Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

307 lines
8.8 KiB

---
- name: Install dependencies
yum:
name:
- openssl-devel
- openldap-devel
- libxml2-devel
- expat-devel
- mariadb-devel
- libapreq2-devel
- gcc
- perl-App-cpanminus
- gettext # To build I18N files
- pwgen # To generate random secrets
- java-1.8.0-openjdk-headless # For keytool utility
- systemd-devel # Needed for Log::Log4perl::Appender::Journald
- MySQL-python # To create and manage the MySQL DB
- mysql # To load the schema
- patch # To apply local patches
tags: pki
- name: Download OpenXPKI
get_url:
url: "{{ pki_archive_url }}"
dest: "{{ pki_root_dir }}/src"
checksum: "sha1:{{ pki_archive_sha1 }}"
register: pki_download
tags: pki
- name: Download OpenXPKI config
get_url:
url: "{{ pki_config_archive_url }}"
dest: "{{ pki_root_dir }}/src"
checksum: "sha1:{{ pki_config_archive_sha1 }}"
register: pki_config_download
tags: pki
- name: Extract OpenXPKI
unarchive:
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}.tar.gz"
dest: "{{ pki_root_dir }}/src"
remote_src: True
when: pki_download.changed
tags: pki
- name: Extract OpenXPKI config
unarchive:
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}.tar.gz"
dest: "{{ pki_root_dir }}/src"
remote_src: True
when: pki_config_download.changed
tags: pki
# This is needed or make will fail
- name: Write version in source dir
copy: content={{ pki_version }} dest={{ pki_root_dir }}/src/openxpki-{{ pki_version }}/VERSION
tags: pki
- name: Stop openxpki during upgrade
service: name=openxpki state=stopped
when: pki_install_mode == 'upgrade'
tags: pki
# With this, we ensure we update all perl modules each time we update OpenXPKI
- name: Wipe local lib dir
file: path={{ pki_root_dir }}/lib/perl5 state=absent
when: pki_install_mode == 'upgrade'
tags: pki
- name: Install perl modules needed to run the build
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
with_items:
- Config::Std
- Fatal
tags: pki
- name: Install perl module without tests
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
notest: True
with_items:
- Git::PurePerl
- Connector # This module tries to fetch web content without checking proxy from env
tags: pki
- name: Install OpenXPKI dependencies
cpanm:
locallib: "{{ pki_root_dir }}"
installdeps: True
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
tags: pki
- name: Build OpenXPKI
cpanm:
locallib: "{{ pki_root_dir }}"
from_path: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
notest: True
when: pki_install_mode != 'none'
environment:
PERL5LIB: "{{ pki_root_dir }}/lib/perl5"
PATH: "{{ pki_root_dir }}/bin:{{ ansible_env.PATH }}"
tags: pki
- name: Install additional perl modules
cpanm:
name: "{{ item }}"
locallib: "{{ pki_root_dir }}"
with_items:
- Devel::CheckLib # Needed to build BDB::mysql >= 4.047
- DBD::mysql
- Log::Log4perl::Appender::Journald
- Data::Dump # Needed for the external ldap auth script
- String::Escape # Needed for the external ldap auth script
tags: pki
- name: Install OpenXPKI
command: make install
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server"
when: pki_install_mode != 'none'
notify: restart openxpki
tags: pki
- name: Install OpenXPKI CGI::Session driver
copy:
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/CGI_Session_Driver/openxpki.pm"
dest: "{{ pki_root_dir }}/lib/perl5/CGI/Session/Driver/openxpki.pm"
remote_src: True
tags: pki
# This is needed so the build-pot.pl script finds msg labels in config
# during the make scan step in next task
- name: Copy default conf in server source directory
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/"
dest: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/config/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: pki_install_mode != 'none'
tags: pki
- name: Scan, build and install translations
shell: make scan && make && make install LOCALE_DIR={{ pki_root_dir }}/locale
args:
chdir: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/i18n"
when: pki_install_mode != 'none'
tags: pki
- name: Install the web UI
synchronize:
src: "{{ pki_root_dir }}/src/openxpki-{{ pki_version }}/core/server/{{ item }}"
dest: "{{ pki_root_dir }}/web/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
with_items:
- cgi-bin
- htdocs
when: pki_install_mode != 'none'
tags: pki
- name: Install wrapper scripts
template: src=bin/{{ item }}.j2 dest=/usr/local/bin/{{ item }} mode=755
with_items:
- openxpkiadm
- openxpkicmd
tags: pki
- name: Deploy cron scripts
template: src=bin/{{ item }}.j2 dest={{ pki_root_dir }}/bin/{{ item }} mode=755
with_items:
- crl_update
- notify_expiry
tags: pki
- name: Setup cronjobs
cron:
name: "{{ item.script }}"
cron_file: openxpki
user: "{{ pki_user }}"
job: /bin/systemd-cat {{ pki_root_dir }}/bin/{{ item.script }}
special_time: "{{ item.freq }}"
with_items:
- script: crl_update
freq: hourly
- script: notify_expiry
freq: weekly
tags: pki
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ pki_db_name }}"
- db_user: "{{ pki_db_user }}"
- db_server: "{{ pki_db_server }}"
- db_pass: "{{ pki_db_pass }}"
tags: pki
- name: Inject MySQL schema
mysql_db:
name: "{{ pki_db_name }}"
state: import
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/schema-mysql.sql"
login_host: "{{ pki_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when:
- pki_install_mode == 'install'
- pki_db.changed
tags: pki
- name: Copy additional sql scripts
copy: src={{ item }} dest={{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/{{ item }}
loop:
- session_table.sql
- upgrade_to_v3.sql
tags: pki
- name: Create session table
mysql_db:
name: "{{ pki_db_name }}"
state: import
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/session_table.sql"
login_host: "{{ pki_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when:
- pki_install_mode != 'none'
tags: pki
- name: Create user for session table
mysql_user:
name: "{{ pki_db_session_user }}"
password: "{{ pki_db_session_pass }}"
priv: "{{ pki_db_name }}.frontend_session:SELECT,INSERT,UPDATE,DELETE"
append_privs: "{{ append_privs | default(False) }}"
host: "{{ ( pki_db_server == 'localhost' ) | ternary('localhost', item ) }}"
login_host: "{{ pki_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ ansible_all_ipv4_addresses }}"
tags: pki
- name: Upgrade database from v2 to v3
mysql_db:
name: "{{ pki_db_name }}"
state: import
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/upgrade_to_v3.sql"
login_host: "{{ pki_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when:
- pki_install_mode == 'upgrade'
- pki_current_version is match('^2')
tags: pki
- name: Copy DB upgrades scripts
copy: src=upgrade_to_v{{ item }}.sql dest={{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/
loop:
- '3.4'
tags: pki
- name: Apply db upgrades
mysql_db:
name: "{{ pki_db_name }}"
state: import
target: "{{ pki_root_dir }}/src/openxpki-config-{{ pki_config_version }}/contrib/sql/upgrade_to_v{{ item }}.sql"
login_host: "{{ pki_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
loop:
- '3.4'
when:
- pki_install_mode == 'upgrade'
- pki_current_version is version(item, '<')
tags: pki
- name: Deploy systemd unit
template: src=openxpki.service.j2 dest=/etc/systemd/system/openxpki.service
register: pki_unit
tags: pki
- name: Reload systemd
systemd: daemon_reload=True
when: pki_unit.changed
tags: pki
- name: Deploy authentication script helpers
copy: src={{ item }} dest={{ pki_root_dir }}/bin/{{ item }} mode=755
with_items:
- openxpki-auth-ldap
tags: pki
- name: Install pre and post backup scripts
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/openxpki mode=750
loop:
- pre
- post
tags: pki