- dir: archives
- dir: web/admin/modules/ucp/
- dir: provisioning/contacts
- dir: provisioning/logs
- dir: provisioning/overrides
- dir: provisioning/licenses
- dir: provisioning/bmp
- dir: provisioning/config_bkup/contacts
tags: fpbx
- name: Remove obsolete directories
file: path={{ fpbx_root_dir }}/{{ item }} state=absent
loop:
- db_dumps
tags: fpbx
- name: Create /tftpboot
file: dest=/tftpboot src={{ fpbx_root_dir }}/provisioning state=link
tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_phonepass"
- pass_size: 12
- complex: False
when: fpbxphone_pass is not defined
tags: fpbx
- set_fact: fpbx_phone_pass={{ rand_pass }}
when: fpbx_phone_pass is not defined
tags: fpbx
- name: Create a user for provisioning
user:
name: phone
home: "{{ fpbx_root_dir }}/provisioning"
shell: /bin/rbash
password: "{{ fpbx_phone_pass | password_hash('sha256', 65535 | random(seed=inventory_hostname)) }}"
tags: fpbx
- name: Configure vsftpd
template: src=vsftpd/{{ item }}.j2 dest=/etc/vsftpd/{{ item }}
loop:
- user_list
- vsftpd.conf
- chroot_list
notify: restart vsftpd
tags: fpbx
- name: Deploy PAM config for vsftpd
template: src=vsftpd/pam.j2 dest=/etc/pam.d/vsftpd
tags: fpbx
- name: Load iptables FTP helper
copy: content="nf_conntrack_ftp" dest=/etc/modules-load.d/freepbx.conf
notify: restart systemd-modules-load
tags: fpbx
- name: Start and enable vsftpd
service: name=vsftpd state=started enabled=True
tags: fpbx
- import_tasks: ../includes/webapps_archive.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_current_version }}"
- db_name: "{{ fpbx_db_name }}"
- db_server: "{{ fpbx_db_server }}"
when: fpbx_install_mode == 'upgrade'
tags: fpbx
- name: Download FreePBX
get_url:
url: "{{ fpbx_archive_url }}"
dest: "{{ fpbx_root_dir }}/tmp/"
checksum: "sha1:{{ fpbx_archive_sha1 }}"
when: fpbx_install_mode != 'none'
tags: fpbx
- name: Extract fpbx archive
unarchive:
src: "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
dest: "{{ fpbx_root_dir }}/tmp"
remote_src: yes
when: fpbx_install_mode != 'none'
tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_dbpass"
- complex: False
when: fpbx_db_pass is not defined
tags: fpbx
- set_fact: fpbx_db_pass={{ rand_pass }}
when: fpbx_db_pass is not defined
tags: fpbx
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ fpbx_db_name }}"
- db_user: "{{ fpbx_db_user }}"
- db_server: "{{ fpbx_db_server }}"
- db_pass: "{{ fpbx_db_pass }}"
- append_privs: True
tags: fpbx
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ fpbx_cdr_db_name }}"
- db_user: "{{ fpbx_db_user }}"
- db_server: "{{ fpbx_db_server }}"
- db_pass: "{{ fpbx_db_pass }}"
- append_privs: True
tags: fpbx
- name: Ensure asterisk is running
service: name=asterisk state=started
when: fpbx_install_mode == 'install'
tags: fpbx
- name: Remove config file before installation
file: path={{ item }} state=absent
loop:
- /etc/freepbx.conf
- /etc/amportal.conf
when: fpbx_install_mode == 'install'
tags: fpbx
- name: Install base framework
command: >
scl enable php{{ fpbx_php_version }} -- ./install
-n --webroot={{ fpbx_root_dir }}/web --dbengine=mysql
--dbuser={{ fpbx_db_user }} --dbname={{ fpbx_db_name }}
--cdrdbname={{ fpbx_cdr_db_name }} --dbpass={{ fpbx_db_pass | quote }}
--astmoddir=/usr/lib64/asterisk/modules/
--astagidir=/usr/share/asterisk/agi-bin/
--ampsbin=/usr/local/bin
--ampcgibin=/opt/freepbx/cgi-bin
args:
chdir: "{{ fpbx_root_dir }}/tmp/freepbx"
when: fpbx_install_mode == 'install'
tags: fpbx
# TODO: should be in a loop to patch easily several files, but checking for file presence in a loop
# is a pain with ansible
#- name: Check if webrtc class exist
# stat: path={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
# register: fpbx_webrtc_class
# tags: fpbx
#
#- name: Patch webrtc class
# patch: src=patches/webrtc_proxy.patch dest={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
# when: fpbx_webrtc_class.stat.exists
# tags: fpbx
- name: Check for wrapper symlinks
stat: path=/usr/local/bin/{{ item }}
register: fpbx_wrapper_links
loop:
- fwconsole
- amportal
tags: fpbx
- name: Remove symlinks
file: path=/usr/local/bin/{{ item.item }} state=absent
when: item.stat.islnk is defined and item.stat.islnk
loop: "{{ fpbx_wrapper_links.results }}"
tags: fpbx
- name: Install wrappers
template: src={{ item }}.j2 dest=/usr/local/bin/{{ item }} mode=755
loop:
- fwconsole
- amportal
tags: fpbx
- name: Install safe_asterisk
copy: src=safe_asterisk dest=/usr/local/bin/safe_asterisk mode=755
tags: fpbx
- name: Ensure asterisk service is stopped and disabled
service: name=asterisk state=stopped enabled=False
tags: fpbx
- name: Ensure /etc/systemd/system/ exists
file: path=/etc/systemd/system/ state=directory
tags: fpbx
- name: Deploy FreePBX service unit
template: src=freepbx.service.j2 dest=/etc/systemd/system/freepbx.service
register: fpbx_unit
notify: restart freepbx
tags: fpbx
- name: Reload systemd
systemd: daemon_reload=True
when: fpbx_unit.changed
tags: fpbx
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
- "{{ fpbx_root_dir }}/tmp/freepbx"
tags: fpbx
#- name: Update modules
# command: /usr/local/bin/fwconsole ma updateall
# changed_when: False
# tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_manager_pass"
- complex: False
when: fpbx_manager_pass is not defined
tags: fpbx
- set_fact: fpbx_manager_pass={{ rand_pass }}
when: fpbx_manager_pass is not defined
tags: fpbx
- name: Deploy configuration
template: src={{ item }}.j2 dest=/etc/{{ item }}
loop:
- freepbx.conf
notify:
- reload freepbx
- fpbx chown
tags: fpbx
- name: Configure manager.conf and extensions.conf
lineinfile:
path: "{{ item.file }}"
regexp: '^{{ item.param }}\s*=.*'
line: '{{ item.param }} = {{ item.value }}'
loop:
# - param: AMPMGRPASS
# value: "{{ fpbx_manager_pass }}"
# file: /etc/asterisk/extensions_additional.conf
#- param: AMPDBHOST
# value: "{{ fpbx_db_server }}"
# file: /etc/amportal.conf
#- param: AMPDBNAME
# value: "{{ fpbx_db_name }}"
# file: /etc/amportal.conf
#- param: AMPDBUSER
# value: "{{ fpbx_db_user }}"
# file: /etc/amportal.conf
#- param: AMPDBPASS
# value: "{{ fpbx_db_pass }}"
# file: /etc/amportal.conf
#- param: CDRDBNAME
# value: "{{ fpbx_cdr_db_name }}"
# file: /etc/amportal.conf
- param: secret
value: "{{ fpbx_manager_pass }}"
file: /etc/asterisk/manager.conf
tags: fpbx
- name: Set amportal settings
command: /usr/local/bin/fwconsole setting {{ item.param }} {{ item.value }}
loop:
- param: AMPMGRUSER
value: admin
- param: AMPMGRPASS
value: "{{ fpbx_manager_pass }}"
- param: PROXY_ENABLED
value: "{{ (system_proxy is defined and system_proxy != '') | ternary('TRUE','FALSE') }}"
- param: PROXY_ADDRESS
value: "'{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}'"
- param: AUTHTYPE
value: "{{ fpbx_auth_type }}"
- param: PHPTIMEZONE
value: "{{ system_tz | default('UTC') }}"
- param: HTTPENABLED
value: TRUE
- param: HTTPBINDADDRESS
value: 0.0.0.0
- param: HTTPBINDPORT
value: 8088
- param: HTTPPREFIX
value: asterisk
- param: NODEJSBINDADDRESS
value: 0.0.0.0
- param: NODEJSHTTPSBINDADDRESS
value: 0.0.0.0
- param: SIGNATURECHECK
value: FALSE # Needed since we're going to patch some module to pass through a rev proxy
changed_when: False
tags: fpbx
- name: Set global language # TODO : this is an ugly hack
command: mysql --host={{ fpbx_db_server}} --user={{ fpbx_db_user }} --password={{ fpbx_db_pass | quote }} {{ fpbx_db_name }} -e "UPDATE `soundlang_settings` SET `value`='fr' WHERE `keyword`='language'"
changed_when: False
tags: fpbx
- import_tasks: ../includes/webapps_webconf.yml
vars:
- app_id: freepbx
- php_version: "{{ fpbx_php_version }}"
- php_fpm_pool: "{{ fpbx_php_fpm_pool | default('') }}"
tags: fpbx
- name: Deploy pre/post backup scripts
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/freepbx.sh mode=750
loop:
- pre
- post
tags: fpbx
- name: Install agi scripts
copy: src=agi/{{ item }} dest=/usr/share/asterisk/agi-bin/{{ item }} mode=750 group=asterisk
loop:
- jitsi_conf_pin
tags: fpbx
- name: Handle FreePBX ports
iptables_raw:
name: "{{ item.name }}"
state: "{{ (item.src | length > 0 and (item.tcp_ports | length > 0 or item.udp_ports | length > 0)) | ternary('present','absent') }}"
rules: "{% if item.tcp_ports is defined and item.tcp_ports | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.tcp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
{% if item.udp_ports is defined and item.udp_ports | length > 0 %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.udp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
when: iptables_manage | default(True)
loop:
- name: fpbx_mgm_ports
tcp_ports: "{{ fpbx_mgm_tcp_ports }}"
udp_ports: "{{ fpbx_mgm_udp_ports }}"
src: "{{ fpbx_mgm_src_ip }}"
- name: fpbx_voip_ports
tcp_ports: "{{ fpbx_voip_tcp_ports }}"
udp_ports: "{{ fpbx_voip_udp_ports }}"
src: "{{ fpbx_voip_src_ip }}"
- name: fpbx_http_ports
tcp_ports: "{{ fpbx_http_ports }}"
src: "{{ fpbx_http_src_ip }}"
- name: fpbx_prov_ports
tcp_ports: "{{ fpbx_prov_tcp_ports }}"
udp_ports: "{{ fpbx_prov_udp_ports }}"
src: "{{ fpbx_prov_src_ip }}"
tags: fpbx,firewall
- name: Remove old iptables rules
iptables_raw:
name: "{{ item }}"
state: absent
loop:
- ast_mgm_tcp_ports
- ast_mgm_udp_ports
- ast_voip_tcp_ports
- ast_voip_udp_ports
- ast_http_ports
tags: fpbx,firewall
- name: Install logrotate config
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/asterisk
tags: fpbx
- name: Start and enable the service
service: name=freepbx state=started enabled=True
tags: fpbx
- import_tasks: ../includes/webapps_post.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_version }}"
tags: fpbx
- include: filebeat.yml

3
roles/freepbx/templates/amportal.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash -e
scl enable php{{ fpbx_php_version }} -- /var/lib/asterisk/bin/amportal "$@"

28
roles/freepbx/templates/asterisk/manager.conf.j2 Normal file
View File

@@ -0,0 +1,28 @@
;
; AMI - Asterisk Manager interface
;
; FreePBX needs this to be enabled. Note that if you enable it on a different IP, you need
; to assure that this can't be reached from un-authorized hosts with the ACL settings (permit/deny).
; Also, remember to configure non-default port or IP-addresses in amportal.conf.
;
; The AMI connection is used both by the portal and the operator's panel in FreePBX.
;
; FreePBX assumes an AMI connection to localhost:5038 by default.
;
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
displayconnects=no ;only effects 1.6+
[admin]
secret = {{ fpbx_manager_pass }}
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000
#include manager_additional.conf
#include manager_custom.conf

9
roles/freepbx/templates/filebeat.yml.j2 Normal file
View File

@@ -0,0 +1,9 @@
- type: log
enabled: True
paths:
- /var/log/asterisk/full
- /var/log/asterisk/*.log
- /var/lib/asterisk/.pm2/pm2.log
exclude_files:
- '\.[xg]z$'
- '\.\d+$'

13
roles/freepbx/templates/freepbx.conf.j2 Normal file
View File

@@ -0,0 +1,13 @@
<?php
// {{ ansible_managed }}
$amp_conf['AMPDBUSER'] = '{{ fpbx_db_user }}';
$amp_conf['AMPDBPASS'] = '{{ fpbx_db_pass }}';
$amp_conf['AMPDBHOST'] = 'localhost';
$amp_conf['AMPDBNAME'] = '{{ fpbx_db_name }}';
$amp_conf['AMPDBENGINE'] = 'mysql';
$amp_conf['datasource'] = '';
require_once('/opt/freepbx/web/admin/bootstrap.php');
?>

19
roles/freepbx/templates/freepbx.service.j2 Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=FreePBX VoIP Server
{% if fpbx_db_server == 'localhost' or fpbx_db_server == '127.0.0.1' %}
Requires=mariadb.service
{% endif %}
[Service]
Type=forking
ExecStart=/usr/local/bin/fwconsole start -q
ExecStop=/usr/local/bin/fwconsole stop -q
ExecReload=/usr/local/bin/fwconsole reload -q
SyslogIdentifier=FreePBX
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

3
roles/freepbx/templates/fwconsole.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash -e
scl enable php{{ fpbx_php_version }} -- /var/lib/asterisk/bin/fwconsole "$@"

20
roles/freepbx/templates/httpd.conf.j2 Normal file
View File

@@ -0,0 +1,20 @@
{% if fpbx_alias is defined %}
Alias /{{ fpbx_alias }} {{ fpbx_root_dir }}/web/
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
ProxyTimeout 900
RewriteEngine On
<Directory {{ fpbx_root_dir }}/web/>
AllowOverride All
Options FollowSymLinks
{% if fpbx_src_ip is defined %}
Require ip {{ fpbx_src_ip | join(' ') }}
{% else %}
Require all granted
{% endif %}
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/{{ fpbx_php_fpm_pool | default('freepbx') }}.sock|fcgi://localhost"
</FilesMatch>
</Directory>

27
roles/freepbx/templates/logrotate.conf.j2 Normal file
View File

@@ -0,0 +1,27 @@
/var/log/asterisk/messages
/var/log/asterisk/event_log
/var/log/asterisk/queue_log
/var/log/asterisk/full
/var/log/asterisk/security
/var/log/asterisk/freepbx.log
/var/log/asterisk/freepbx_security.log
/var/log/asterisk/ucp_err.log
/var/log/asterisk/ucp_out.log
/var/log/asterisk/cdr-csv/Master.csv
{
missingok
notifempty
su asterisk asterisk
create 0640 asterisk asterisk
sharedscripts
daily
rotate 365
compress
compressoptions -T0
compresscmd /usr/bin/xz
compressext .xz
uncompresscmd /usr/bin/unxz
postrotate
/usr/sbin/asterisk -rx 'logger reload' >/dev/null 2>/dev/null || true
endscript
}

18
roles/freepbx/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
restorecon -R {{ fpbx_root_dir }}
chmod 755 {{ fpbx_root_dir }}
chown root:root {{ fpbx_root_dir }}/{meta,db_dumps}
chmod 700 {{ fpbx_root_dir }}/{meta,db_dumps}
setfacl -k -b {{ fpbx_root_dir }}
setfacl -m u:asterisk:rx,u:{{ httpd_user | default('apache') }}:rx {{ fpbx_root_dir }}
chown -R root:root {{ fpbx_root_dir }}/web
chown -R asterisk:asterisk {{ fpbx_root_dir }}/{tmp,sessions,web}
chmod 755 {{ fpbx_root_dir }}/provisioning
chown -R asterisk:asterisk {{ fpbx_root_dir }}/provisioning
setfacl -m u:phone:rX {{ fpbx_root_dir }}/provisioning/*
setfacl -R -m u:phone:rwX {{ fpbx_root_dir }}/provisioning/{contacts,logs,overrides,licenses,bmp}
chmod 700 {{ fpbx_root_dir }}/{tmp,sessions}
find {{ fpbx_root_dir }}/web -type f -exec chmod 644 "{}" \;
find {{ fpbx_root_dir }}/web -type d -exec chmod 755 "{}" \;
scl enable php{{ fpbx_php_version }} -- /usr/local/bin/fwconsole chown

45
roles/freepbx/templates/php.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
; {{ ansible_managed }}
[freepbx]
listen.owner = root
listen.group = {{ httpd_user | default('apache') }}
listen.mode = 0660
listen = /run/php-fpm/freepbx.sock
user = asterisk
group = asterisk
catch_workers_output = yes
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 6
pm.max_requests = 5000
request_terminate_timeout = 60m
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = 512M
php_admin_value[session.save_path] = {{ fpbx_root_dir }}/sessions
php_admin_value[upload_tmp_dir] = {{ fpbx_root_dir }}/tmp
php_admin_value[sys_temp_dir] = {{ fpbx_root_dir }}/tmp
php_admin_value[post_max_size] = 50M
php_admin_value[upload_max_filesize] = 50M
php_admin_value[max_execution_time] = 900
php_admin_value[max_input_time] = 900
php_admin_flag[allow_url_include] = off
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_uploads] = on
php_admin_flag[session.cookie_httponly] = on
; Needed so that the #!/usr/bin/env php shebang will point to the correct PHP version
env[PATH] = /opt/remi/php{{ fpbx_php_version }}/root/usr/bin:/opt/remi/php{{ fpbx_php_version }}/root/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
{% if system_proxy is defined and system_proxy != '' %}
env[http_proxy] = {{ system_proxy }}
env[https_proxy] = {{ system_proxy }}
{% if system_proxy_no_proxy is defined and system_proxy_no_proxy | length > 0 %}
env[no_proxy] = {{ system_proxy_no_proxy | join(',') }}
{% endif %}
{% endif %}

3
roles/freepbx/templates/post_backup.sh.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f {{ fpbx_root_dir }}/backup/*

20
roles/freepbx/templates/pre_backup.sh.j2 Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
set -eo pipefail
/usr/bin/mysqldump \
--quick --single-transaction \
{% if fpbx_db_server not in ['127.0.0.1', 'localhost'] %}
--user={{ fpbx_db_user }} \
--password={{ fpbx_db_pass | quote }} \
--host={{ fpbx_db_server }} \
{% endif %}
--add-drop-table {{ fpbx_db_name }} | zstd -T0 -c > {{ fpbx_root_dir }}/backup/{{ fpbx_db_name }}.sql.zst
/usr/bin/mysqldump \
--quick --single-transaction \
{% if fpbx_db_server not in ['127.0.0.1', 'localhost'] %}
--user={{ fpbx_db_user }} \
--password={{ fpbx_db_pass | quote }} \
--host={{ fpbx_db_server }} \
{% endif %}
--add-drop-table {{ fpbx_cdr_db_name }} | zstd -T0 -c > {{ fpbx_root_dir }}/backup/{{ fpbx_cdr_db_name }}.sql.zst

1
roles/freepbx/templates/vsftpd/chroot_list.j2 Normal file
View File

@@ -0,0 +1 @@
phone

7
roles/freepbx/templates/vsftpd/pam.j2 Normal file
View File

@@ -0,0 +1,7 @@
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth

1
roles/freepbx/templates/vsftpd/user_list.j2 Normal file
View File

@@ -0,0 +1 @@
phone

15
roles/freepbx/templates/vsftpd/vsftpd.conf.j2 Normal file
View File

@@ -0,0 +1,15 @@
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=007
xferlog_enable=YES
xferlog_std_format=YES
chroot_list_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_deny=NO
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100

32
roles/freepbx/vars/RedHat-7.yml Normal file
View File

@@ -0,0 +1,32 @@
---
fpbx_packages:
- asterisk
- asterisk-voicemail
- asterisk-pjsip
- asterisk-sip
- asterisk-mysql
- asterisk-ael
- asterisk-iax2
- asterisk-dahdi
- asterisk-fax
- asterisk-ldap
- asterisk-misdn
- asterisk-mp3
- asterisk-odbc
- mysql-connector-odbc
- mpg123
- lame
- opus
- nmap
- nodejs
- tar
- mariadb
- MySQL-python
- acl
- gcc-c++ # needed for ucp
- icu
- libicu-devel
- patch
- vsftpd

31
roles/freepbx/vars/RedHat-8.yml Normal file
View File

@@ -0,0 +1,31 @@
---
fpbx_packages:
- asterisk
- asterisk-voicemail
- asterisk-pjsip
- asterisk-sip
- asterisk-mysql
- asterisk-ael
- asterisk-iax2
- asterisk-dahdi
- asterisk-fax
- asterisk-ldap
- asterisk-mp3
- asterisk-odbc
- mariadb-connector-odbc
- mpg123
# - lame
- opus
- nmap
- nodejs
- tar
- mariadb
- python3-mysql
- acl
- gcc-c++ # needed for ucp
- icu
- libicu-devel
- patch
- vsftpd