jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-26 15:55:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/lemonldap_ng/tasks/httpd.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: Create httpd conf dir
file: path=/etc/httpd/ansible_conf.d/ state=directory
tags: web
- name: Deploy handler's httpd configuration
template: src=httpd_handler.conf.j2 dest=/etc/httpd/ansible_conf.d/10-llng_handler.conf
when: llng_handler == True
notify: reload httpd
tags: web
- name: Deploy portal's httpd configuration
template: src=httpd_portal.conf.j2 dest=/etc/httpd/ansible_conf.d/22-llng_portal.conf
when: llng_portal == True
notify: reload httpd
tags: web
- name: Deploy manager's httpd configuration
template: src=httpd_manager.conf.j2 dest=/etc/httpd/ansible_conf.d/23-llng_manager.conf
when: llng_manager == True
notify: reload httpd
tags: web

163
roles/lemonldap_ng/tasks/main.yml Normal file
View File

@@ -0,0 +1,163 @@
---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: web
- name: Install common packages
yum: name={{ llng_common_packages }}
tags: web
- name: Install Lemonldap::NG handler
yum: name=lemonldap-ng-handler
when: llng_handler == True
tags: web
- name: Install Lemonldap::NG portal
yum: name={{ llng_portal_packages }}
when: llng_portal == True
tags: web
- name: Install Lemonldap::NG manager
yum: name={{ llng_manager_packages }}
when: llng_manager == True
tags: web
- name: Create directories
file: name={{ item }} state=directory group=apache mode=770
with_items:
- /var/cache/lemonldap-ng
tags: web
- include: "{{ llng_server }}.yml"
- name: Deploy manager's nginx configuration
template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf
when: llng_manager == True and llng_server == 'nginx'
notify: reload nginx
- include: mysql.yml
when: llng_conf_backend == 'mysql'
- name: Deploy Lemonldap::NG main configuration
template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640
notify: restart {{ (llng_server == 'nginx') | ternary('llng-fastcgi-server','httpd') }}
tags: web
- name: Deploy Lemonldap::NG migration configuration
template: src=lemonldap-ng-file.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng-file.ini group=apache mode=640
tags: web
- name: Copy applications logo
copy: src=logos/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/apps/
when: llng_portal == True
tags: web
- name: Remove old custom logo dir
file: path=/usr/share/lemonldap-ng/portal-skins/ state=absent
tags: web
- name: Check if there are custom app logo
local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/logos
register: llng_custom_logo
vars:
ansible_become: False
tags: web
- name: Copy custom logos
copy: src=config/{{ inventory_hostname }}/lemonldap_ng/logos/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/apps/
when: llng_custom_logo.stat.exists and llng_custom_logo.stat.exists.isdir
tags: web
- name: Check if there're a custom backgrounds
local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/backgrounds
register: llng_custom_background
vars:
ansible_become: False
tags: web
- name: Copy custom backgrounds
copy: src=config/{{ inventory_hostname }}/lemonldap_ng/backgrounds/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds/
when: llng_custom_background.stat.exists and llng_custom_background.stat.isdir
tags: web
- name: Create htpasswd file for API endpoints
htpasswd:
path: /etc/lemonldap-ng/api.htpasswd
name: "{{ llng_api_user }}"
password: "{{ llng_api_pass }}"
owner: root
group: "{{ (llng_server == 'nginx') | ternary('nginx','apache') }}"
mode: 0640
when:
- llng_api_pass is defined
- llng_portal == True
tags: web
- name: Add a cron task to renew OIDC keys
cron:
name: lemonldap_rotate_oidc
special_time: weekly
user: apache
job: '/usr/share/lemonldap-ng/bin/rotateOidcKeys'
cron_file: lemonldap_rotate_oidc
state: "{{ (llng_portal and llng_server != 'nginx') | ternary('present','absent') }}"
tags: web
# provided cron job has a syntaxe error
- name: Override purgeCentralCache cron job
copy:
content: |
#
# Regular cron jobs for LemonLDAP::NG
#
10 * * * * apache [ -x /usr/libexec/lemonldap-ng/bin/purgeCentralCache ] && /usr/libexec/lemonldap-ng/bin/purgeCentralCache
dest: /etc/cron.d/lemonldap-ng-portal
when: llng_portal == True
tags: web
- when: llng_server == 'nginx'
block:
- name: Deploy custom llng-fastcgi-server unit
template: src=llng-fastcgi-server.service.j2 dest=/etc/systemd/system/llng-fastcgi-server.service
notify: restart llng-fastcgi-server
register: llng_fastcgi_unit
- name: Reload systemd
systemd: daemon_reload=True
- name: Deploy llng-fastcgi-server config
template: src=llng-fastcgi-server.j2 dest=/etc/default/llng-fastcgi-server
notify: restart llng-fastcgi-server
tags: web
- name: Handle Fast CGI server
service:
name: llng-fastcgi-server
state: "{{ (llng_server == 'nginx') | ternary('started','stopped') }}"
enabled: "{{ (llng_server == 'nginx') | ternary(True,False) }}"
tags: web
- name: Set correct SELinux context for Lemonldap::NG files
sefcontext:
target: "{{ item.target }}"
setype: "{{ item.type }}"
state: present
loop:
- target: "/var/lib/lemonldap-ng(/.*)?"
type: httpd_var_lib_t
- target: "/var/cache/lemonldap-ng(/.*)?"
type: httpd_cache_t
when: ansible_selinux.status == 'enabled'
tags: web
- name: Restore SELinux context
command: restorecon -R /var/lib/lemonldap-ng /var/cache/lemonldap-ng
changed_when: False
when: ansible_selinux.status == 'enabled'
tags: web

81
roles/lemonldap_ng/tasks/mysql.yml Normal file
View File

@@ -0,0 +1,81 @@
---
- name: Install needed packages
yum: name={{ llng_mysql_packages }}
tags: web
- when:
- llng_db_pass is not defined
- llng_manager or llng_portal
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "/etc/lemonldap-ng/ansible_dbpass"
- set_fact: llng_db_pass={{ rand_pass }}
tags: web
- when: llng_handler_db_pass is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "/etc/lemonldap-ng/ansible_handler_dbpass"
- set_fact: llng_handler_db_pass={{ rand_pass }}
tags: web
- name: Create the database
mysql_db:
name: "{{ llng_db_name }}"
login_host: "{{ llng_db_server | default(mysql_server) }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
encoding: utf8mb4
collation: utf8mb4_general_ci
state: present
tags: web
- name: Copy mysql schema
copy: src=mysql_schema.sql dest=/etc/lemonldap-ng/mysql_schema.sql
register: llng_schema
tags: web
- name: Inject SQL structure
mysql_db:
name: "{{ llng_db_name }}"
state: import
target: /etc/lemonldap-ng/mysql_schema.sql
login_host: "{{ llng_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when: llng_schema.changed
tags: web
- name: Create the main user
mysql_user:
name: "{{ llng_db_user }}"
password: "{{ llng_db_pass }}"
priv: "{{ llng_db_name }}.*:ALL"
host: "{{ ( llng_db_server == 'localhost' ) | ternary('localhost', item ) }}"
login_host: "{{ llng_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
append_privs: True
when: llng_portal == True or llng_manager == True
loop: "{{ ansible_all_ipv4_addresses }}"
tags: web
- name: Create the handler user
mysql_user:
name: "{{ llng_handler_db_user }}"
password: "{{ llng_handler_db_pass }}"
priv: "{{ llng_db_name }}.{{ llng_session_tables[item.1].name }}:SELECT,INSERT,DELETE,UPDATE/{{ llng_db_name }}.lmConfig:SELECT"
host: "{{ ( llng_db_server == 'localhost' ) | ternary('localhost', item.0 ) }}"
login_host: "{{ llng_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
append_privs: True
when: llng_handler == True
loop: "{{ ansible_all_ipv4_addresses | product(llng_session_tables.keys() | list) | list }}"
tags: web

58
roles/lemonldap_ng/tasks/nginx.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Create nginx conf dir
file: path=/etc/nginx/{{ item }} state=directory
loop:
- ansible_location.d
- ansible_conf.d
- ansible_modules.d
tags: web
- name: Check if lua module is installed
stat: path=/usr/lib64/nginx/modules/ndk_http_module.so
register: llng_mod_lua
tags: web
- name: Deploy module conf
copy: content={{ item.content }} dest=/etc/nginx/ansible_modules.d/{{ item.dest }}
loop:
- content: 'load_module "/usr/lib64/nginx/modules/ndk_http_module.so";'
dest: 09-ndk.conf
- content: 'load_module "/usr/lib64/nginx/modules/ngx_http_lua_module.so";'
dest: 11-lua.conf
when: llng_mod_lua.stat.exists
notify: reload nginx
tags: web
- name: Remove module conf
file: path=/etc/nginx/ansible_modules.d/{{ item }} state=absent
loop:
- 09-ndk.conf
- 11-lua.conf
when: not llng_mod_lua.stat.exists
notify: reload nginx
tags: web
- name: Deploy handler's nginx configuration
template: src={{ item.src }} dest={{ item.dest }}
loop:
- src: nginx_handler.conf.j2
dest: /etc/nginx/ansible_location.d/10-llng_handler.conf
- src: llng_headers.inc.j2
dest: /etc/nginx/ansible_conf.d/llng_headers.inc
when: llng_handler == True
notify: reload nginx
tags: web
- name: Deploy portal's nginx configuration
template: src=nginx_portal.conf.j2 dest=/etc/nginx/ansible_conf.d/22-llng_portal.conf
when: llng_portal == True
notify: reload nginx
tags: web
- name: Deploy manager's nginx configuration
template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf
when: llng_manager == True
notify: reload nginx
tags: web