mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-07-27 00:05:44 +02:00
Update to 2021-12-01 19:13
This commit is contained in:
17
roles/unmaintained/psono/tasks/archive_post.yml
Normal file
17
roles/unmaintained/psono/tasks/archive_post.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
|
||||
- name: Compress previous version
|
||||
command: tar cf {{ psono_root_dir }}/archives/{{ item.component }}_{{ item.version }}.txz ./
|
||||
environment:
|
||||
XZ_OPT: -T0
|
||||
args:
|
||||
chdir: "{{ psono_server_root_dir }}/archives/{{ item.component }}_{{ item.version }}"
|
||||
warn: False
|
||||
loop:
|
||||
- component: server
|
||||
version: "{{ psono_server_current_version }}"
|
||||
- component: client
|
||||
version: "{{ psono_client_current_version }}"
|
||||
- component: admin
|
||||
version: "{{ psono_admin_current_version }}"
|
||||
tags: psono
|
38
roles/unmaintained/psono/tasks/archive_pre.yml
Normal file
38
roles/unmaintained/psono/tasks/archive_pre.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
---
|
||||
|
||||
- name: Create archive dir
|
||||
file: path={{ psono_root_dir }}/archives/{{ item }} state=directory
|
||||
loop:
|
||||
- server_{{ psono_server_current_version }}
|
||||
- client_{{ psono_client_current_version }}
|
||||
- admin_{{ psono_admin_current_version }}
|
||||
tags: psono
|
||||
|
||||
- name: Archive previous version
|
||||
synchronize:
|
||||
src: "{{ psono_root_dir }}/{{ item.src }}"
|
||||
dest: "{{ psono_root_dir }}/archives/{{ item.dest }}/"
|
||||
recursive: True
|
||||
delete: True
|
||||
loop:
|
||||
- src: server
|
||||
dest: server_{{ psono_server_current_version }}
|
||||
- src: client
|
||||
dest: client_{{ psono_client_current_version }}
|
||||
- src: admin
|
||||
dest: admin_{{ psono_admin_current_version }}
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
tags: psono
|
||||
|
||||
- name: Archive database
|
||||
command: >
|
||||
/usr/pgsql-14/bin/pg_dump
|
||||
--clean
|
||||
--create
|
||||
--host={{ psono_db_server }}
|
||||
--port={{ psono_db_port }}
|
||||
--username=sqladmin {{ psono_db_name }}
|
||||
--file={{ psono_root_dir }}/archives/server_{{ psono_server_current_version }}/{{ psono_db_name }}.sql
|
||||
environment:
|
||||
- PGPASSWORD: "{{ pg_admin_pass }}"
|
||||
tags: psono
|
9
roles/unmaintained/psono/tasks/cleanup.yml
Normal file
9
roles/unmaintained/psono/tasks/cleanup.yml
Normal file
@@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
- name: Remove temp files
|
||||
file: path={{ item }} state=absent
|
||||
loop:
|
||||
- "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}.tar.gz"
|
||||
- "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}"
|
||||
- "{{ psono_root_dir }}/tmp/.psono_server"
|
||||
tags: psono
|
80
roles/unmaintained/psono/tasks/conf.yml
Normal file
80
roles/unmaintained/psono/tasks/conf.yml
Normal file
@@ -0,0 +1,80 @@
|
||||
---
|
||||
|
||||
- name: Check is secrets have been created
|
||||
stat: path={{ psono_root_dir }}/meta/ansible_{{ item }}
|
||||
register: psono_server_secrets
|
||||
loop:
|
||||
- SECRET_KEY
|
||||
- ACTIVATION_LINK_SECRET
|
||||
- DB_SECRET
|
||||
- EMAIL_SECRET_SALT
|
||||
- PRIVATE_KEY
|
||||
- PUBLIC_KEY
|
||||
tags: psono
|
||||
|
||||
- when: psono_server_secrets.results | selectattr('stat.exists', 'equalto', True) | list | length < 6
|
||||
tags: psono
|
||||
block:
|
||||
- name: Create temporary PSONO_HOME
|
||||
file: path={{ psono_root_dir }}/tmp/.psono_server state=directory
|
||||
|
||||
- name: Deploy a temp config
|
||||
copy: src={{ psono_root_dir }}/server/app/configs/mainconfig/settings.yaml dest={{ psono_root_dir }}/tmp/.psono_server/ remote_src=True
|
||||
|
||||
- name: Generate server's secrets
|
||||
shell: |
|
||||
{{ psono_root_dir }}/server/venv/bin/python3 \
|
||||
{{ psono_root_dir }}/server/app/psono/manage.py \
|
||||
generateserverkeys > {{ psono_root_dir }}/tmp/keys.tmp
|
||||
{% for item in psono_server_secrets.results %}
|
||||
[ -e {{ psono_root_dir }}/meta/ansible_{{ item.item }} ] || \
|
||||
cat {{ psono_root_dir }}/tmp/keys.tmp | grep -P '^{{ item.item }}' | \
|
||||
sed -e 's/^{{ item.item }}: //' | \
|
||||
xargs > {{ psono_root_dir }}/meta/ansible_{{ item.item }}
|
||||
chmod 600 {{ psono_root_dir }}/meta/ansible_{{ item.item }}
|
||||
{% endfor %}
|
||||
rm -f {{ psono_root_dir }}/tmp/keys.tmp
|
||||
environment:
|
||||
PSONO_HOME: "{{ psono_root_dir }}/tmp/"
|
||||
|
||||
- name: Read secrets
|
||||
command: cat {{ psono_root_dir }}/meta/ansible_{{ item }}
|
||||
register: psono_tokens
|
||||
loop:
|
||||
- SECRET_KEY
|
||||
- ACTIVATION_LINK_SECRET
|
||||
- DB_SECRET
|
||||
- EMAIL_SECRET_SALT
|
||||
- PRIVATE_KEY
|
||||
- PUBLIC_KEY
|
||||
changed_when: False
|
||||
tags: psono
|
||||
|
||||
- name: Deploy configuration
|
||||
template: src=settings.yaml.j2 dest={{ psono_root_dir }}/server/.psono_server/settings.yaml owner={{ psono_user }} group={{ psono_user }} mode=600
|
||||
notify:
|
||||
- restart psono-server
|
||||
tags: psono
|
||||
|
||||
- name: Migrate database
|
||||
django_manage:
|
||||
command: migrate
|
||||
app_path: "{{ psono_root_dir }}/server/app/psono"
|
||||
virtualenv: "{{ psono_root_dir }}/server/venv"
|
||||
environment:
|
||||
- PSONO_HOME: "{{ psono_root_dir }}/server"
|
||||
when: psono_server_install_mode != 'none'
|
||||
notify: restart psono-server
|
||||
tags: psono
|
||||
|
||||
- name: Deploy client and admin conf file
|
||||
template: src=webclient.json.j2 dest={{ psono_root_dir }}/{{ item }}/config.json
|
||||
loop:
|
||||
- client
|
||||
- admin
|
||||
tags: psono
|
||||
|
||||
- name: Deploy nginx configuration
|
||||
template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/31-psono.conf
|
||||
notify: reload nginx
|
||||
tags: psono
|
20
roles/unmaintained/psono/tasks/directories.yml
Normal file
20
roles/unmaintained/psono/tasks/directories.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
- name: Create directories
|
||||
file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
|
||||
loop:
|
||||
- path: "{{ psono_root_dir }}/client"
|
||||
- path: "{{ psono_root_dir }}/admin"
|
||||
- path: "{{ psono_root_dir }}/server/app"
|
||||
- path: "{{ psono_root_dir }}/server/venv"
|
||||
- path: "{{ psono_root_dir }}/meta"
|
||||
mode: 700
|
||||
- path: "{{ psono_root_dir }}/tmp"
|
||||
mode: 700
|
||||
- path: "{{ psono_root_dir }}/backup"
|
||||
mode: 700
|
||||
- path: "{{ psono_root_dir }}/server/.psono_server"
|
||||
owner: "{{ psono_user }}"
|
||||
group: "{{ psono_user }}"
|
||||
mode: 700
|
||||
tags: psono
|
80
roles/unmaintained/psono/tasks/facts.yml
Normal file
80
roles/unmaintained/psono/tasks/facts.yml
Normal file
@@ -0,0 +1,80 @@
|
||||
---
|
||||
|
||||
- name: Set initial install modes
|
||||
block:
|
||||
- set_fact: psono_server_install_mode='none'
|
||||
- set_fact: psono_server_current_version=''
|
||||
- set_fact: psono_client_install_mode='none'
|
||||
- set_fact: psono_client_current_version=''
|
||||
- set_fact: psono_admin_install_mode='none'
|
||||
- set_fact: psono_admin_current_version=''
|
||||
tags: psono
|
||||
|
||||
- name: Check if server is installed
|
||||
stat: path={{ psono_root_dir }}/meta/ansible_server_version
|
||||
register: psono_server_version_file
|
||||
tags: psono
|
||||
|
||||
- when: psono_server_version_file.stat.exists
|
||||
block:
|
||||
- name: Check installed version
|
||||
slurp: src={{ psono_root_dir }}/meta/ansible_server_version
|
||||
register: psono_server_current_version
|
||||
- set_fact: psono_server_current_version={{ psono_server_current_version.content | b64decode | trim }}
|
||||
- set_fact: psono_server_install_mode='upgrade'
|
||||
when: psono_server_current_version != psono_server_version
|
||||
tags: psono
|
||||
|
||||
- when: not psono_server_version_file.stat.exists
|
||||
block:
|
||||
- set_fact: psono_server_install_mode='install'
|
||||
tags: psono
|
||||
|
||||
- name: Check if client is installed
|
||||
stat: path={{ psono_root_dir }}/meta/ansible_client_version
|
||||
register: psono_client_version_file
|
||||
tags: psono
|
||||
|
||||
- when: psono_client_version_file.stat.exists
|
||||
block:
|
||||
- name: Check installed version
|
||||
slurp: src={{ psono_root_dir }}/meta/ansible_client_version
|
||||
register: psono_client_current_version
|
||||
- set_fact: psono_client_current_version={{ psono_client_current_version.content | b64decode | trim }}
|
||||
- set_fact: psono_client_install_mode='upgrade'
|
||||
when: psono_client_current_version != psono_client_version and psono_manage_upgrade
|
||||
tags: psono
|
||||
|
||||
- when: not psono_client_version_file.stat.exists
|
||||
block:
|
||||
- set_fact: psono_client_install_mode='install'
|
||||
tags: psono
|
||||
|
||||
- name: Check if admin is installed
|
||||
stat: path={{ psono_root_dir }}/meta/ansible_admin_version
|
||||
register: psono_admin_version_file
|
||||
tags: psono
|
||||
|
||||
- when: psono_admin_version_file.stat.exists
|
||||
block:
|
||||
- name: Check installed version
|
||||
slurp: src={{ psono_root_dir }}/meta/ansible_admin_version
|
||||
register: psono_admin_current_version
|
||||
- set_fact: psono_admin_current_version={{ psono_admin_current_version.content | b64decode | trim }}
|
||||
- set_fact: psono_admin_install_mode='upgrade'
|
||||
when: psono_admin_current_version != psono_admin_version and psono_manage_upgrade
|
||||
tags: psono
|
||||
|
||||
- when: not psono_admin_version_file.stat.exists
|
||||
block:
|
||||
- set_fact: psono_admin_install_mode='install'
|
||||
tags: psono
|
||||
|
||||
- when: psono_db_pass is not defined
|
||||
tags: psono
|
||||
block:
|
||||
- import_tasks: ../includes/get_rand_pass.yml
|
||||
vars:
|
||||
- pass_file: "{{ psono_root_dir }}/meta/ansible_dbpass"
|
||||
- set_fact: psono_db_pass={{ rand_pass }}
|
||||
|
164
roles/unmaintained/psono/tasks/install.yml
Normal file
164
roles/unmaintained/psono/tasks/install.yml
Normal file
@@ -0,0 +1,164 @@
|
||||
---
|
||||
|
||||
- name: Install needed tools
|
||||
yum:
|
||||
name:
|
||||
- git
|
||||
- gcc
|
||||
- openssl-devel
|
||||
- libffi-devel
|
||||
- openldap-devel
|
||||
- python3-devel
|
||||
- python3-pip
|
||||
- python3-virtualenv
|
||||
- python-setuptools
|
||||
- postgresql-devel
|
||||
- postgresql11
|
||||
tags: psono
|
||||
|
||||
- when: psono_server_install_mode != 'none'
|
||||
tags: psono
|
||||
block:
|
||||
- name: Download psono
|
||||
get_url:
|
||||
url: "{{ item.url }}"
|
||||
dest: "{{ psono_root_dir }}/tmp"
|
||||
checksum: sha1:{{ item.sha1 }}
|
||||
loop:
|
||||
- url: "{{ psono_server_archive_url }}"
|
||||
sha1: "{{ psono_server_archive_sha1 }}"
|
||||
|
||||
- name: Extract server archive
|
||||
unarchive:
|
||||
src: "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}.tar.gz"
|
||||
dest: "{{ psono_root_dir }}/tmp/"
|
||||
remote_src: True
|
||||
|
||||
- name: Move files to their final location
|
||||
synchronize:
|
||||
src: "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}/"
|
||||
dest: "{{ psono_root_dir }}/server/app/"
|
||||
recursive: True
|
||||
delete: True
|
||||
delegate_to: "{{ inventory_hostname }}"
|
||||
notify: restart psono-server
|
||||
|
||||
- name: Create the PostgreSQL role
|
||||
postgresql_user:
|
||||
db: postgres
|
||||
name: "{{ psono_db_user }}"
|
||||
password: "{{ psono_db_pass }}"
|
||||
login_host: "{{ psono_db_server }}"
|
||||
login_user: sqladmin
|
||||
login_password: "{{ pg_admin_pass }}"
|
||||
tags: psono
|
||||
|
||||
- name: Create the PostgreSQL database
|
||||
postgresql_db:
|
||||
name: "{{ psono_db_name }}"
|
||||
encoding: UTF-8
|
||||
lc_collate: C
|
||||
lc_ctype: C
|
||||
template: template0
|
||||
owner: "{{ psono_db_user }}"
|
||||
login_host: "{{ psono_db_server }}"
|
||||
login_user: sqladmin
|
||||
login_password: "{{ pg_admin_pass }}"
|
||||
tags: psono
|
||||
|
||||
- name: Enable required PostgreSQL extensions
|
||||
postgresql_ext:
|
||||
name: "{{ item }}"
|
||||
db: "{{ psono_db_name }}"
|
||||
login_host: "{{ psono_db_server }}"
|
||||
login_user: sqladmin
|
||||
login_password: "{{ pg_admin_pass }}"
|
||||
loop:
|
||||
- pgcrypto
|
||||
- ltree
|
||||
tags: psono
|
||||
|
||||
- name: Create the virtualenv
|
||||
pip:
|
||||
name:
|
||||
- gunicorn
|
||||
state: "{{ (psono_server_install_mode == 'none') | ternary('present', 'latest') }}"
|
||||
virtualenv: "{{ psono_root_dir }}/server/venv"
|
||||
virtualenv_command: /usr/bin/virtualenv-3
|
||||
virtualenv_python: /usr/bin/python3
|
||||
tags: psono
|
||||
|
||||
- name: Install python modules in the virtualenv
|
||||
pip:
|
||||
requirements: "{{ psono_root_dir }}/server/app/requirements.txt"
|
||||
state: "{{ (psono_server_install_mode == 'none') | ternary('present', 'latest') }}"
|
||||
virtualenv: "{{ psono_root_dir }}/server/venv"
|
||||
virtualenv_command: /usr/bin/virtualenv-3
|
||||
virtualenv_python: /usr/bin/python3
|
||||
tags: psono
|
||||
|
||||
- name: Deploy systemd units
|
||||
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
|
||||
loop:
|
||||
- psono-server.service
|
||||
- psono-cleartoken.service
|
||||
- psono-cleartoken.timer
|
||||
register: psono_units
|
||||
notify: restart psono-server
|
||||
tags: psono
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=True
|
||||
when: psono_units.results | selectattr('changed','equalto',True) | list | length > 0
|
||||
tags: psono
|
||||
|
||||
- when: psono_client_install_mode != 'none'
|
||||
tags: psono
|
||||
block:
|
||||
- name: Download psono client
|
||||
get_url:
|
||||
url: "{{ item.url }}"
|
||||
dest: "{{ psono_root_dir }}/tmp/client.zip"
|
||||
checksum: sha1:{{ item.sha1 }}
|
||||
loop:
|
||||
- url: "{{ psono_client_archive_url }}"
|
||||
sha1: "{{ psono_client_archive_sha1 }}"
|
||||
|
||||
- name: Remove previous version
|
||||
file: path={{ psono_root_dir }}/client state=absent
|
||||
- file: path={{ psono_root_dir }}/client state=directory
|
||||
|
||||
- name: Extract archive
|
||||
unarchive:
|
||||
src: "{{ psono_root_dir }}/tmp/client.zip"
|
||||
dest: "{{ psono_root_dir }}/client/"
|
||||
remote_src: True
|
||||
|
||||
- when: psono_admin_install_mode != 'none'
|
||||
tags: psono
|
||||
block:
|
||||
- name: Download psono admin
|
||||
get_url:
|
||||
url: "{{ item.url }}"
|
||||
dest: "{{ psono_root_dir }}/tmp/admin.zip"
|
||||
checksum: sha1:{{ item.sha1 }}
|
||||
loop:
|
||||
- url: "{{ psono_admin_archive_url }}"
|
||||
sha1: "{{ psono_admin_archive_sha1 }}"
|
||||
|
||||
- name: Remove previous version
|
||||
file: path={{ psono_root_dir }}/admin state=absent
|
||||
- file: path={{ psono_root_dir }}/admin state=directory
|
||||
|
||||
- name: Extract archive
|
||||
unarchive:
|
||||
src: "{{ psono_root_dir }}/tmp/admin.zip"
|
||||
dest: "{{ psono_root_dir }}/admin/"
|
||||
remote_src: True
|
||||
|
||||
- name: Install backup pre/post hooks
|
||||
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/psono.sh mode=700
|
||||
loop:
|
||||
- pre
|
||||
- post
|
||||
tags: psono
|
11
roles/unmaintained/psono/tasks/iptables.yml
Normal file
11
roles/unmaintained/psono/tasks/iptables.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- name: Handle psono port in the firewall
|
||||
iptables_raw:
|
||||
name: psono_server_port
|
||||
state: "{{ (psono_server_src_ip | length > 0) | ternary('present','absent') }}"
|
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ psono_server_port }} -s {{ psono_server_src_ip | join(',') }} -j ACCEPT"
|
||||
when: iptables_manage | default(True)
|
||||
tags: firewall,psono
|
||||
|
||||
|
15
roles/unmaintained/psono/tasks/main.yml
Normal file
15
roles/unmaintained/psono/tasks/main.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
- include: user.yml
|
||||
- include: directories.yml
|
||||
- include: facts.yml
|
||||
- include: archive_pre.yml
|
||||
when: psono_server_install_mode == 'upgrade' or psono_client_install_mode == 'upgrade' or psono_admin_install_mode == 'upgrade'
|
||||
- include: install.yml
|
||||
- include: conf.yml
|
||||
- include: iptables.yml
|
||||
- include: service.yml
|
||||
- include: archive_post.yml
|
||||
when: psono_server_install_mode == 'upgrade' or psono_client_install_mode == 'upgrade' or psono_admin_install_mode == 'upgrade'
|
||||
- include: write_version.yml
|
||||
- include: cleanup.yml
|
9
roles/unmaintained/psono/tasks/service.yml
Normal file
9
roles/unmaintained/psono/tasks/service.yml
Normal file
@@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
- name: Start and enable psono-server
|
||||
service: name=psono-server state=started enabled=True
|
||||
tags: psono
|
||||
|
||||
- name: Start and enable psono timer
|
||||
systemd: name=psono-cleartoken.timer state=started enabled=True
|
||||
tags: psono
|
5
roles/unmaintained/psono/tasks/user.yml
Normal file
5
roles/unmaintained/psono/tasks/user.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- name: Create psono user account
|
||||
user: name={{ psono_user }} home={{ psono_root_dir }}/server system=True
|
||||
tags: psono
|
12
roles/unmaintained/psono/tasks/write_version.yml
Normal file
12
roles/unmaintained/psono/tasks/write_version.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
|
||||
- name: Write version
|
||||
copy: content={{ item.version }} dest={{ psono_root_dir }}/meta/{{ item.file }}
|
||||
loop:
|
||||
- version: "{{ psono_server_version }}"
|
||||
file: ansible_server_version
|
||||
- version: "{{ psono_client_version }}"
|
||||
file: ansible_client_version
|
||||
- version: "{{ psono_admin_version }}"
|
||||
file: ansible_admin_version
|
||||
tags: psono
|
Reference in New Issue
Block a user