Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

220 lines
6.7 KiB

---
- name: Set default install mode
set_fact: ttrss_install_mode='none'
- name: Set php executable
set_fact: ttrss_php_bin=/usr/bin/php{{ (ttrss_php_version == '54') | ternary('',ttrss_php_version) }}
- name: Install packages
yum:
name:
- git
- MySQL-python
- mariadb
- name: Create user account for PHP
user:
name: "{{ ttrss_php_user }}"
comment: "PHP FPM {{ ttrss_php_user }}"
system: True
shell: /sbin/nologin
- name: Check if ttrss is already installed
stat: path={{ ttrss_root_dir }}/meta/ansible_version
register: ttrss_version_file
- name: Check installed version
command: cat {{ ttrss_root_dir }}/meta/ansible_version
register: ttrss_current_version
changed_when: False
when: ttrss_version_file.stat.exists
- name: Set install mode to install
set_fact: ttrss_install_mode='install'
when: not ttrss_version_file.stat.exists
- name: Create directory structure
file: name={{ item }} state=directory
with_items:
- "{{ ttrss_root_dir }}"
- "{{ ttrss_root_dir }}/web"
- "{{ ttrss_root_dir }}/archives"
- "{{ ttrss_root_dir }}/sessions"
- "{{ ttrss_root_dir }}/cache"
- "{{ ttrss_root_dir }}/data"
- "{{ ttrss_root_dir }}/data/icons"
- "{{ ttrss_root_dir }}/tmp"
- "{{ ttrss_root_dir }}/meta"
- "{{ ttrss_root_dir }}/db_dumps"
- name: Check if already checked out
stat: path={{ ttrss_root_dir }}/web/.git
register: ttrss_git_checked
- name: Clone GIT repo
git:
repo: "{{ ttrss_git_uri }}"
dest: "{{ ttrss_root_dir }}/web"
version: "{{ ttrss_version }}"
force: True
register: ttrss_git
notify: restart ttrss-updater
- name: Get new git commit
command: git rev-parse HEAD
args:
chdir: "{{ ttrss_root_dir }}/web"
register: ttrss_git_commit
changed_when: False
- name: Set install mode to upgrade
set_fact: ttrss_install_mode='upgrade'
when:
- ttrss_install_mode == 'none'
- ttrss_git_commit.stdout != ttrss_current_version.stdout
- name: Create the archive dir
file: path={{ ttrss_root_dir }}/archives/{{ ttrss_git_commit.stdout }} state=directory
when: ttrss_install_mode == 'upgrade'
- name: Save the database
mysql_db:
state: dump
name: "{{ ttrss_mysql_db }}"
target: "{{ ttrss_root_dir }}/archives/{{ ttrss_git_commit.stdout }}/{{ ttrss_mysql_db }}.sql.xz"
login_host: "{{ ttrss_mysql_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
when: ttrss_install_mode == 'upgrade'
- name: Populate the cache directory
synchronize:
src: "{{ ttrss_root_dir }}/web/cache/"
dest: "{{ ttrss_root_dir }}/cache/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
changed_when: False
- name: Deploy permission script
template: src=perms.sh.j2 dest={{ ttrss_root_dir }}/perms.sh mode=755
- name: Apply permissions
shell: "{{ ttrss_root_dir }}/perms.sh"
changed_when: False
- name: Deploy httpd configuration
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-ttrss_{{ ttrss_id }}.conf
notify: reload httpd
- name: Deploy PHP configuration
template: src=php.conf.j2 dest={{ httpd_php_versions[ttrss_php_version].conf_path }}/php-fpm.d/ttrss_{{ ttrss_id }}.conf
notify: restart php-fpm
- name: Remove PHP configuration from other versions
file: path={{ httpd_php_versions[item].conf_path }}/php-fpm.d/ttrss_{{ ttrss_id }}.conf state=absent
with_items: "{{ httpd_php_versions.keys() | list | difference([ ttrss_php_version ]) }}"
notify: restart php-fpm
- name: Remove PHP configuration (using a custom pool)
file: path={{ httpd_php_versions[ttrss_php_version].conf_path }}/php-fpm.d/ttrss_{{ ttrss_id }}.conf state=absent
when: ttrss_php_fpm_pool is defined
notify: restart php-fpm
- name: Generate a random pass for the database
shell: openssl rand -base64 45 > {{ ttrss_root_dir }}/meta/ansible_dbpass
args:
creates: "{{ ttrss_root_dir }}/meta/ansible_dbpass"
when: ttrss_mysql_pass is not defined
- name: Read database password
command: cat {{ ttrss_root_dir }}/meta/ansible_dbpass
register: ttrss_rand_pass
when: ttrss_mysql_pass is not defined
changed_when: False
- name: Set database pass
set_fact: ttrss_mysql_pass={{ ttrss_rand_pass.stdout }}
when: ttrss_mysql_pass is not defined
- name: Create MySQL database
mysql_db:
name: "{{ ttrss_mysql_db }}"
login_host: "{{ ttrss_mysql_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
register: ttrss_mysql_created
- name: Create MySQL User
mysql_user:
name: "{{ ttrss_mysql_user }}"
password: "{{ ttrss_mysql_pass }}"
priv: "{{ ttrss_mysql_db }}.*:ALL"
host: "{{ (ttrss_mysql_server == 'localhost' ) | ternary('localhost', item ) }}"
login_host: "{{ ttrss_mysql_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ ansible_all_ipv4_addresses }}"
- name: Create a safer MySQL schema file
shell: grep -vi 'drop table' {{ ttrss_root_dir }}/web/schema/ttrss_schema_mysql.sql > {{ ttrss_root_dir }}/tmp/ttrss.sql
when: ttrss_install_mode == 'install'
- name: Inject SQL structure
mysql_db:
name: "{{ ttrss_mysql_db }}"
state: import
target: "{{ ttrss_root_dir }}/tmp/ttrss.sql"
login_host: "{{ ttrss_mysql_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when:
- ttrss_install_mode == 'install'
- ttrss_mysql_created.changed
- name: Remove temp files
file: path={{ item }} state=absent
with_items:
"{{ ttrss_root_dir }}/tmp/ttrss.sql"
- name: Deploy Tiny Tiny RSS configuration
template: src=config.php.j2 dest={{ ttrss_root_dir }}/web/config.php group={{ ttrss_php_user }} mode=640
- name: Write current version
copy: content={{ ttrss_git_commit.stdout }} dest={{ ttrss_root_dir }}/meta/ansible_version
when: ttrss_install_mode != 'none'
- name: Update the database
shell: echo 'yes' | {{ ttrss_php_bin }} {{ ttrss_root_dir }}/web/update.php --update-schema
become_user: "{{ ttrss_php_user }}"
when: ttrss_install_mode == 'upgrade'
- name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/ttrss_{{ ttrss_id }}_{{ item.script }} mode=750
with_items:
- script: dump_db
type: pre
- script: rm_dump
type: post
- name: Set correct SELinux context
sefcontext:
target: "{{ ttrss_root_dir }}(/.*)?"
setype: httpd_sys_content_t
state: present
when: ansible_selinux.status == 'enabled'
- name: Deploy systemd unit
template: src=ttrss-updater.service.j2 dest=/etc/systemd/system/ttrss-updater_{{ ttrss_id }}.service
notify:
- reload systemd
- restart ttrss-updater
- name: Start and enable the service
service: name=ttrss-updater_{{ ttrss_id }} state=started enabled=yes