Update to 2021-02-11 20:00

master
Daniel Berteaud 4 years ago
parent c38264c49d
commit 370451fbe7
  1. 6
      roles/appsmith/defaults/main.yml
  2. 17
      roles/appsmith/tasks/conf.yml
  3. 1
      roles/appsmith/tasks/directories.yml
  4. 29
      roles/appsmith/tasks/facts.yml
  5. 5
      roles/appsmith/templates/env.j2
  6. 9
      roles/appsmith/templates/pre-backup.sh.j2
  7. 10
      roles/graylog/defaults/main.yml
  8. 2
      roles/graylog/tasks/archive_pre.yml
  9. 53
      roles/graylog/tasks/conf.yml
  10. 2
      roles/graylog/tasks/directories.yml
  11. 71
      roles/graylog/tasks/facts.yml
  12. 10
      roles/graylog/tasks/install.yml
  13. 2
      roles/graylog/templates/post-backup.j2
  14. 9
      roles/graylog/templates/pre-backup.j2
  15. 8
      roles/graylog/templates/server.conf.j2

@ -17,6 +17,12 @@ appsmith_user: appsmith
# appsmith needs a redis server and a mongodb one # appsmith needs a redis server and a mongodb one
appsmith_redis_url: redis://localhost:6379 appsmith_redis_url: redis://localhost:6379
# A random one will be created and stored in the meta directory if not defined here
appsmith_mongo_user: appsmith
# appsmith_mongo_pass: S3cr3t.
# Note: if appsmith_mongo_pass is defined, it'll be used with appsmith_mongo_user to connect, even if not indicated in appsmith_mongo_url
# Else, anonymous connection is made. By default, if you do not set appsmith_mongo_pass, a random one will be created
# If you insist on using anonymous connections, you should set appsmith_mongo_pass to False
appsmith_mongo_url: mongodb://localhost/appsmith?retryWrites=true appsmith_mongo_url: mongodb://localhost/appsmith?retryWrites=true
# appsmith server component # appsmith server component

@ -11,3 +11,20 @@
template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/appsmith.conf template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/appsmith.conf
notify: reload nginx notify: reload nginx
tags: appsmith tags: appsmith
- name: Create the mongodb user
mongodb_user:
database: "{{ appsmith_mongo_url | urlsplit('path') | regex_replace('^\\/', '') }}"
name: "{{ appsmith_mongo_user }}"
password: "{{ appsmith_mongo_pass }}"
login_database: admin
login_host: "{{ appsmith_mongo_url | urlsplit('hostname') }}"
login_port: "{{ appsmith_mongo_url | urlsplit('port') | ternary(appsmith_mongo_url | urlsplit('port'),omit) }}"
login_user: mongoadmin
login_password: "{{ mongo_admin_pass }}"
roles:
- readWrite
when:
- appsmith_mongo_pass is defined
- appsmith_mongo_pass != False
tags: appsmith

@ -4,6 +4,7 @@
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
loop: loop:
- dir: "{{ appsmith_root_dir }}" - dir: "{{ appsmith_root_dir }}"
mode: 755
- dir: "{{ appsmith_root_dir }}/archives" - dir: "{{ appsmith_root_dir }}/archives"
mode: 700 mode: 700
- dir: "{{ appsmith_root_dir }}/backup" - dir: "{{ appsmith_root_dir }}/backup"

@ -30,3 +30,32 @@
when: appsmith_encryption_salt is not defined when: appsmith_encryption_salt is not defined
tags: appsmith tags: appsmith
- set_fact: appsmith_mongo_pass={{ appsmith_mongo_url | urlsplit('password') | urldecode }}
when:
- appsmith_mongo_pass is not defined
- appsmith_mongo_url | urlsplit('password') is string
tags: mongo
# Create a random password for mongo
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ appsmith_root_dir }}/meta/ansible_mongo_pass"
- set_fact: appsmith_mongo_pass={{ rand_pass }}
when: appsmith_mongo_pass is not defined
tags: appsmith
# Try to read mongo admin pass
- name: Check if mongo pass file exists
stat: path=/root/.mongo.pw
register: appsmith_mongo_pw
tags: appsmith
- when: appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined
block:
- slurp: src=/root/.mongo.pw
register: appsmith_mongo_admin_pass
- set_fact: mongo_admin_pass={{ appsmith_mongo_admin_pass.content | b64decode | trim }}
tags: appsmith
- fail: msg='mongo_admin_pass must be provided'
when: not appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined
tags: appsmith

@ -9,7 +9,12 @@ APPSMITH_MAIL_USERNAME={{ appsmith_email_user }}
APPSMITH_MAIL_PASSWORD={{ appsmith_email_pass }} APPSMITH_MAIL_PASSWORD={{ appsmith_email_pass }}
{% endif %} {% endif %}
APPSMITH_REDIS_URL={{ appsmith_redis_url }} APPSMITH_REDIS_URL={{ appsmith_redis_url }}
{% if appsmith_mongo_user is defined and appsmith_mongo_pass is defined and appsmith_mongo_pass != False %}
{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %}
APPSMITH_MONGODB_URI={{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }}
{% else %}
APPSMITH_MONGODB_URI={{ appsmith_mongo_url }} APPSMITH_MONGODB_URI={{ appsmith_mongo_url }}
{% endif %}
APPSMITH_DISABLE_TELEMETRY=true APPSMITH_DISABLE_TELEMETRY=true
APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }} APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }}
APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }} APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }}

@ -1,3 +1,10 @@
#!/bin/bash -e #!/bin/bash -e
mongodump --uri {{ appsmith_mongo_url }} --out {{ appsmith_root_dir }}/backup mongodump \
{% if appsmith_mongo_pass is defined and appsmith_mongo_pass != False %}
{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %}
--uri {{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }} \
{% else %}
--uri {{ appsmith_mongo_url }} \
{% endif %}
--out {{ appsmith_root_dir }}/backup

@ -42,7 +42,15 @@ graylog_es_hosts:
- http://localhost:9200 - http://localhost:9200
graylog_es_cluster_name: elasticsearch graylog_es_cluster_name: elasticsearch
graylog_mongodb_uri: graylog_mongo_user: graylog
# A random one will be created if not set. To make anonymous connections, set it to False
# If you use more than 1 mongo URL, then no password will be created, mongo user must be created manually
# and configured in the url
#graylog_mongo_pass: S3cRet.
# Note: if graylog_mongo_pass is defined, it'll be used with graylog_mongo_user to connect, even if not indicated in graylog_mongo_url
# Else, anonymous connection is made. By default, if you do not set graylog_mongo_pass, a random one will be created
# If you insist on using anonymous connections, you should set graylog_mongo_pass to False
graylog_mongo_url:
- mongodb://localhost/graylog - mongodb://localhost/graylog
# Max size of Graylog journal, in GB # Max size of Graylog journal, in GB

@ -14,5 +14,5 @@
tags: graylog tags: graylog
- name: Archive mongo database - name: Archive mongo database
command: mongodump --quiet --out {{ graylog_root_dir }}/archives/{{ graylog_current_version }}/mongo --uri {{ graylog_mongodb_uri[0] }} command: mongodump --quiet --out {{ graylog_root_dir }}/archives/{{ graylog_current_version }}/mongo --uri {{ graylog_mongo_url[0] }}
tags: graylog tags: graylog

@ -1,33 +1,5 @@
--- ---
- name: Remove randomly generated admin password
file: path={{ graylog_root_dir }}/meta/admin_pass state=absent
when: graylog_admin_pass is defined
tags: graylog
- name: Remove randomly generated password secret
file: path={{ graylog_root_dir }}/meta/pass_secret state=absent
when: graylog_pass_secret is defined
tags: graylog
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ graylog_root_dir }}/meta/pass_secret"
when: graylog_pass_secret is not defined
tags: graylog
- set_fact: graylog_pass_secret={{ rand_pass }}
when: graylog_pass_secret is not defined
tags: graylog
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ graylog_root_dir }}/meta/admin_pass"
when: graylog_admin_pass is not defined
tags: graylog
- set_fact: graylog_admin_pass={{ rand_pass }}
when: graylog_admin_pass is not defined
tags: graylog
- name: Deploy configuration - name: Deploy configuration
template: src={{ item }}.j2 dest={{ graylog_root_dir }}/etc/{{ item }} group=graylog mode=640 template: src={{ item }}.j2 dest={{ graylog_root_dir }}/etc/{{ item }} group=graylog mode=640
loop: loop:
@ -36,12 +8,23 @@
notify: restart graylog-server notify: restart graylog-server
tags: graylog tags: graylog
- name: Deploy dehydrated hook - name: Create the mongodb user
template: src=dehydrated_deploy_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/graylog mode=755 mongodb_user:
when: graylog_letsencrypt_cert is defined database: "{{ item | urlsplit('path') | regex_replace('^\\/', '') }}"
name: "{{ graylog_mongo_user }}"
password: "{{ graylog_mongo_pass }}"
login_database: admin
login_host: "{{ item | urlsplit('hostname') }}"
login_port: "{{ item | urlsplit('port') | ternary(item | urlsplit('port'),omit) }}"
login_user: mongoadmin
login_password: "{{ mongo_admin_pass }}"
roles:
- readWrite
loop: "{{ graylog_mongo_url }}"
changed_when: False # the module is buggy and indicates a change even if there were none
when:
- graylog_mongo_url | length == 1
- graylog_mongo_pass is defined
- graylog_mongo_pass != False
tags: graylog tags: graylog
- name: Remove dehydrated hook
file: path=/etc/dehydrated/hooks_deploy_cert.d/graylog state=absent
when: graylog_letsencrypt_cert is not defined
tags: graylog

@ -34,4 +34,6 @@
owner: graylog owner: graylog
group: graylog group: graylog
mode: 700 mode: 700
- dir: backup
mode: 700
tags: graylog tags: graylog

@ -1,7 +1,6 @@
--- ---
# Detect if already installed, and if an upgrade is needed # Detect if already installed, and if an upgrade is needed
- import_tasks: ../includes/webapps_set_install_mode.yml - import_tasks: ../includes/webapps_set_install_mode.yml
vars: vars:
- root_dir: "{{ graylog_root_dir }}" - root_dir: "{{ graylog_root_dir }}"
@ -11,3 +10,73 @@
tags: graylog tags: graylog
- set_fact: graylog_current_version={{ current_version | default('') }} - set_fact: graylog_current_version={{ current_version | default('') }}
tags: graylog tags: graylog
# Try to read mongo admin pass
- name: Check if mongo pass file exists
stat: path=/root/.mongo.pw
register: graylog_mongo_pw
tags: graylog
- when: graylog_mongo_pw.stat.exists and mongo_admin_pass is not defined
block:
- slurp: src=/root/.mongo.pw
register: graylog_mongo_admin_pass
- set_fact: mongo_admin_pass={{ graylog_mongo_admin_pass.content | b64decode | trim }}
tags: graylog
- fail: msg='mongo_admin_pass must be provided'
when: not graylog_mongo_pw.stat.exists and mongo_admin_pass is not defined
tags: graylog
- name: Remove randomly generated admin password
file: path={{ graylog_root_dir }}/meta/admin_pass state=absent
when: graylog_admin_pass is defined
tags: graylog
- name: Remove randomly generated password secret
file: path={{ graylog_root_dir }}/meta/pass_secret state=absent
when: graylog_pass_secret is defined
tags: graylog
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ graylog_root_dir }}/meta/pass_secret"
when: graylog_pass_secret is not defined
tags: graylog
- set_fact: graylog_pass_secret={{ rand_pass }}
when: graylog_pass_secret is not defined
tags: graylog
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ graylog_root_dir }}/meta/admin_pass"
when: graylog_admin_pass is not defined
tags: graylog
- set_fact: graylog_admin_pass={{ rand_pass }}
when: graylog_admin_pass is not defined
tags: graylog
# If only one mongo url is given and graylog_mongo_pass is not defined,
# parse the password from the url, or generate one
- debug:
msg: |
graylog_mongo_url is '{{ graylog_mongo_url }}'
parsed pass is "{{ graylog_mongo_url[0] | urlsplit('password') }}"
tags: graylog
- name: Parse password from the first mongo URL
set_fact: graylog_mongo_pass={{ graylog_mongo_url[0] | urlsplit('password') | urldecode }}
when:
- graylog_mongo_url | length == 1
- graylog_mongo_pass is not defined
- graylog_mongo_url[0] | urlsplit('password') is string
tags: mongo
# Create a random password for mongo
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ graylog_root_dir }}/meta/mongo_pass"
- set_fact: graylog_mongo_pass={{ rand_pass }}
when:
- graylog_mongo_url | length == 1
- graylog_mongo_pass is not defined
tags: graylog

@ -103,3 +103,13 @@
- pre - pre
- post - post
tags: graylog tags: graylog
- name: Deploy dehydrated hook
template: src=dehydrated_deploy_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/graylog mode=755
when: graylog_letsencrypt_cert is defined
tags: graylog
- name: Remove dehydrated hook
file: path=/etc/dehydrated/hooks_deploy_cert.d/graylog state=absent
when: graylog_letsencrypt_cert is not defined
tags: graylog

@ -1,3 +1,3 @@
#!/bin/bash -e #!/bin/bash -e
rm -rf {{ graylog_root_dir }}/dumps/{mongo,es}/* rm -rf {{ graylog_root_dir }}/backup/{mongo,es}/*

@ -1,3 +1,10 @@
#!/bin/bash -e #!/bin/bash -e
mongodump --quiet --out {{ graylog_root_dir }}/dumps/mongo --uri {{ graylog_mongodb_uri[0] }} mongodump \
{% if graylog_mongo_url | length == 1 and graylog_mongo_pass is defined and graylog_mongo_pass != False %}
{% set graylog_mongo = graylog_mongo_url[0] | urlsplit %}
--uri {{ graylog_mongo['scheme'] }}://{{ graylog_mongo_user }}:{{ graylog_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ graylog_mongo['hostname'] }}{% if graylog_mongo['port'] %}:{{ graylog_mongo['port'] }}{% endif %}{{ graylog_mongo['path'] }}?{{ graylog_mongo['query'] }} \
{% else %}
--uri {{ graylog_mongo_url[0] }} \
{% endif %}
--quiet --out {{ graylog_root_dir }}/backup/mongo

@ -16,7 +16,13 @@ trusted_proxies = {% for host in graylog_http_src_ip %}{{ host }}{% if not host
{% endif %} {% endif %}
elasticsearch_hosts = {{ graylog_es_hosts | join(',') }} elasticsearch_hosts = {{ graylog_es_hosts | join(',') }}
elasticsearch_cluster_name = {{ graylog_es_cluster_name | default('elasticsearch') }} elasticsearch_cluster_name = {{ graylog_es_cluster_name | default('elasticsearch') }}
mongodb_uri = {{ graylog_mongodb_uri | join(',') }} {% if graylog_mongo_pass is defined and graylog_mongo_pass != False and graylog_mongo_url | length == 1 %}
mongodb_uri = {% for url in graylog_mongo_url %}{{ url | urlsplit('scheme') }}://{{ graylog_mongo_user }}:{{ graylog_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ url | urlsplit('hostname') }}{% if url | urlsplit('port') %}:{{ url | urlsplit('port') }}{% endif %}{{ url | urlsplit('path') }}{{ url | urlsplit('query') }}{% if not loop.last %},{% endif %}
{% endfor %}
{% else %}
mongodb_uri = {{ graylog_mongo_url | join(',') }}
{% endif %}
message_journal_enabled = true message_journal_enabled = true
transport_email_enabled = true transport_email_enabled = true

Loading…
Cancel
Save