Update to 2021-12-01 19:13

This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions

View File

@@ -0,0 +1,17 @@
---
- name: Compress previous version
command: tar cf {{ psono_root_dir }}/archives/{{ item.component }}_{{ item.version }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ psono_server_root_dir }}/archives/{{ item.component }}_{{ item.version }}"
warn: False
loop:
- component: server
version: "{{ psono_server_current_version }}"
- component: client
version: "{{ psono_client_current_version }}"
- component: admin
version: "{{ psono_admin_current_version }}"
tags: psono

View File

@@ -0,0 +1,38 @@
---
- name: Create archive dir
file: path={{ psono_root_dir }}/archives/{{ item }} state=directory
loop:
- server_{{ psono_server_current_version }}
- client_{{ psono_client_current_version }}
- admin_{{ psono_admin_current_version }}
tags: psono
- name: Archive previous version
synchronize:
src: "{{ psono_root_dir }}/{{ item.src }}"
dest: "{{ psono_root_dir }}/archives/{{ item.dest }}/"
recursive: True
delete: True
loop:
- src: server
dest: server_{{ psono_server_current_version }}
- src: client
dest: client_{{ psono_client_current_version }}
- src: admin
dest: admin_{{ psono_admin_current_version }}
delegate_to: "{{ inventory_hostname }}"
tags: psono
- name: Archive database
command: >
/usr/pgsql-14/bin/pg_dump
--clean
--create
--host={{ psono_db_server }}
--port={{ psono_db_port }}
--username=sqladmin {{ psono_db_name }}
--file={{ psono_root_dir }}/archives/server_{{ psono_server_current_version }}/{{ psono_db_name }}.sql
environment:
- PGPASSWORD: "{{ pg_admin_pass }}"
tags: psono

View File

@@ -0,0 +1,9 @@
---
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}.tar.gz"
- "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}"
- "{{ psono_root_dir }}/tmp/.psono_server"
tags: psono

View File

@@ -0,0 +1,80 @@
---
- name: Check is secrets have been created
stat: path={{ psono_root_dir }}/meta/ansible_{{ item }}
register: psono_server_secrets
loop:
- SECRET_KEY
- ACTIVATION_LINK_SECRET
- DB_SECRET
- EMAIL_SECRET_SALT
- PRIVATE_KEY
- PUBLIC_KEY
tags: psono
- when: psono_server_secrets.results | selectattr('stat.exists', 'equalto', True) | list | length < 6
tags: psono
block:
- name: Create temporary PSONO_HOME
file: path={{ psono_root_dir }}/tmp/.psono_server state=directory
- name: Deploy a temp config
copy: src={{ psono_root_dir }}/server/app/configs/mainconfig/settings.yaml dest={{ psono_root_dir }}/tmp/.psono_server/ remote_src=True
- name: Generate server's secrets
shell: |
{{ psono_root_dir }}/server/venv/bin/python3 \
{{ psono_root_dir }}/server/app/psono/manage.py \
generateserverkeys > {{ psono_root_dir }}/tmp/keys.tmp
{% for item in psono_server_secrets.results %}
[ -e {{ psono_root_dir }}/meta/ansible_{{ item.item }} ] || \
cat {{ psono_root_dir }}/tmp/keys.tmp | grep -P '^{{ item.item }}' | \
sed -e 's/^{{ item.item }}: //' | \
xargs > {{ psono_root_dir }}/meta/ansible_{{ item.item }}
chmod 600 {{ psono_root_dir }}/meta/ansible_{{ item.item }}
{% endfor %}
rm -f {{ psono_root_dir }}/tmp/keys.tmp
environment:
PSONO_HOME: "{{ psono_root_dir }}/tmp/"
- name: Read secrets
command: cat {{ psono_root_dir }}/meta/ansible_{{ item }}
register: psono_tokens
loop:
- SECRET_KEY
- ACTIVATION_LINK_SECRET
- DB_SECRET
- EMAIL_SECRET_SALT
- PRIVATE_KEY
- PUBLIC_KEY
changed_when: False
tags: psono
- name: Deploy configuration
template: src=settings.yaml.j2 dest={{ psono_root_dir }}/server/.psono_server/settings.yaml owner={{ psono_user }} group={{ psono_user }} mode=600
notify:
- restart psono-server
tags: psono
- name: Migrate database
django_manage:
command: migrate
app_path: "{{ psono_root_dir }}/server/app/psono"
virtualenv: "{{ psono_root_dir }}/server/venv"
environment:
- PSONO_HOME: "{{ psono_root_dir }}/server"
when: psono_server_install_mode != 'none'
notify: restart psono-server
tags: psono
- name: Deploy client and admin conf file
template: src=webclient.json.j2 dest={{ psono_root_dir }}/{{ item }}/config.json
loop:
- client
- admin
tags: psono
- name: Deploy nginx configuration
template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/31-psono.conf
notify: reload nginx
tags: psono

View File

@@ -0,0 +1,20 @@
---
- name: Create directories
file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
loop:
- path: "{{ psono_root_dir }}/client"
- path: "{{ psono_root_dir }}/admin"
- path: "{{ psono_root_dir }}/server/app"
- path: "{{ psono_root_dir }}/server/venv"
- path: "{{ psono_root_dir }}/meta"
mode: 700
- path: "{{ psono_root_dir }}/tmp"
mode: 700
- path: "{{ psono_root_dir }}/backup"
mode: 700
- path: "{{ psono_root_dir }}/server/.psono_server"
owner: "{{ psono_user }}"
group: "{{ psono_user }}"
mode: 700
tags: psono

View File

@@ -0,0 +1,80 @@
---
- name: Set initial install modes
block:
- set_fact: psono_server_install_mode='none'
- set_fact: psono_server_current_version=''
- set_fact: psono_client_install_mode='none'
- set_fact: psono_client_current_version=''
- set_fact: psono_admin_install_mode='none'
- set_fact: psono_admin_current_version=''
tags: psono
- name: Check if server is installed
stat: path={{ psono_root_dir }}/meta/ansible_server_version
register: psono_server_version_file
tags: psono
- when: psono_server_version_file.stat.exists
block:
- name: Check installed version
slurp: src={{ psono_root_dir }}/meta/ansible_server_version
register: psono_server_current_version
- set_fact: psono_server_current_version={{ psono_server_current_version.content | b64decode | trim }}
- set_fact: psono_server_install_mode='upgrade'
when: psono_server_current_version != psono_server_version
tags: psono
- when: not psono_server_version_file.stat.exists
block:
- set_fact: psono_server_install_mode='install'
tags: psono
- name: Check if client is installed
stat: path={{ psono_root_dir }}/meta/ansible_client_version
register: psono_client_version_file
tags: psono
- when: psono_client_version_file.stat.exists
block:
- name: Check installed version
slurp: src={{ psono_root_dir }}/meta/ansible_client_version
register: psono_client_current_version
- set_fact: psono_client_current_version={{ psono_client_current_version.content | b64decode | trim }}
- set_fact: psono_client_install_mode='upgrade'
when: psono_client_current_version != psono_client_version and psono_manage_upgrade
tags: psono
- when: not psono_client_version_file.stat.exists
block:
- set_fact: psono_client_install_mode='install'
tags: psono
- name: Check if admin is installed
stat: path={{ psono_root_dir }}/meta/ansible_admin_version
register: psono_admin_version_file
tags: psono
- when: psono_admin_version_file.stat.exists
block:
- name: Check installed version
slurp: src={{ psono_root_dir }}/meta/ansible_admin_version
register: psono_admin_current_version
- set_fact: psono_admin_current_version={{ psono_admin_current_version.content | b64decode | trim }}
- set_fact: psono_admin_install_mode='upgrade'
when: psono_admin_current_version != psono_admin_version and psono_manage_upgrade
tags: psono
- when: not psono_admin_version_file.stat.exists
block:
- set_fact: psono_admin_install_mode='install'
tags: psono
- when: psono_db_pass is not defined
tags: psono
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ psono_root_dir }}/meta/ansible_dbpass"
- set_fact: psono_db_pass={{ rand_pass }}

View File

@@ -0,0 +1,164 @@
---
- name: Install needed tools
yum:
name:
- git
- gcc
- openssl-devel
- libffi-devel
- openldap-devel
- python3-devel
- python3-pip
- python3-virtualenv
- python-setuptools
- postgresql-devel
- postgresql11
tags: psono
- when: psono_server_install_mode != 'none'
tags: psono
block:
- name: Download psono
get_url:
url: "{{ item.url }}"
dest: "{{ psono_root_dir }}/tmp"
checksum: sha1:{{ item.sha1 }}
loop:
- url: "{{ psono_server_archive_url }}"
sha1: "{{ psono_server_archive_sha1 }}"
- name: Extract server archive
unarchive:
src: "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}.tar.gz"
dest: "{{ psono_root_dir }}/tmp/"
remote_src: True
- name: Move files to their final location
synchronize:
src: "{{ psono_root_dir }}/tmp/psono-server-v{{ psono_server_version }}/"
dest: "{{ psono_root_dir }}/server/app/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
notify: restart psono-server
- name: Create the PostgreSQL role
postgresql_user:
db: postgres
name: "{{ psono_db_user }}"
password: "{{ psono_db_pass }}"
login_host: "{{ psono_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: psono
- name: Create the PostgreSQL database
postgresql_db:
name: "{{ psono_db_name }}"
encoding: UTF-8
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ psono_db_user }}"
login_host: "{{ psono_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: psono
- name: Enable required PostgreSQL extensions
postgresql_ext:
name: "{{ item }}"
db: "{{ psono_db_name }}"
login_host: "{{ psono_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
loop:
- pgcrypto
- ltree
tags: psono
- name: Create the virtualenv
pip:
name:
- gunicorn
state: "{{ (psono_server_install_mode == 'none') | ternary('present', 'latest') }}"
virtualenv: "{{ psono_root_dir }}/server/venv"
virtualenv_command: /usr/bin/virtualenv-3
virtualenv_python: /usr/bin/python3
tags: psono
- name: Install python modules in the virtualenv
pip:
requirements: "{{ psono_root_dir }}/server/app/requirements.txt"
state: "{{ (psono_server_install_mode == 'none') | ternary('present', 'latest') }}"
virtualenv: "{{ psono_root_dir }}/server/venv"
virtualenv_command: /usr/bin/virtualenv-3
virtualenv_python: /usr/bin/python3
tags: psono
- name: Deploy systemd units
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
loop:
- psono-server.service
- psono-cleartoken.service
- psono-cleartoken.timer
register: psono_units
notify: restart psono-server
tags: psono
- name: Reload systemd
systemd: daemon_reload=True
when: psono_units.results | selectattr('changed','equalto',True) | list | length > 0
tags: psono
- when: psono_client_install_mode != 'none'
tags: psono
block:
- name: Download psono client
get_url:
url: "{{ item.url }}"
dest: "{{ psono_root_dir }}/tmp/client.zip"
checksum: sha1:{{ item.sha1 }}
loop:
- url: "{{ psono_client_archive_url }}"
sha1: "{{ psono_client_archive_sha1 }}"
- name: Remove previous version
file: path={{ psono_root_dir }}/client state=absent
- file: path={{ psono_root_dir }}/client state=directory
- name: Extract archive
unarchive:
src: "{{ psono_root_dir }}/tmp/client.zip"
dest: "{{ psono_root_dir }}/client/"
remote_src: True
- when: psono_admin_install_mode != 'none'
tags: psono
block:
- name: Download psono admin
get_url:
url: "{{ item.url }}"
dest: "{{ psono_root_dir }}/tmp/admin.zip"
checksum: sha1:{{ item.sha1 }}
loop:
- url: "{{ psono_admin_archive_url }}"
sha1: "{{ psono_admin_archive_sha1 }}"
- name: Remove previous version
file: path={{ psono_root_dir }}/admin state=absent
- file: path={{ psono_root_dir }}/admin state=directory
- name: Extract archive
unarchive:
src: "{{ psono_root_dir }}/tmp/admin.zip"
dest: "{{ psono_root_dir }}/admin/"
remote_src: True
- name: Install backup pre/post hooks
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/psono.sh mode=700
loop:
- pre
- post
tags: psono

View File

@@ -0,0 +1,11 @@
---
- name: Handle psono port in the firewall
iptables_raw:
name: psono_server_port
state: "{{ (psono_server_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ psono_server_port }} -s {{ psono_server_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: firewall,psono

View File

@@ -0,0 +1,15 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: psono_server_install_mode == 'upgrade' or psono_client_install_mode == 'upgrade' or psono_admin_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: iptables.yml
- include: service.yml
- include: archive_post.yml
when: psono_server_install_mode == 'upgrade' or psono_client_install_mode == 'upgrade' or psono_admin_install_mode == 'upgrade'
- include: write_version.yml
- include: cleanup.yml

View File

@@ -0,0 +1,9 @@
---
- name: Start and enable psono-server
service: name=psono-server state=started enabled=True
tags: psono
- name: Start and enable psono timer
systemd: name=psono-cleartoken.timer state=started enabled=True
tags: psono

View File

@@ -0,0 +1,5 @@
---
- name: Create psono user account
user: name={{ psono_user }} home={{ psono_root_dir }}/server system=True
tags: psono

View File

@@ -0,0 +1,12 @@
---
- name: Write version
copy: content={{ item.version }} dest={{ psono_root_dir }}/meta/{{ item.file }}
loop:
- version: "{{ psono_server_version }}"
file: ansible_server_version
- version: "{{ psono_client_version }}"
file: ansible_client_version
- version: "{{ psono_admin_version }}"
file: ansible_admin_version
tags: psono