Update to 2022-01-30 19:00

2025-07-26 15:55:56 +02:00 · 2022-01-30 19:00:17 +01:00
parent 03f70d2e98
commit cc0f49f93e
22 changed files with 663 additions and 0 deletions
--- a/roles/penpot/tasks/archive_post.yml
+++ b/roles/penpot/tasks/archive_post.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ penpot_root_dir }}/archives/{{ penpot_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ penpot_root_dir }}/archives/{{ penpot_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+    ZSTD_NBTHREADS: 0
+  tags: penpot
--- a/roles/penpot/tasks/archive_pre.yml
+++ b/roles/penpot/tasks/archive_pre.yml
@@ -0,0 +1,37 @@
+---
+
+- name: Create archive dir
+  file: path={{ penpot_root_dir }}/archives/{{ penpot_current_version }} state=directory
+  tags: penpot
+
+- name: Stop service during upgrade
+  service: name={{ item }} state=stopped
+  loop:
+    - penpot-server
+    - penpot-exporter
+  tags: penpot
+
+- name: Archive current version
+  synchronize:
+    src: "{{ penpot_root_dir }}/{{ item }}"
+    dest: "{{ penpot_root_dir }}/archives/{{ penpot_current_version }}/"
+    delete: True
+    compress: False
+  delegate_to: "{{ inventory_hostname }}"
+  loop:
+    - backend
+    - frontend
+  tags: penpot
+
+- name: Dump the database
+  command: >
+    /usr/pgsql-14/bin/pg_dump
+    --clean
+    --create
+    --host={{ penpot_db_server | quote }}
+    --port={{ penpot_db_port | quote }}
+    --username={{ penpot_db_user | quote }} {{ penpot_db_name | quote }}
+    --file="{{ penpot_root_dir }}/archives/{{ penpot_current_version }}/{{ penpot_db_name }}.sql"
+  environment:
+    - PGPASSWORD: "{{ penpot_db_pass }}"
+  tags: penpot
--- a/roles/penpot/tasks/cleanup.yml
+++ b/roles/penpot/tasks/cleanup.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}.tar.gz"
+    - "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}"
+    - "{{ penpot_root_dir }}/archives/{{ penpot_current_version }}"
+  tags: penpot
--- a/roles/penpot/tasks/conf.yml
+++ b/roles/penpot/tasks/conf.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Deploy backend configuration
+  template: src=env.j2 dest={{ penpot_root_dir }}/etc/env owner=root group={{ penpot_user }} mode=640
+  notify: restart penpot
+  tags: penpot
+
+- name: Deploy frontend configuration
+  template: src=config.js.j2 dest={{ penpot_root_dir }}/frontend/js/config.js
+  tags: penpot
+
+- name: Deploy nginx configuration
+  template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/10-penpot.conf
+  notify: reload nginx
+  tags: penpot
--- a/roles/penpot/tasks/directories.yml
+++ b/roles/penpot/tasks/directories.yml
@@ -0,0 +1,37 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ penpot_root_dir }}"
+    - dir: "{{ penpot_root_dir }}/backend"
+    - dir: "{{ penpot_root_dir }}/frontend"
+    - dir: "{{ penpot_root_dir }}/exporter"
+    - dir: "{{ penpot_root_dir }}/meta"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ penpot_root_dir }}/backup"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ penpot_root_dir }}/archives"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ penpot_root_dir }}/tmp"
+      owner: "{{ penpot_user }}"
+      group: "{{ penpot_user }}"
+      mode: 700
+    - dir: "{{ penpot_root_dir }}/data"
+      owner: "{{ penpot_user }}"
+      group: "{{ penpot_user }}"
+      mode: 770
+    - dir: "{{ penpot_root_dir }}/data/assets"
+      owner: "{{ penpot_user }}"
+      group: "{{ penpot_user }}"
+    - dir: "{{ penpot_root_dir }}/etc"
+      owner: root
+      group: "{{ penpot_user }}"
+      mode: 750
+  tags: penpot
--- a/roles/penpot/tasks/facts.yml
+++ b/roles/penpot/tasks/facts.yml
@@ -0,0 +1,29 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: penpot
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ penpot_root_dir }}"
+        - version: "{{ penpot_version }}"
+    - set_fact: penpot_install_mode={{ (install_mode == 'upgrade' and not penpot_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: penpot_current_version={{ current_version | default('') }}
+  tags: penpot
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ penpot_root_dir }}/meta/ansible_dbpass"
+    - set_fact: penpot_db_pass={{ rand_pass }}
+  when: penpot_db_pass is not defined
+  tags: penpot
--- a/roles/penpot/tasks/install.yml
+++ b/roles/penpot/tasks/install.yml
@@ -0,0 +1,127 @@
+---
+
+- name: Install system dependencies
+  package: name={{ penpot_packages }}
+  tags: penpot
+
+- name: Install nodejs tools
+  npm: name={{ item }} global=True
+  loop:
+    - yarn
+    - sfnt2woff
+  tags: penpot
+
+- when: penpot_install_mode != 'none'
+  block:
+
+    - name: Download penpot
+      get_url:
+        url: "{{ penpot_archive_url }}"
+        dest: "{{ penpot_root_dir }}/tmp/"
+        checksum: sha256:{{ penpot_archive_sha256 }}
+
+    - name: Extract penpot archive
+      unarchive:
+        src: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}.tar.gz"
+        dest: "{{ penpot_root_dir }}/tmp/"
+        remote_src: True
+
+    - name: Build penpot backend
+      command: bb ./scripts/build
+      args:
+        chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/backend"
+
+    - name: Build penpot frontend
+      command: ./scripts/build
+      args:
+        chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/frontend"
+      environment:
+        CURRENT_HASH: "{{ penpot_version }}"
+
+    - name: Build penpot exporter
+      command: ./scripts/build
+      args:
+        chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/exporter"
+
+    - name: Install penpot exporter dependencies
+      command: yarn install
+      args:
+        chdir: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/exporter/target"
+
+  become_user: "{{ penpot_user }}"
+  tags: penpot
+
+- when: penpot_install_mode != 'none'
+  block:
+
+    - name: Install penpot backend and frontend
+      synchronize:
+        src: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/{{ item }}/target/dist/"
+        dest: "{{ penpot_root_dir }}/{{ item }}/"
+        delete: True
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+      loop:
+        - backend
+        - frontend
+
+    - name: Install penpot exporter
+      synchronize:
+        src: "{{ penpot_root_dir }}/tmp/penpot-{{ penpot_version }}/exporter/target/"
+        dest: "{{ penpot_root_dir }}/exporter/"
+        delete: True
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Set permissions
+      shell: |
+        setfacl -R -k -b {{ penpot_root_dir }}/
+        setfacl -m u:nginx:x {{ penpot_root_dir }}/
+        setfacl -m u:nginx:x {{ penpot_root_dir }}/data
+        setfacl -R -m u:nginx:rX {{ penpot_root_dir }}/data/assets
+
+  tags: penpot
+
+- block:
+    - name: Create the PostgreSQL role
+      postgresql_user:
+        db: postgres
+        name: "{{ penpot_db_user }}"
+        password: "{{ penpot_db_pass }}"
+        login_host: "{{ penpot_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ penpot_db_name }}"
+        encoding: UTF-8
+        template: template0
+        owner: "{{ penpot_db_user }}"
+        login_host: "{{ penpot_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+  tags: penpot
+
+- name: Deploy systemd units
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  loop:
+    - penpot-server.service
+    - penpot-exporter.service
+  register: penpot_units
+  notify: restart penpot
+  tags: penpot
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: penpot_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: penpot
+
+- name: Install backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/penpot mode=700
+  loop:
+    - pre
+    - post
+  tags: penpot
+
--- a/roles/penpot/tasks/main.yml
+++ b/roles/penpot/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: penpot_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: penpot_install_mode == 'upgrade'
+- include: cleanup.yml
--- a/roles/penpot/tasks/services.yml
+++ b/roles/penpot/tasks/services.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Start and enable services
+  service: name={{ item }} state=started enabled=True
+  loop:
+    - penpot-server
+    - penpot-exporter
+  tags: penpot
--- a/roles/penpot/tasks/user.yml
+++ b/roles/penpot/tasks/user.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Create user
+  user:
+    name: "{{ penpot_user }}"
+    home: "{{ penpot_root_dir }}"
+    system: True
+    shell: /sbin/nologin
+  tags: penpot
--- a/roles/penpot/tasks/write_version.yml
+++ b/roles/penpot/tasks/write_version.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ penpot_version }} dest={{ penpot_root_dir }}/meta/ansible_version
+  tags: penpot