From 50ad36a2d811ce14a591b2d8a74ccdb97742815c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sun, 8 Nov 2020 19:00:07 +0100 Subject: [PATCH] Update to 2020-11-08 19:00 --- roles/ampache/defaults/main.yml | 4 +- roles/ampache/meta/main.yml | 2 +- roles/ampache/tasks/main.yml | 94 +++++++-------- roles/ampache/templates/post-backup.j2 | 3 + roles/ampache/templates/pre-backup.j2 | 7 ++ roles/grafana/tasks/main.yml | 153 ++++++++++--------------- roles/grafana/templates/grafana.ini.j2 | 2 +- roles/repo_rpmfusion/tasks/main.yml | 11 ++ roles/squid/files/acl/software_various.domains | 4 + 9 files changed, 134 insertions(+), 146 deletions(-) create mode 100644 roles/ampache/templates/post-backup.j2 create mode 100644 roles/ampache/templates/pre-backup.j2 create mode 100644 roles/repo_rpmfusion/tasks/main.yml diff --git a/roles/ampache/defaults/main.yml b/roles/ampache/defaults/main.yml index 0de404c..fd7ffcb 100644 --- a/roles/ampache/defaults/main.yml +++ b/roles/ampache/defaults/main.yml @@ -5,8 +5,8 @@ ampache_manage_upgrade: True ampache_version: '4.2.4' ampache_config_version: 45 -ampache_zip_url: https://github.com/ampache/ampache/archive/{{ ampache_version }}.zip -ampache_zip_sha1: 8054e8772c0098eeda1702a40c693dbd20625c8a +ampache_zip_url: https://github.com/ampache/ampache/releases/download/{{ ampache_version }}/ampache-{{ ampache_version }}_all.zip +ampache_zip_sha1: 1cc7ee48af1970b40d596ae90c5f81a34c3aabe5 ampache_root_dir: /opt/ampache_{{ ampache_id }} diff --git a/roles/ampache/meta/main.yml b/roles/ampache/meta/main.yml index 9feb30b..9fed297 100644 --- a/roles/ampache/meta/main.yml +++ b/roles/ampache/meta/main.yml @@ -1,6 +1,6 @@ --- allow_duplicates: true dependencies: - - role: repo_nux_dextop - role: httpd_php + - role: repo_rpmfusion ... diff --git a/roles/ampache/tasks/main.yml b/roles/ampache/tasks/main.yml index 14aaf70..2165787 100644 --- a/roles/ampache/tasks/main.yml +++ b/roles/ampache/tasks/main.yml @@ -4,13 +4,10 @@ yum: name: - unzip - - MySQL-python - - mariadb - acl - git - - composer - - patch - ffmpeg + - mariadb tags: ampache - import_tasks: ../includes/create_system_user.yml @@ -37,22 +34,6 @@ when: ampache_install_mode == 'upgrade' tags: ampache -- name: Download Ampache - get_url: - url: "{{ ampache_zip_url }}" - dest: "{{ ampache_root_dir }}/tmp/" - checksum: "sha1:{{ ampache_zip_sha1 }}" - when: ampache_install_mode != 'none' - tags: ampache - -- name: Extract ampache archive - unarchive: - src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip" - dest: "{{ ampache_root_dir }}/tmp" - remote_src: yes - when: ampache_install_mode != 'none' - tags: ampache - - name: Create directory structure file: path={{ item }} state=directory with_items: @@ -66,18 +47,33 @@ - "{{ ampache_root_dir }}/data/metadata" - "{{ ampache_root_dir }}/data/music" - "{{ ampache_root_dir }}/data/video" - - "{{ ampache_root_dir }}/db_dumps" - tags: ampache - - -- name: Move files to the correct directory - synchronize: - src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}/" - dest: "{{ ampache_root_dir }}/web/" - recursive: True - delete: True - delegate_to: "{{ inventory_hostname }}" - when: ampache_install_mode != 'none' + - "{{ ampache_root_dir }}/backup" + tags: ampache + +- when: ampache_install_mode != 'none' + block: + - name: Create tmp dir + file: path={{ ampache_root_dir }}/tmp/ampache state=directory + + - name: Download Ampache + get_url: + url: "{{ ampache_zip_url }}" + dest: "{{ ampache_root_dir }}/tmp/" + checksum: "sha1:{{ ampache_zip_sha1 }}" + + - name: Extract ampache archive + unarchive: + src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip" + dest: "{{ ampache_root_dir }}/tmp/ampache" + remote_src: yes + + - name: Move files to the correct directory + synchronize: + src: "{{ ampache_root_dir }}/tmp/ampache/" + dest: "{{ ampache_root_dir }}/web/" + recursive: True + delete: True + delegate_to: "{{ inventory_hostname }}" tags: ampache - name: Check if htaccess files needs to be moved @@ -95,17 +91,6 @@ when: item.stat.exists tags: ampache -- name: Install libs using composer - composer: command=install working_dir={{ ampache_root_dir }}/web executable={{ (ampache_php_version == '54') | ternary('/bin/php','/bin/php' ~ ampache_php_version ) }} - tags: ampache - -- name: Remove temp files - file: path={{ item }} state=absent - with_items: - - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip" - - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}" - tags: ampache - - import_tasks: ../includes/get_rand_pass.yml vars: - pass_file: "{{ ampache_root_dir }}/meta/key.txt" @@ -142,7 +127,7 @@ tags: ampache - name: Upgrade SQL database - command: php{{ (ampache_php_version == '54') | ternary('', ampache_php_version) }} {{ ampache_root_dir }}/web/bin/install/update_db.inc + command: php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/install/update_db.inc become_user: "{{ ampache_php_user }}" when: ampache_install_mode == 'upgrade' tags: ampache @@ -195,12 +180,10 @@ tags: ampache - name: Deploy backup scripts - template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/ampache_{{ ampache_id }}_{{ item.script }} mode=750 - with_items: - - script: dump_db - type: pre - - script: rm_dump - type: post + template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/ampache_{{ ampache_id }} mode=750 + loop: + - pre + - post tags: ampache - import_tasks: ../includes/webapps_compress_archive.yml @@ -215,4 +198,15 @@ - root_dir: "{{ ampache_root_dir }}" - version: "{{ ampache_version }}" tags: ampache + +- name: Remove temp and obsolete files + file: path={{ item }} state=absent + with_items: + - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip" + - "{{ ampache_root_dir }}/tmp/ampache/" + - "{{ ampache_root_dir }}/db_dumps" + - /etc/backup/pre.d/ampache_{{ ampache_id }}_dump_db + - /etc/backup/post.d/ampache_{{ ampache_id }}_rm_dump + tags: ampache + ... diff --git a/roles/ampache/templates/post-backup.j2 b/roles/ampache/templates/post-backup.j2 new file mode 100644 index 0000000..545c87c --- /dev/null +++ b/roles/ampache/templates/post-backup.j2 @@ -0,0 +1,3 @@ +#!/bin/sh + +rm -f {{ ampache_root_dir }}/backup/* diff --git a/roles/ampache/templates/pre-backup.j2 b/roles/ampache/templates/pre-backup.j2 new file mode 100644 index 0000000..1d0de63 --- /dev/null +++ b/roles/ampache/templates/pre-backup.j2 @@ -0,0 +1,7 @@ +#!/bin/sh + +/usr/bin/mysqldump --user={{ ampache_mysql_user | quote }} \ + --password={{ ampache_mysql_pass | quote }} \ + --host={{ ampache_mysql_server | quote }} \ + --quick --single-transaction \ + --add-drop-table {{ ampache_mysql_db | quote }} | zstd -c > {{ ampache_root_dir }}/backup/{{ ampache_mysql_db }}.sql.zst diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index e739bc4..3c11b81 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -2,9 +2,11 @@ - name: Install grafana yum: name=grafana state=present register: grafana_install + tags: grafana - name: Create unit snippet dir file: path=/etc/systemd/system/grafana-server.service.d state=directory + tags: grafana - name: Tune to restart indefinitely copy: @@ -14,18 +16,12 @@ RestartSec=20 dest: /etc/systemd/system/grafana-server.service.d/restart.conf register: grafana_unit + tags: grafana - name: Reload systemd systemd: daemon_reload=True when: grafana_unit.changed - -- name: Install MySQL support - yum: name=MySQL-python state=present - when: grafana_db_type == 'mysql' - -- name: Install PostgreSQL support - yum: name=python-psycopg2 state=present - when: grafana_db_type == 'postgres' + tags: grafana - name: Handle grafana port iptables_raw: @@ -33,90 +29,54 @@ state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) - -- name: Generate a random pass for database - shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass - args: - creates: /etc/grafana/ansible_db_pass - when: - - grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - - grafana_db_pass is not defined - -- name: Restrict permission on db pass file - file: path=/etc/grafana/ansible_db_pass mode=600 - when: - - grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - - grafana_db_pass is not defined - -- name: Read db password - command: cat /etc/grafana/ansible_db_pass - register: grafana_rand_db_pass - when: - - grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - - grafana_db_pass is not defined - -- name: Set db pass - set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }} - when: - - grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - - grafana_db_pass is not defined - -- name: Create MySQL database - mysql_db: - name: "{{ grafana_db_name }}" - state: present - login_host: "{{ grafana_db_server }}" - login_user: sqladmin - login_password: "{{ mysql_admin_pass }}" + tags: grafana,firewall + +- when: grafana_db_pass is not defined + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: /etc/grafana/ansible_db_pass + - set_fact: grafana_db_pass={{ rand_pass }} + tags: grafana + +- import_tasks: ../includes/webapps_create_mysql_db.yml + vars: + - db_name: "{{ grafana_db_name }}" + - db_user: "{{ grafana_db_user }}" + - db_server: "{{ grafana_db_server }}" + - db_pass: "{{ grafana_db_pass }}" when: grafana_db_type == 'mysql' - -- name: Create MySQL User - mysql_user: - name: "{{ grafana_db_user | default('grafana') }}" - password: "{{ grafana_db_pass }}" - priv: "{{ grafana_db_name | default('grafana') }}.*:ALL" - host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}" - login_host: "{{ grafana_db_server }}" - login_user: sqladmin - login_password: "{{ mysql_admin_pass }}" - state: present - when: grafana_db_type == 'mysql' - with_items: "{{ ansible_all_ipv4_addresses }}" - -- name: Create the PostgreSQL role - postgresql_user: - name: "{{ grafana_db_user }}" - password: "{{ grafana_db_pass }}" - login_host: "{{ grafana_db_server }}" - login_user: sqladmin - login_password: "{{ pg_admin_pass }}" - when: grafana_db_type == 'postgres' - -- name: Create the PostgreSQL database - postgresql_db: - name: "{{ grafana_db_name }}" - encoding: UTF-8 - lc_collate: C - lc_ctype: C - template: template0 - owner: "{{ grafana_db_user }}" - login_host: "{{ grafana_db_server }}" - login_user: sqladmin - login_password: "{{ pg_admin_pass }}" - when: grafana_db_type == 'postgres' - -- name: Generate a secret key - shell: ?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key - args: - creates: /etc/grafana/ansible_secret_key - -- name: Restrict permission on the secret key file - file: path=/etc/grafana/ansible_secret_key mode=600 - -- name: Read the secret key - command: cat /etc/grafana/ansible_secret_key - register: grafana_secret_key - changed_when: False + tags: grafana + +- when: grafana_db_type == 'postgres' + block: + - name: Create the PostgreSQL role + postgresql_user: + name: "{{ grafana_db_user }}" + password: "{{ grafana_db_pass }}" + login_host: "{{ grafana_db_server }}" + login_user: sqladmin + login_password: "{{ pg_admin_pass }}" + + - name: Create the PostgreSQL database + postgresql_db: + name: "{{ grafana_db_name }}" + encoding: UTF-8 + lc_collate: C + lc_ctype: C + template: template0 + owner: "{{ grafana_db_user }}" + login_host: "{{ grafana_db_server }}" + login_user: sqladmin + login_password: "{{ pg_admin_pass }}" + tags: grafana + +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: /etc/grafana/ansible_secret_key + - set_fact: grafana_secret_key={{ rand_pass }} + tags: grafana - name: Deploy grafana configuration template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640 @@ -124,42 +84,51 @@ - grafana.ini - ldap.toml notify: restart grafana + tags: grafana - name: Build a list of installed plugins shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"' register: grafana_installed_plugins changed_when: False + tags: grafana - name: Remove unmanaged plugins command: grafana-cli plugins uninstall {{ item }} with_items: "{{ grafana_installed_plugins.stdout_lines }}" when: item not in grafana_plugins notify: restart grafana + tags: grafana - name: Install plugins command: grafana-cli plugins install {{ item }} with_items: "{{ grafana_plugins }}" when: item not in grafana_installed_plugins.stdout_lines notify: restart grafana + tags: grafana - name: Check installed plugins versions shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"' register: grafana_installed_plugins_versions changed_when: False + tags: grafana - name: Check available plugins versions shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"' register: grafana_remote_plugins_versions changed_when: False + tags: grafana - name: Update grafana plugins command: grafana-cli plugins update-all when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines) notify: restart grafana + tags: grafana - name: Start and enable the service - service: name=grafana-server state=started enabled=yes + service: name=grafana-server state=started enabled=True + tags: grafana - name: Change admin password to a random one command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33) when: grafana_install.changed + tags: grafana diff --git a/roles/grafana/templates/grafana.ini.j2 b/roles/grafana/templates/grafana.ini.j2 index e92e989..3ec64be 100644 --- a/roles/grafana/templates/grafana.ini.j2 +++ b/roles/grafana/templates/grafana.ini.j2 @@ -29,7 +29,7 @@ reporting_enabled = {{ grafana_reporting | ternary('true', 'false') }} check_for_updates = {{ grafana_check_for_updates | ternary('true', 'false') }} [security] -secret_key = {{ grafana_secret_key.stdout }} +secret_key = {{ grafana_secret_key }} [snapshots] diff --git a/roles/repo_rpmfusion/tasks/main.yml b/roles/repo_rpmfusion/tasks/main.yml new file mode 100644 index 0000000..fb9aa21 --- /dev/null +++ b/roles/repo_rpmfusion/tasks/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Configure rpm fusion repository + yum_repository: + name: rpmfusion-free-updates + file: rpmfusion + description: RPM Fusion for EL - Free - Updates + baseurl: http://download1.rpmfusion.org/free/el/updates/$releasever/$basearch/ + gpgcheck: True + gpgkey: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-el-$releasever + tags: repo diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains index fd87fac..27f5106 100644 --- a/roles/squid/files/acl/software_various.domains +++ b/roles/squid/files/acl/software_various.domains @@ -321,3 +321,7 @@ openresty.org # Tiny Tiny RSS tt-rss.org + +# RPM Fusion +rpmfusion.org +download1.rpmfusion.org