---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: unifi
- name: Set default install mode to none
set_fact: unifi_install_mode="none"
tags: unifi
- name: Remove mongodb from base repo
yum: name=mongodb-server state=absent
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version is version('8','<')
tags: unifi
- name: Install dependencies
yum: name={{ unifi_packages }}
notify: restart unifi
tags: unifi
- name: Create a system account to run unifi
user:
name: unifi
comment: "Unifi system account"
system: True
shell: /sbin/nologin
tags: unifi
- name: Check if unifi is installed
stat: path={{ unifi_root_dir }}/meta/ansible_version
register: unifi_version_file
tags: unifi
- name: Check installed version
command: cat {{ unifi_root_dir }}/meta/ansible_version
register: unifi_current_version
changed_when: False
when: unifi_version_file.stat.exists
tags: unifi
- name: Set install mode to install
set_fact: unifi_install_mode='install'
when: not unifi_version_file.stat.exists
tags: unifi
- name: Set install mode to upgrade
set_fact: unifi_install_mode='upgrade'
when:
- unifi_version_file.stat.exists
- unifi_current_version is defined
- unifi_current_version.stdout != unifi_version
- unifi_manage_upgrade == True
tags: unifi
- name: Create archive directory
file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=directory
when: unifi_install_mode == 'upgrade'
tags: unifi
- name: Stop the service
service: name=unifi state=stopped
when: unifi_install_mode == 'upgrade'
tags: unifi
- name: Archive current version
synchronize:
src: "{{ unifi_root_dir }}/app"
dest: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}/"
recursive: True
delete: True
compress: False
rsync_opts:
- '--sparse'
delegate_to: "{{ inventory_hostname }}"
when: unifi_install_mode == 'upgrade'
tags: unifi
- name: Create directories
file: path={{ unifi_root_dir }}/{{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
with_items:
- path: tmp
- path: app
owner: unifi
group: unifi
- path: 'app/data'
owner: unifi
group: unifi
mode: 700
- path: meta
- path: archives
owner: root
group: root
mode: 700
- path: backup
owner: unifi
group: unifi
mode: 700
tags: unifi
- name: Download unifi archive
get_url:
url: "{{ unifi_archive_url }}"
dest: "{{ unifi_root_dir }}/tmp"
checksum: "sha1:{{ unifi_archive_sha1 }}"
when: unifi_install_mode != 'none'
tags: unifi
- name: Extract Unifi
unarchive:
src: "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
dest: "{{ unifi_root_dir }}/tmp"
owner: unifi
group: unifi
remote_src: True
when: unifi_install_mode != 'none'
tags: unifi
- name: Move unifi to its final directory
synchronize:
src: "{{ unifi_root_dir }}/tmp/UniFi/{{ item }}"
dest: "{{ unifi_root_dir }}/app/"
delete: True
recursive: True
with_items:
- bin
- conf
- dl
- lib
- webapps
delegate_to: "{{ inventory_hostname }}"
when: unifi_install_mode != 'none'
tags: unifi
- name: Handle unifi HTTP ports
iptables_raw:
name: unifi_http_ports
state: "{{ (unifi_http_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ unifi_http_ports | join(',') }} -s {{ unifi_http_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: [firewall,unifi]
- name: Handle unifi STUN ports
iptables_raw:
name: unifi_stun_ports
state: "{{ (unifi_stun_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p udp -m multiport --dports {{ unifi_stun_ports | join(',') }} -s {{ unifi_stun_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: [firewall,unifi]
- name: Check if a config file already exists
stat: path={{ unifi_root_dir }}/app/data/system.properties
register: unifi_config
tags: unifi
- name: Init config file
copy: content="is_default=true" dest={{ unifi_root_dir }}/app/data/system.properties owner=unifi group=unifi mode=640
when: not unifi_config.stat.exists
tags: unifi
- name: Configure UniFi Controller
lineinfile:
path: "{{ unifi_root_dir }}/app/data/system.properties"
regexp: "^{{ item.option }}.*"
line: "{{ item.option }}={{ item.value }}"
with_items:
- option: unifi.xmx
value: 4096
- option: unifi.xms
value: 4096
- option: unifi.G1GC.enabled
value: 'true'
- option: autobackup.dir
value: "{{ unifi_root_dir }}/backup"
- option: unifi.http.port
value: "{{ unifi_http_port }}"
- option: unifi.https.port
value: "{{ unifi_https_port }}"
- option: portal.http.port
value: "{{ unifi_portal_http_port }}"
- option: portal.https.port
value: "{{ unifi_portal_https_port }}"
- option: uuid
value: "{{ inventory_hostname | to_uuid }}"
notify: restart unifi
tags: unifi
- name: Deploy unit file
template: src=unifi.service.j2 dest=/etc/systemd/system/unifi.service
notify: restart unifi
register: unifi_unit
tags: unifi
- name: Reload systemd
command: systemctl daemon-reload
when: unifi_unit.changed
tags: unifi
- name: Deploy pre and post backup hooks
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/unifi mode=755
loop:
- pre
- post
tags: unifi
- name: Start and enable the service
service: name=unifi state=started enabled=True
tags: unifi
- name: Compress previous version
command: tar cf {{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}.tar.zst --use-compress-program=zstd ./
args:
chdir: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}"
warn: False
when: unifi_install_mode == 'upgrade'
tags: unifi
- name: Remove archive dir
file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=absent
when: unifi_install_mode == 'upgrade'
tags: unifi
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
- "{{ unifi_root_dir }}/tmp/UniFi"
tags: unifi
- name: Write version installed
copy: content={{ unifi_version }} dest={{ unifi_root_dir }}/meta/ansible_version
tags: unifi
- include: filebeat.yml