Update to 2020-11-08 19:00

master
Daniel Berteaud 4 years ago
parent 314f6212cd
commit 50ad36a2d8
  1. 4
      roles/ampache/defaults/main.yml
  2. 2
      roles/ampache/meta/main.yml
  3. 94
      roles/ampache/tasks/main.yml
  4. 3
      roles/ampache/templates/post-backup.j2
  5. 7
      roles/ampache/templates/pre-backup.j2
  6. 153
      roles/grafana/tasks/main.yml
  7. 2
      roles/grafana/templates/grafana.ini.j2
  8. 11
      roles/repo_rpmfusion/tasks/main.yml
  9. 4
      roles/squid/files/acl/software_various.domains

@ -5,8 +5,8 @@ ampache_manage_upgrade: True
ampache_version: '4.2.4' ampache_version: '4.2.4'
ampache_config_version: 45 ampache_config_version: 45
ampache_zip_url: https://github.com/ampache/ampache/archive/{{ ampache_version }}.zip ampache_zip_url: https://github.com/ampache/ampache/releases/download/{{ ampache_version }}/ampache-{{ ampache_version }}_all.zip
ampache_zip_sha1: 8054e8772c0098eeda1702a40c693dbd20625c8a ampache_zip_sha1: 1cc7ee48af1970b40d596ae90c5f81a34c3aabe5
ampache_root_dir: /opt/ampache_{{ ampache_id }} ampache_root_dir: /opt/ampache_{{ ampache_id }}

@ -1,6 +1,6 @@
--- ---
allow_duplicates: true allow_duplicates: true
dependencies: dependencies:
- role: repo_nux_dextop
- role: httpd_php - role: httpd_php
- role: repo_rpmfusion
... ...

@ -4,13 +4,10 @@
yum: yum:
name: name:
- unzip - unzip
- MySQL-python
- mariadb
- acl - acl
- git - git
- composer
- patch
- ffmpeg - ffmpeg
- mariadb
tags: ampache tags: ampache
- import_tasks: ../includes/create_system_user.yml - import_tasks: ../includes/create_system_user.yml
@ -37,22 +34,6 @@
when: ampache_install_mode == 'upgrade' when: ampache_install_mode == 'upgrade'
tags: ampache tags: ampache
- name: Download Ampache
get_url:
url: "{{ ampache_zip_url }}"
dest: "{{ ampache_root_dir }}/tmp/"
checksum: "sha1:{{ ampache_zip_sha1 }}"
when: ampache_install_mode != 'none'
tags: ampache
- name: Extract ampache archive
unarchive:
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
dest: "{{ ampache_root_dir }}/tmp"
remote_src: yes
when: ampache_install_mode != 'none'
tags: ampache
- name: Create directory structure - name: Create directory structure
file: path={{ item }} state=directory file: path={{ item }} state=directory
with_items: with_items:
@ -66,18 +47,33 @@
- "{{ ampache_root_dir }}/data/metadata" - "{{ ampache_root_dir }}/data/metadata"
- "{{ ampache_root_dir }}/data/music" - "{{ ampache_root_dir }}/data/music"
- "{{ ampache_root_dir }}/data/video" - "{{ ampache_root_dir }}/data/video"
- "{{ ampache_root_dir }}/db_dumps" - "{{ ampache_root_dir }}/backup"
tags: ampache tags: ampache
- when: ampache_install_mode != 'none'
- name: Move files to the correct directory block:
synchronize: - name: Create tmp dir
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}/" file: path={{ ampache_root_dir }}/tmp/ampache state=directory
dest: "{{ ampache_root_dir }}/web/"
recursive: True - name: Download Ampache
delete: True get_url:
delegate_to: "{{ inventory_hostname }}" url: "{{ ampache_zip_url }}"
when: ampache_install_mode != 'none' dest: "{{ ampache_root_dir }}/tmp/"
checksum: "sha1:{{ ampache_zip_sha1 }}"
- name: Extract ampache archive
unarchive:
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
dest: "{{ ampache_root_dir }}/tmp/ampache"
remote_src: yes
- name: Move files to the correct directory
synchronize:
src: "{{ ampache_root_dir }}/tmp/ampache/"
dest: "{{ ampache_root_dir }}/web/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
tags: ampache tags: ampache
- name: Check if htaccess files needs to be moved - name: Check if htaccess files needs to be moved
@ -95,17 +91,6 @@
when: item.stat.exists when: item.stat.exists
tags: ampache tags: ampache
- name: Install libs using composer
composer: command=install working_dir={{ ampache_root_dir }}/web executable={{ (ampache_php_version == '54') | ternary('/bin/php','/bin/php' ~ ampache_php_version ) }}
tags: ampache
- name: Remove temp files
file: path={{ item }} state=absent
with_items:
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}"
tags: ampache
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ ampache_root_dir }}/meta/key.txt" - pass_file: "{{ ampache_root_dir }}/meta/key.txt"
@ -142,7 +127,7 @@
tags: ampache tags: ampache
- name: Upgrade SQL database - name: Upgrade SQL database
command: php{{ (ampache_php_version == '54') | ternary('', ampache_php_version) }} {{ ampache_root_dir }}/web/bin/install/update_db.inc command: php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/install/update_db.inc
become_user: "{{ ampache_php_user }}" become_user: "{{ ampache_php_user }}"
when: ampache_install_mode == 'upgrade' when: ampache_install_mode == 'upgrade'
tags: ampache tags: ampache
@ -195,12 +180,10 @@
tags: ampache tags: ampache
- name: Deploy backup scripts - name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/ampache_{{ ampache_id }}_{{ item.script }} mode=750 template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/ampache_{{ ampache_id }} mode=750
with_items: loop:
- script: dump_db - pre
type: pre - post
- script: rm_dump
type: post
tags: ampache tags: ampache
- import_tasks: ../includes/webapps_compress_archive.yml - import_tasks: ../includes/webapps_compress_archive.yml
@ -215,4 +198,15 @@
- root_dir: "{{ ampache_root_dir }}" - root_dir: "{{ ampache_root_dir }}"
- version: "{{ ampache_version }}" - version: "{{ ampache_version }}"
tags: ampache tags: ampache
- name: Remove temp and obsolete files
file: path={{ item }} state=absent
with_items:
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
- "{{ ampache_root_dir }}/tmp/ampache/"
- "{{ ampache_root_dir }}/db_dumps"
- /etc/backup/pre.d/ampache_{{ ampache_id }}_dump_db
- /etc/backup/post.d/ampache_{{ ampache_id }}_rm_dump
tags: ampache
... ...

@ -0,0 +1,3 @@
#!/bin/sh
rm -f {{ ampache_root_dir }}/backup/*

@ -0,0 +1,7 @@
#!/bin/sh
/usr/bin/mysqldump --user={{ ampache_mysql_user | quote }} \
--password={{ ampache_mysql_pass | quote }} \
--host={{ ampache_mysql_server | quote }} \
--quick --single-transaction \
--add-drop-table {{ ampache_mysql_db | quote }} | zstd -c > {{ ampache_root_dir }}/backup/{{ ampache_mysql_db }}.sql.zst

@ -2,9 +2,11 @@
- name: Install grafana - name: Install grafana
yum: name=grafana state=present yum: name=grafana state=present
register: grafana_install register: grafana_install
tags: grafana
- name: Create unit snippet dir - name: Create unit snippet dir
file: path=/etc/systemd/system/grafana-server.service.d state=directory file: path=/etc/systemd/system/grafana-server.service.d state=directory
tags: grafana
- name: Tune to restart indefinitely - name: Tune to restart indefinitely
copy: copy:
@ -14,18 +16,12 @@
RestartSec=20 RestartSec=20
dest: /etc/systemd/system/grafana-server.service.d/restart.conf dest: /etc/systemd/system/grafana-server.service.d/restart.conf
register: grafana_unit register: grafana_unit
tags: grafana
- name: Reload systemd - name: Reload systemd
systemd: daemon_reload=True systemd: daemon_reload=True
when: grafana_unit.changed when: grafana_unit.changed
tags: grafana
- name: Install MySQL support
yum: name=MySQL-python state=present
when: grafana_db_type == 'mysql'
- name: Install PostgreSQL support
yum: name=python-psycopg2 state=present
when: grafana_db_type == 'postgres'
- name: Handle grafana port - name: Handle grafana port
iptables_raw: iptables_raw:
@ -33,90 +29,54 @@
state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}" state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True) when: iptables_manage | default(True)
tags: grafana,firewall
- name: Generate a random pass for database
shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass - when: grafana_db_pass is not defined
args: block:
creates: /etc/grafana/ansible_db_pass - import_tasks: ../includes/get_rand_pass.yml
when: vars:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - pass_file: /etc/grafana/ansible_db_pass
- grafana_db_pass is not defined - set_fact: grafana_db_pass={{ rand_pass }}
tags: grafana
- name: Restrict permission on db pass file
file: path=/etc/grafana/ansible_db_pass mode=600 - import_tasks: ../includes/webapps_create_mysql_db.yml
when: vars:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres' - db_name: "{{ grafana_db_name }}"
- grafana_db_pass is not defined - db_user: "{{ grafana_db_user }}"
- db_server: "{{ grafana_db_server }}"
- name: Read db password - db_pass: "{{ grafana_db_pass }}"
command: cat /etc/grafana/ansible_db_pass
register: grafana_rand_db_pass
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Set db pass
set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Create MySQL database
mysql_db:
name: "{{ grafana_db_name }}"
state: present
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when: grafana_db_type == 'mysql' when: grafana_db_type == 'mysql'
tags: grafana
- name: Create MySQL User
mysql_user: - when: grafana_db_type == 'postgres'
name: "{{ grafana_db_user | default('grafana') }}" block:
password: "{{ grafana_db_pass }}" - name: Create the PostgreSQL role
priv: "{{ grafana_db_name | default('grafana') }}.*:ALL" postgresql_user:
host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}" name: "{{ grafana_db_user }}"
login_host: "{{ grafana_db_server }}" password: "{{ grafana_db_pass }}"
login_user: sqladmin login_host: "{{ grafana_db_server }}"
login_password: "{{ mysql_admin_pass }}" login_user: sqladmin
state: present login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'mysql'
with_items: "{{ ansible_all_ipv4_addresses }}" - name: Create the PostgreSQL database
postgresql_db:
- name: Create the PostgreSQL role name: "{{ grafana_db_name }}"
postgresql_user: encoding: UTF-8
name: "{{ grafana_db_user }}" lc_collate: C
password: "{{ grafana_db_pass }}" lc_ctype: C
login_host: "{{ grafana_db_server }}" template: template0
login_user: sqladmin owner: "{{ grafana_db_user }}"
login_password: "{{ pg_admin_pass }}" login_host: "{{ grafana_db_server }}"
when: grafana_db_type == 'postgres' login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
- name: Create the PostgreSQL database tags: grafana
postgresql_db:
name: "{{ grafana_db_name }}" - block:
encoding: UTF-8 - import_tasks: ../includes/get_rand_pass.yml
lc_collate: C vars:
lc_ctype: C - pass_file: /etc/grafana/ansible_secret_key
template: template0 - set_fact: grafana_secret_key={{ rand_pass }}
owner: "{{ grafana_db_user }}" tags: grafana
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'postgres'
- name: Generate a secret key
shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
args:
creates: /etc/grafana/ansible_secret_key
- name: Restrict permission on the secret key file
file: path=/etc/grafana/ansible_secret_key mode=600
- name: Read the secret key
command: cat /etc/grafana/ansible_secret_key
register: grafana_secret_key
changed_when: False
- name: Deploy grafana configuration - name: Deploy grafana configuration
template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640 template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
@ -124,42 +84,51 @@
- grafana.ini - grafana.ini
- ldap.toml - ldap.toml
notify: restart grafana notify: restart grafana
tags: grafana
- name: Build a list of installed plugins - name: Build a list of installed plugins
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"' shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
register: grafana_installed_plugins register: grafana_installed_plugins
changed_when: False changed_when: False
tags: grafana
- name: Remove unmanaged plugins - name: Remove unmanaged plugins
command: grafana-cli plugins uninstall {{ item }} command: grafana-cli plugins uninstall {{ item }}
with_items: "{{ grafana_installed_plugins.stdout_lines }}" with_items: "{{ grafana_installed_plugins.stdout_lines }}"
when: item not in grafana_plugins when: item not in grafana_plugins
notify: restart grafana notify: restart grafana
tags: grafana
- name: Install plugins - name: Install plugins
command: grafana-cli plugins install {{ item }} command: grafana-cli plugins install {{ item }}
with_items: "{{ grafana_plugins }}" with_items: "{{ grafana_plugins }}"
when: item not in grafana_installed_plugins.stdout_lines when: item not in grafana_installed_plugins.stdout_lines
notify: restart grafana notify: restart grafana
tags: grafana
- name: Check installed plugins versions - name: Check installed plugins versions
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"' shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_installed_plugins_versions register: grafana_installed_plugins_versions
changed_when: False changed_when: False
tags: grafana
- name: Check available plugins versions - name: Check available plugins versions
shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"' shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_remote_plugins_versions register: grafana_remote_plugins_versions
changed_when: False changed_when: False
tags: grafana
- name: Update grafana plugins - name: Update grafana plugins
command: grafana-cli plugins update-all command: grafana-cli plugins update-all
when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines) when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
notify: restart grafana notify: restart grafana
tags: grafana
- name: Start and enable the service - name: Start and enable the service
service: name=grafana-server state=started enabled=yes service: name=grafana-server state=started enabled=True
tags: grafana
- name: Change admin password to a random one - name: Change admin password to a random one
command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33) command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
when: grafana_install.changed when: grafana_install.changed
tags: grafana

@ -29,7 +29,7 @@ reporting_enabled = {{ grafana_reporting | ternary('true', 'false') }}
check_for_updates = {{ grafana_check_for_updates | ternary('true', 'false') }} check_for_updates = {{ grafana_check_for_updates | ternary('true', 'false') }}
[security] [security]
secret_key = {{ grafana_secret_key.stdout }} secret_key = {{ grafana_secret_key }}
[snapshots] [snapshots]

@ -0,0 +1,11 @@
---
- name: Configure rpm fusion repository
yum_repository:
name: rpmfusion-free-updates
file: rpmfusion
description: RPM Fusion for EL - Free - Updates
baseurl: http://download1.rpmfusion.org/free/el/updates/$releasever/$basearch/
gpgcheck: True
gpgkey: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-el-$releasever
tags: repo

@ -321,3 +321,7 @@ openresty.org
# Tiny Tiny RSS # Tiny Tiny RSS
tt-rss.org tt-rss.org
# RPM Fusion
rpmfusion.org
download1.rpmfusion.org

Loading…
Cancel
Save