Update to 2021-12-01 19:13

roles/metabase/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ metabase_root_dir }}/archives/{{ metabase_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZSTD_CLEVEL: 10
+  args:
+    chdir: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}"
+    warn: False
+  tags: metabase

roles/metabase/tasks/archive_pre.yml

@@ -0,0 +1,52 @@
+---
+
+- name: Create the archive dir
+  file:
+    path: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}"
+    state: directory
+  tags: metabase
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ metabase_root_dir }}/{{ item }}"
+    dest: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}"
+    recursive: True
+    delete: True
+  loop:
+    - app
+    - plugins
+    - data
+    - etc
+  delegate_to: "{{ inventory_hostname }}"
+  tags: metabase
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ metabase_db_name }}"
+    target: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}/{{ metabase_db_name }}.sql.xz"
+    login_host: "{{ metabase_db_server }}"
+    login_port: "{{ metabase_db_port }}"
+    login_user: "{{ metabase_db_user }}"
+    login_password: "{{ metabase_db_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  when: metabase_db_engine == 'mysql'
+  tags: metabase
+
+- name: Dump the database
+  shell: >
+    /usr/pgsql-14/bin/pg_dump
+    --clean
+    --create
+    --host={{ metabase_db_server }}
+    --port={{ metabase_db_port }}
+    --username={{ metabase_db_user }} {{ metabase_db_name }} |
+    zstd -10 -c > {{ metabase_root_dir }}/archives/{{ metabase_current_version }}/{{ metabase_db_name }}.sql.zst
+  environment:
+    - PGPASSWORD: "{{ metabase_db_pass }}"
+  when: metabase_db_engine == 'postgres'
+  tags: metabase
+

roles/metabase/tasks/cleanup.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Remove tmp and unused files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}"
+    - "{{ metabase_root_dir }}/tmp/metabase.jar"
+  tags: metabase

roles/metabase/tasks/conf.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Deploy configuration
+  template: src=env.j2 dest={{ metabase_root_dir }}/etc/env group={{ metabase_user }} mode=640
+  notify: restart metabase
+  tags: metabase

roles/metabase/tasks/directories.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Create needed directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ metabase_root_dir }}/app"
+    - dir: "{{ metabase_root_dir }}/tmp"
+    - dir: "{{ metabase_root_dir }}/data"
+      owner: "{{ metabase_user }}"
+      mode: 700
+    - dir: "{{ metabase_root_dir }}/etc"
+      group: "{{ metabase_user }}"
+      mode: 750
+    - dir: "{{ metabase_root_dir }}/plugins"
+      owner: "{{ metabase_user }}"
+    - dir: "{{ metabase_root_dir }}/archives"
+      mode: 700
+    - dir: "{{ metabase_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ metabase_root_dir }}/backup"
+      mode: 700
+  tags: metabase
+

roles/metabase/tasks/facts.yml

@@ -0,0 +1,29 @@
+---
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ metabase_root_dir }}"
+        - version: "{{ metabase_version }}"
+    - set_fact: metabase_install_mode={{ (install_mode == 'upgrade' and not metabase_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: metabase_current_version={{ current_version | default('') }}
+  tags: metabase
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ metabase_root_dir }}/meta/ansible_dbpass"
+    - set_fact: metabase_db_pass={{ rand_pass }}
+  when: metabase_db_pass is not defined
+  tags: metabase
+
+# Create a random encryption key
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ metabase_root_dir }}/meta/ansible_encryption_key"
+    - set_fact: metabase_encryption_key={{ rand_pass }}
+  when: metabase_encryption_key is not defined
+  tags: metabase

roles/metabase/tasks/install.yml

@@ -0,0 +1,79 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - java-11-openjdk
+  tags: metabase
+
+- name: Stop the service during upgrades
+  service: name=metabase state=stopped
+  when: metabase_install_mode == 'upgrade'
+  tags: metabase
+
+- when: metabase_install_mode != 'none'
+  block:
+    - name: Download metabase JAR file
+      get_url:
+        url: "{{ metabase_jar_url }}"
+        dest: "{{ metabase_root_dir }}/tmp/"
+        checksum: sha256:{{ metabase_jar_sha256 }}
+
+    - name: Move the JAR to the app dir
+      copy: src={{ metabase_root_dir }}/tmp/metabase.jar dest={{ metabase_root_dir }}/app/ mode=644 remote_src=True
+      notify: restart metabase
+      
+  tags: metabase
+
+- name: Deploy systemd unit
+  template: src=metabase.service.j2 dest=/etc/systemd/system/metabase.service
+  register: metabase_unit
+  notify: restart metabase
+  tags: metabase
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: metabase_unit.changed
+  tags: metabase
+
+# Create the database
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ metabase_db_name }}"
+    - db_user: "{{ metabase_db_user }}"
+    - db_server: "{{ metabase_db_server }}"
+    - db_pass: "{{ metabase_db_pass }}"
+  when: metabase_db_engine == 'mysql'
+  tags: metabase
+
+- when: metabase_db_engine == 'postgres'
+  block:
+    - name: Create postgres user
+      postgresql_user:
+        db: postgres
+        name: "{{ metabase_db_user }}"
+        password: "{{ metabase_db_pass }}"
+        login_host: "{{ metabase_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ metabase_db_name }}"
+        encoding: UTF-8
+        lc_collate: C
+        lc_ctype: C
+        template: template0
+        owner: "{{ metabase_db_user }}"
+        login_host: "{{ metabase_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+  tags: metabase
+
+- name: Install pre and post backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/metabase mode=700
+  loop:
+    - pre
+    - post
+  tags: metabase

roles/metabase/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name:  Handle metabase port in the firewall
+  iptables_raw:
+    name: metabase_port
+    state: "{{ (metabase_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ metabase_port }} -s {{ metabase_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,metabase

roles/metabase/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: metabase_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: metabase_install_mode == 'upgrade'
+- include: cleanup.yml

roles/metabase/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable the service
+  service: name=metabase state=started enabled=True
+  tags: metabase

roles/metabase/tasks/user.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Create metabase user account
+  user: name={{ metabase_user }} home={{ metabase_root_dir }} system=True
+  tags: metabase

roles/metabase/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ metabase_version }} dest={{ metabase_root_dir }}/meta/ansible_version
+  tags: metabase