jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-26 15:55:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/mailman/tasks/archive_post.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Compress previous version
command: tar cf {{ mailman_archive_dir }}.tar.zst --use-compress-program=zstd ./
environment:
ZST_CLEVEL: 10
args:
chdir: "{{ mailman_archive_dir }}"
warn: False
tags: mailman

51
roles/mailman/tasks/archive_pre.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Create the archive dir
file:
path: "{{ mailman_archive_dir }}"
state: directory
tags: mailman
- name: Archive previous version
synchronize:
src: "{{ mailman_root_dir }}/{{ item }}"
dest: "{{ mailman_archive_dir }}/"
delete: True
compress: False
loop:
- venv
- data
delegate_to: "{{ inventory_hostname }}"
tags: mailman
- name: Dump the database
command: >
/usr/pgsql-14/bin/pg_dump
--clean
--create
--host={{ mailman_db_server | quote }}
--port={{ mailman_db_port | quote }}
--username=sqladmin {{ mailman_db_name[item] | quote }}
--file="{{ mailman_archive_dir }}/{{ mailman_db_name[item] }}.sql"
loop: "{{ mailman_db_name.keys() | list }}"
environment:
- PGPASSWORD: "{{ pg_admin_pass }}"
when: mailman_db_engine == 'postgres'
tags: mailman
- name: Dump the database
mysql_db:
state: dump
name: "{{ mailman_db_name[item] }}"
target: "{{ mailman_archive_dir }}/{{ mailman_db_name[item] }}.sql.xz"
login_host: "{{ mailman_db_server }}"
login_port: "{{ mailman_db_port }}"
login_user: "{{ mailman_db_user }}"
login_password: "{{ mailman_db_pass }}"
quick: True
single_transaction: True
loop: "{{ mailman_db_name.keys() | list }}"
environment:
XZ_OPT: -T0
when: mailman_db_engine == 'mysql'
tags: mailman

7
roles/mailman/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: Remove uneeded files
file: path={{ item }} state=absent
loop:
- "{{ mailman_archive_dir }}"
tags: mailman

39
roles/mailman/tasks/conf.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: Deploy configuration
template: src={{ item }}.j2 dest={{ mailman_root_dir }}/etc/{{ item }} group={{ mailman_user }} mode=640
loop:
- mailman.cfg
- settings.py
- uwsgi.ini
- urls.py
- hyperkitty.cfg
notify:
- restart mailman
tags: mailman
- block:
- name: Migrate web database
command: "{{ mailman_root_dir }}/venv/bin/mailman-web migrate"
- name: Collect static assets
shell: echo yes | {{ mailman_root_dir }}/venv/bin/mailman-web collectstatic
- name: Compress assets
command: "{{ mailman_root_dir }}/venv/bin/mailman-web compress"
when: mailman_install_mode == 'upgrade' or 'install' in [mailman_postorius_install_mode,mailman_hyperkitty_install_mode]
environment:
- MAILMAN_WEB_CONFIG: "{{ mailman_root_dir }}/etc/settings.py"
become_user: "{{ mailman_user }}"
tags: mailman
- name: Create an initial superuser
django_manage:
command: createsuperuser --noinput --username admin --email {{ mailman_site_owner }}
app_path: "{{ mailman_root_dir }}/venv/bin"
virtualenv: "{{ mailman_root_dir }}/venv"
environment:
DJANGO_SUPERUSER_PASSWORD: "{{ mailman_admin_pass }}"
register: mailman_admin_user
when: mailman_install_mode == 'install'
tags: mailman

48
roles/mailman/tasks/directories.yml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: Create directories
file:
path: "{{ mailman_root_dir }}/{{ item.dir }}"
state: directory
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- dir: venv
- dir: archives
mode: 700
- dir: meta
mode: 700
- dir: etc
group: "{{ mailman_user }}"
mode: 770
- dir: data
owner: "{{ mailman_user }}"
group: "{{ mailman_user }}"
mode: 700
- dir: data/fulltext_index
owner: "{{ mailman_user }}"
group: "{{ mailman_user }}"
mode: 700
- dir: tmp
owner: "{{ mailman_user }}"
group: "{{ mailman_user }}"
mode: 700
- dir: log
owner: "{{ mailman_user }}"
group: "{{ mailman_user }}"
mode: 700
- dir: web/static
group: "{{ mailman_user }}"
mode: 775
- dir: backup
mode: 700
tags: mailman
# mailman-web pretend to support specifying the conf dir
# with the MAILMAN_WEB_CONFIG env var, but it's not, the script
# exits with status code 1 if /etc/mailman3/settings.py doesn't exist
- name: Link config dir
file: src={{ mailman_root_dir }}/etc dest=/etc/mailman3 state=link
tags: mailman

96
roles/mailman/tasks/facts.yml Normal file
View File

@@ -0,0 +1,96 @@
---
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ mailman_root_dir }}"
- version: "{{ mailman_version.core }}"
- version_file: 'ansible_core_version'
tags: mailman
- block:
- set_fact: mailman_core_install_mode={{ (install_mode == 'upgrade' and not mailman_manage_upgrade) | ternary('none', install_mode) }}
- set_fact: mailman_core_current_version={{ current_version | default('') }}
tags: mailman
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ mailman_root_dir }}"
- version: "{{ mailman_version.postorius }}"
- version_file: 'ansible_postorius_version'
tags: mailman
- block:
- set_fact: mailman_postorius_install_mode={{ (install_mode == 'upgrade' and not mailman_manage_upgrade) | ternary('none', install_mode) }}
- set_fact: mailman_postorius_current_version={{ current_version | default('') }}
tags: mailman
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ mailman_root_dir }}"
- version: "{{ mailman_version.hyperkitty }}"
- version_file: 'ansible_hyperkitty_version'
tags: mailman
- block:
- set_fact: mailman_hyperkitty_install_mode={{ (install_mode == 'upgrade' and not mailman_manage_upgrade) | ternary('none', install_mode) }}
- set_fact: mailman_hyperkitty_current_version={{ current_version | default('') }}
tags: mailman
- set_fact: mailman_install_mode='none'
tags: mailman
- set_fact: mailman_install_mode='upgrade'
when: >
'upgrade' in [mailman_core_install_mode, mailman_postorius_install_mode, mailman_hyperkitty_install_mode] and
'install' not in [mailman_core_install_mode, mailman_postorius_install_mode, mailman_hyperkitty_install_mode]
tags: mailman
# Create a random pass for the DB if needed
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mailman_root_dir }}/meta/ansible_dbpass"
- complex: False
- set_fact: mailman_db_pass={{ rand_pass }}
when: mailman_db_pass is not defined
tags: mailman
# Random secret key
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mailman_root_dir }}/meta/ansible_secret_key"
- set_fact: mailman_secret_key={{ rand_pass }}
when: mailman_secret_key is not defined
tags: mailman
# Random API password
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mailman_root_dir }}/meta/ansible_rest_pass"
- complex: False
- set_fact: mailman_rest_pass={{ rand_pass }}
when: mailman_rest_pass is not defined
tags: mailman
# HyperKitty API Key
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mailman_root_dir }}/meta/ansible_hyperkitty_api_key"
- complex: False
- set_fact: mailman_hyperkitty_api_key={{ rand_pass }}
when: mailman_hyperkitty_api_key is not defined
tags: mailman
# Random password for the admin account
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mailman_root_dir }}/meta/ansible_admin_pass"
- set_fact: mailman_admin_pass={{ rand_pass }}
tags: mailman
# Shortcut for the archive dir, used to backup current install during upgades
- set_fact: mailman_archive_dir={{ mailman_root_dir }}/archives/core_{{ mailman_core_current_version }}_postorius_{{ mailman_postorius_current_version }}_hyperkitty_{{ mailman_hyperkitty_current_version }}
tags: mailman

172
roles/mailman/tasks/install.yml Normal file
View File

@@ -0,0 +1,172 @@
---
- name: Enable python39 module
command: dnf -y module enable python39
args:
warn: False
changed_when: False
tags: mailman
- name: Install packages
yum:
name:
- python39-pip
- python39-devel
- git
- gcc
- sassc
tags: mailman
- name: Wipe the venv on upgrades
file: path={{ mailman_root_dir }}/venv state=absent
when: mailman_install_mode == 'upgrade'
tags: mailman
- name: Create the venv dir
file: path={{ mailman_root_dir }}/venv state=directory
tags: mailman
- name: Setup the virtualenv
pip:
name:
- pip
- wheel
- django<3.1
- mailman=={{ mailman_version.core }}
- postorius=={{ mailman_version.postorius }}
- HyperKitty=={{ mailman_version.hyperkitty }}
- mailman_hyperkitty
- mailman-web
- uwsgi
- whoosh
virtualenv: "{{ mailman_root_dir }}/venv"
virtualenv_command: /usr/bin/python3.9 -m venv
notify: restart mailman
tags: mailman
- when: mailman_db_engine == 'postgres'
block:
- name: Install Postgres support
yum:
name:
- postgresql-devel
- name: Install postgres python support
pip:
name:
- psycopg2-binary==2.8.6 # There's a bug with TZ in 2.9
virtualenv: "{{ mailman_root_dir }}/venv"
virtualenv_command: /usr/bin/python3.9 -m venv
- name: Create the PostgreSQL role
postgresql_user:
db: postgres
name: "{{ mailman_db_user }}"
password: "{{ mailman_db_pass }}"
login_host: "{{ mailman_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: mailman
- name: Create the PostgreSQL databases
postgresql_db:
name: "{{ mailman_db_name[item] }}"
encoding: UTF-8
template: template0
owner: "{{ mailman_db_user }}"
login_host: "{{ mailman_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
loop: "{{ mailman_db_name.keys() | list }}"
tags: mailman
- when: mailman_db_engine == 'mysql'
block:
- name: Install mysql support
yum:
name:
- mariadb-devel
- name: Install mysql python support
pip:
name:
- mysqlclient
- pymysql
virtualenv: "{{ mailman_root_dir }}/venv"
virtualenv_command: /usr/bin/python3.9 -m venv
- include_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ mailman_db_name[mailman_db] }}"
- db_user: "{{ mailman_db_user }}"
- db_server: "{{ mailman_db_server }}"
- db_pass: "{{ mailman_db_pass }}"
- append_privs: True
loop: "{{ mailman_db_name.keys() | list }}"
loop_control:
loop_var: mailman_db
tags: mailman
- name: Create a manage.py link
file: src={{ mailman_root_dir }}/venv/bin/mailman-web dest={{ mailman_root_dir }}/venv/bin/manage.py state=link
tags: mailman
- name: Deploy systemd units
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
loop:
- mailman-core.service
- mailman-web.service
notify: restart mailman
register: mailman_units
tags: mailman
- name: Deploy systemd timers
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
loop:
- mailman-digests.service
- mailman-digests.timer
- mailman-notify.service
- mailman-notify.timer
notify: restart mailman timers
register: mailman_timers
tags: mailman
- name: Reload systemd
systemd: daemon_reload=True
when: >
mailman_units.results | selectattr('changed','equalto',True) | list | length > 0 or
mailman_timers.results | selectattr('changed','equalto',True) | list | length > 0
tags: mailman
- name: Install con jobs
cron:
cron_file: mailman
special_time: "{{ item.schedule | default(omit) }}"
minute: "{{ item.minute | default(omit) }}"
name: "{{ item.name }}"
user: "{{ mailman_user }}"
job: "{{ mailman_root_dir }}/venv/bin/mailman-web runjobs {{ item.name }}"
loop:
- name: yearly
schedule: yearly
- name: monthly
schedule: monthly
- name: weekly
schedule: weekly
- name: daily
schedule: daily
- name: hourly
schedule: hourly
- name: minutely
- name: quarter_hourly
minute: '2,17,32,47'
tags: mailman
- name: Install pre/post backup hooks
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/mailman.sh mode=700
loop:
- pre
- post
tags: mailman

15
roles/mailman/tasks/iptables.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Handle mailman web port in the firewall
iptables_raw:
name: mailman_web_port
state: "{{ (mailman_web_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mailman_web_port }} -s {{ mailman_web_src_ip | join(',') }} -j ACCEPT"
tags: firewall,mailman
- name: Handle mailman LMTP port in the firewall
iptables_raw:
name: mailman_lmtp_port
state: "{{ (mailman_lmtp_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mailman_lmtp_port }} -s {{ mailman_lmtp_src_ip | join(',') }} -j ACCEPT"
tags: firewall,mailman

17
roles/mailman/tasks/main.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: mailman_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: iptables.yml
when: iptables_manage | default(True)
- include: archive_post.yml
when: mailman_install_mode == 'upgrade'
- include: selinux.yml
- include: services.yml
- include: write_version.yml
- include: cleanup.yml

6
roles/mailman/tasks/selinux.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restore SELinux contexts
command: restorecon -R {{ mailman_root_dir }}
changed_when: False
tags: mailman

15
roles/mailman/tasks/services.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Start and enable services
service: name={{ item }} state=started enabled=True
loop:
- mailman-core
- mailman-web
tags: mailman
- name: Start and enable timers
systemd: name={{ item }}.timer state=started enabled=True
loop:
- mailman-digests
- mailman-notify
tags: mailman

9
roles/mailman/tasks/user.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Create mailman user account
user: name={{ mailman_user }} home={{ mailman_root_dir }} system=True shell=/bin/bash
tags: mailman
- name: Setup the venv for mailman user
copy: content="source {{ mailman_root_dir }}/venv/bin/activate" dest={{ mailman_root_dir }}/.bashrc owner={{ mailman_user }} group={{ mailman_user }}
tags: mailman

6
roles/mailman/tasks/write_version.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Write installed version
copy: content={{ mailman_version[item] }} dest={{ mailman_root_dir }}/meta/ansible_{{ item }}_version
loop: "{{ mailman_version.keys() | list }}"
tags: mailman