|
|
|
---
|
|
|
|
|
|
|
|
- include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
|
|
|
|
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
|
|
|
|
- vars/{{ ansible_distribution }}.yml
|
|
|
|
- vars/{{ ansible_os_family }}.yml
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Set default install mode to none
|
|
|
|
set_fact: unifi_install_mode="none"
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Remove mongodb from base repo
|
|
|
|
yum: name=mongodb-server state=absent
|
|
|
|
when:
|
|
|
|
- ansible_os_family == 'RedHat'
|
|
|
|
- ansible_distribution_major_version is version('8','<')
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Install dependencies
|
|
|
|
yum: name={{ unifi_packages }}
|
|
|
|
notify: restart unifi
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Create a system account to run unifi
|
|
|
|
user:
|
|
|
|
name: unifi
|
|
|
|
comment: "Unifi system account"
|
|
|
|
system: True
|
|
|
|
shell: /sbin/nologin
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Check if unifi is installed
|
|
|
|
stat: path={{ unifi_root_dir }}/meta/ansible_version
|
|
|
|
register: unifi_version_file
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Check installed version
|
|
|
|
command: cat {{ unifi_root_dir }}/meta/ansible_version
|
|
|
|
register: unifi_current_version
|
|
|
|
changed_when: False
|
|
|
|
when: unifi_version_file.stat.exists
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Set install mode to install
|
|
|
|
set_fact: unifi_install_mode='install'
|
|
|
|
when: not unifi_version_file.stat.exists
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Set install mode to upgrade
|
|
|
|
set_fact: unifi_install_mode='upgrade'
|
|
|
|
when:
|
|
|
|
- unifi_version_file.stat.exists
|
|
|
|
- unifi_current_version is defined
|
|
|
|
- unifi_current_version.stdout != unifi_version
|
|
|
|
- unifi_manage_upgrade == True
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Create archive directory
|
|
|
|
file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=directory
|
|
|
|
when: unifi_install_mode == 'upgrade'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Stop the service
|
|
|
|
service: name=unifi state=stopped
|
|
|
|
when: unifi_install_mode == 'upgrade'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Archive current version
|
|
|
|
synchronize:
|
|
|
|
src: "{{ unifi_root_dir }}/app"
|
|
|
|
dest: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}/"
|
|
|
|
recursive: True
|
|
|
|
delete: True
|
|
|
|
compress: False
|
|
|
|
rsync_opts:
|
|
|
|
- '--sparse'
|
|
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
|
|
when: unifi_install_mode == 'upgrade'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Create directories
|
|
|
|
file: path={{ unifi_root_dir }}/{{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
|
|
|
|
with_items:
|
|
|
|
- path: tmp
|
|
|
|
- path: app
|
|
|
|
owner: unifi
|
|
|
|
group: unifi
|
|
|
|
- path: 'app/data'
|
|
|
|
owner: unifi
|
|
|
|
group: unifi
|
|
|
|
mode: 700
|
|
|
|
- path: meta
|
|
|
|
- path: archives
|
|
|
|
- path: backup
|
|
|
|
owner: unifi
|
|
|
|
group: unifi
|
|
|
|
mode: 700
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Download unifi archive
|
|
|
|
get_url:
|
|
|
|
url: "{{ unifi_archive_url }}"
|
|
|
|
dest: "{{ unifi_root_dir }}/tmp"
|
|
|
|
checksum: "sha1:{{ unifi_archive_sha1 }}"
|
|
|
|
when: unifi_install_mode != 'none'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Extract Unifi
|
|
|
|
unarchive:
|
|
|
|
src: "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
|
|
|
|
dest: "{{ unifi_root_dir }}/tmp"
|
|
|
|
owner: unifi
|
|
|
|
group: unifi
|
|
|
|
remote_src: True
|
|
|
|
when: unifi_install_mode != 'none'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Move unifi to its final directory
|
|
|
|
synchronize:
|
|
|
|
src: "{{ unifi_root_dir }}/tmp/UniFi/{{ item }}"
|
|
|
|
dest: "{{ unifi_root_dir }}/app/"
|
|
|
|
delete: True
|
|
|
|
recursive: True
|
|
|
|
with_items:
|
|
|
|
- bin
|
|
|
|
- conf
|
|
|
|
- dl
|
|
|
|
- lib
|
|
|
|
- webapps
|
|
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
|
|
when: unifi_install_mode != 'none'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Handle unifi HTTP ports
|
|
|
|
iptables_raw:
|
|
|
|
name: unifi_http_ports
|
|
|
|
state: "{{ (unifi_http_src_ip | length > 0) | ternary('present','absent') }}"
|
|
|
|
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ unifi_http_ports | join(',') }} -s {{ unifi_http_src_ip | join(',') }} -j ACCEPT"
|
|
|
|
when: iptables_manage | default(True)
|
|
|
|
tags: [firewall,unifi]
|
|
|
|
|
|
|
|
- name: Handle unifi STUN ports
|
|
|
|
iptables_raw:
|
|
|
|
name: unifi_stun_ports
|
|
|
|
state: "{{ (unifi_stun_src_ip | length > 0) | ternary('present','absent') }}"
|
|
|
|
rules: "-A INPUT -m state --state NEW -p udp -m multiport --dports {{ unifi_stun_ports | join(',') }} -s {{ unifi_stun_src_ip | join(',') }} -j ACCEPT"
|
|
|
|
when: iptables_manage | default(True)
|
|
|
|
tags: [firewall,unifi]
|
|
|
|
|
|
|
|
- name: Check if a config file already exists
|
|
|
|
stat: path={{ unifi_root_dir }}/app/data/system.properties
|
|
|
|
register: unifi_config
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Init config file
|
|
|
|
copy: content="is_default=true" dest={{ unifi_root_dir }}/app/data/system.properties owner=unifi group=unifi mode=640
|
|
|
|
when: not unifi_config.stat.exists
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Configure UniFi Controller
|
|
|
|
lineinfile:
|
|
|
|
path: "{{ unifi_root_dir }}/app/data/system.properties"
|
|
|
|
regexp: "^{{ item.option }}.*"
|
|
|
|
line: "{{ item.option }}={{ item.value }}"
|
|
|
|
with_items:
|
|
|
|
- option: unifi.xmx
|
|
|
|
value: 4096
|
|
|
|
- option: unifi.xms
|
|
|
|
value: 4096
|
|
|
|
- option: unifi.G1GC.enabled
|
|
|
|
value: 'true'
|
|
|
|
- option: autobackup.dir
|
|
|
|
value: "{{ unifi_root_dir }}/backup"
|
|
|
|
- option: unifi.http.port
|
|
|
|
value: "{{ unifi_http_port }}"
|
|
|
|
- option: unifi.https.port
|
|
|
|
value: "{{ unifi_https_port }}"
|
|
|
|
- option: portal.http.port
|
|
|
|
value: "{{ unifi_portal_http_port }}"
|
|
|
|
- option: portal.https.port
|
|
|
|
value: "{{ unifi_portal_https_port }}"
|
|
|
|
- option: uuid
|
|
|
|
value: "{{ inventory_hostname | to_uuid }}"
|
|
|
|
notify: restart unifi
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Deploy unit file
|
|
|
|
template: src=unifi.service.j2 dest=/etc/systemd/system/unifi.service
|
|
|
|
notify: restart unifi
|
|
|
|
register: unifi_unit
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Reload systemd
|
|
|
|
command: systemctl daemon-reload
|
|
|
|
when: unifi_unit.changed
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Deploy pre and post backup hooks
|
|
|
|
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/unifi mode=755
|
|
|
|
loop:
|
|
|
|
- pre
|
|
|
|
- post
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Start and enable the service
|
|
|
|
service: name=unifi state=started enabled=True
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Compress previous version
|
|
|
|
command: tar cf {{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}.tar.zst --use-compress-program=zstd ./
|
|
|
|
args:
|
|
|
|
chdir: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}"
|
|
|
|
warn: False
|
|
|
|
when: unifi_install_mode == 'upgrade'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Remove archive dir
|
|
|
|
file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=absent
|
|
|
|
when: unifi_install_mode == 'upgrade'
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Remove temp files
|
|
|
|
file: path={{ item }} state=absent
|
|
|
|
loop:
|
|
|
|
- "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
|
|
|
|
- "{{ unifi_root_dir }}/tmp/UniFi"
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- name: Write version installed
|
|
|
|
copy: content={{ unifi_version }} dest={{ unifi_root_dir }}/meta/ansible_version
|
|
|
|
tags: unifi
|
|
|
|
|
|
|
|
- include: filebeat.yml
|