Update to 2020-11-08 19:00

master
Daniel Berteaud 4 years ago
parent 314f6212cd
commit 50ad36a2d8
  1. 4
      roles/ampache/defaults/main.yml
  2. 2
      roles/ampache/meta/main.yml
  3. 76
      roles/ampache/tasks/main.yml
  4. 3
      roles/ampache/templates/post-backup.j2
  5. 7
      roles/ampache/templates/pre-backup.j2
  6. 111
      roles/grafana/tasks/main.yml
  7. 2
      roles/grafana/templates/grafana.ini.j2
  8. 11
      roles/repo_rpmfusion/tasks/main.yml
  9. 4
      roles/squid/files/acl/software_various.domains

@ -5,8 +5,8 @@ ampache_manage_upgrade: True
ampache_version: '4.2.4'
ampache_config_version: 45
ampache_zip_url: https://github.com/ampache/ampache/archive/{{ ampache_version }}.zip
ampache_zip_sha1: 8054e8772c0098eeda1702a40c693dbd20625c8a
ampache_zip_url: https://github.com/ampache/ampache/releases/download/{{ ampache_version }}/ampache-{{ ampache_version }}_all.zip
ampache_zip_sha1: 1cc7ee48af1970b40d596ae90c5f81a34c3aabe5
ampache_root_dir: /opt/ampache_{{ ampache_id }}

@ -1,6 +1,6 @@
---
allow_duplicates: true
dependencies:
- role: repo_nux_dextop
- role: httpd_php
- role: repo_rpmfusion
...

@ -4,13 +4,10 @@
yum:
name:
- unzip
- MySQL-python
- mariadb
- acl
- git
- composer
- patch
- ffmpeg
- mariadb
tags: ampache
- import_tasks: ../includes/create_system_user.yml
@ -37,22 +34,6 @@
when: ampache_install_mode == 'upgrade'
tags: ampache
- name: Download Ampache
get_url:
url: "{{ ampache_zip_url }}"
dest: "{{ ampache_root_dir }}/tmp/"
checksum: "sha1:{{ ampache_zip_sha1 }}"
when: ampache_install_mode != 'none'
tags: ampache
- name: Extract ampache archive
unarchive:
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
dest: "{{ ampache_root_dir }}/tmp"
remote_src: yes
when: ampache_install_mode != 'none'
tags: ampache
- name: Create directory structure
file: path={{ item }} state=directory
with_items:
@ -66,18 +47,33 @@
- "{{ ampache_root_dir }}/data/metadata"
- "{{ ampache_root_dir }}/data/music"
- "{{ ampache_root_dir }}/data/video"
- "{{ ampache_root_dir }}/db_dumps"
- "{{ ampache_root_dir }}/backup"
tags: ampache
- when: ampache_install_mode != 'none'
block:
- name: Create tmp dir
file: path={{ ampache_root_dir }}/tmp/ampache state=directory
- name: Download Ampache
get_url:
url: "{{ ampache_zip_url }}"
dest: "{{ ampache_root_dir }}/tmp/"
checksum: "sha1:{{ ampache_zip_sha1 }}"
- name: Extract ampache archive
unarchive:
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
dest: "{{ ampache_root_dir }}/tmp/ampache"
remote_src: yes
- name: Move files to the correct directory
synchronize:
src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}/"
src: "{{ ampache_root_dir }}/tmp/ampache/"
dest: "{{ ampache_root_dir }}/web/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: ampache_install_mode != 'none'
tags: ampache
- name: Check if htaccess files needs to be moved
@ -95,17 +91,6 @@
when: item.stat.exists
tags: ampache
- name: Install libs using composer
composer: command=install working_dir={{ ampache_root_dir }}/web executable={{ (ampache_php_version == '54') | ternary('/bin/php','/bin/php' ~ ampache_php_version ) }}
tags: ampache
- name: Remove temp files
file: path={{ item }} state=absent
with_items:
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}"
tags: ampache
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ ampache_root_dir }}/meta/key.txt"
@ -142,7 +127,7 @@
tags: ampache
- name: Upgrade SQL database
command: php{{ (ampache_php_version == '54') | ternary('', ampache_php_version) }} {{ ampache_root_dir }}/web/bin/install/update_db.inc
command: php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/install/update_db.inc
become_user: "{{ ampache_php_user }}"
when: ampache_install_mode == 'upgrade'
tags: ampache
@ -195,12 +180,10 @@
tags: ampache
- name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/ampache_{{ ampache_id }}_{{ item.script }} mode=750
with_items:
- script: dump_db
type: pre
- script: rm_dump
type: post
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/ampache_{{ ampache_id }} mode=750
loop:
- pre
- post
tags: ampache
- import_tasks: ../includes/webapps_compress_archive.yml
@ -215,4 +198,15 @@
- root_dir: "{{ ampache_root_dir }}"
- version: "{{ ampache_version }}"
tags: ampache
- name: Remove temp and obsolete files
file: path={{ item }} state=absent
with_items:
- "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
- "{{ ampache_root_dir }}/tmp/ampache/"
- "{{ ampache_root_dir }}/db_dumps"
- /etc/backup/pre.d/ampache_{{ ampache_id }}_dump_db
- /etc/backup/post.d/ampache_{{ ampache_id }}_rm_dump
tags: ampache
...

@ -0,0 +1,3 @@
#!/bin/sh
rm -f {{ ampache_root_dir }}/backup/*

@ -0,0 +1,7 @@
#!/bin/sh
/usr/bin/mysqldump --user={{ ampache_mysql_user | quote }} \
--password={{ ampache_mysql_pass | quote }} \
--host={{ ampache_mysql_server | quote }} \
--quick --single-transaction \
--add-drop-table {{ ampache_mysql_db | quote }} | zstd -c > {{ ampache_root_dir }}/backup/{{ ampache_mysql_db }}.sql.zst

@ -2,9 +2,11 @@
- name: Install grafana
yum: name=grafana state=present
register: grafana_install
tags: grafana
- name: Create unit snippet dir
file: path=/etc/systemd/system/grafana-server.service.d state=directory
tags: grafana
- name: Tune to restart indefinitely
copy:
@ -14,18 +16,12 @@
RestartSec=20
dest: /etc/systemd/system/grafana-server.service.d/restart.conf
register: grafana_unit
tags: grafana
- name: Reload systemd
systemd: daemon_reload=True
when: grafana_unit.changed
- name: Install MySQL support
yum: name=MySQL-python state=present
when: grafana_db_type == 'mysql'
- name: Install PostgreSQL support
yum: name=python-psycopg2 state=present
when: grafana_db_type == 'postgres'
tags: grafana
- name: Handle grafana port
iptables_raw:
@ -33,56 +29,27 @@
state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
- name: Generate a random pass for database
shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass
args:
creates: /etc/grafana/ansible_db_pass
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Restrict permission on db pass file
file: path=/etc/grafana/ansible_db_pass mode=600
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Read db password
command: cat /etc/grafana/ansible_db_pass
register: grafana_rand_db_pass
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Set db pass
set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
when:
- grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
- grafana_db_pass is not defined
- name: Create MySQL database
mysql_db:
name: "{{ grafana_db_name }}"
state: present
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
tags: grafana,firewall
- when: grafana_db_pass is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: /etc/grafana/ansible_db_pass
- set_fact: grafana_db_pass={{ rand_pass }}
tags: grafana
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ grafana_db_name }}"
- db_user: "{{ grafana_db_user }}"
- db_server: "{{ grafana_db_server }}"
- db_pass: "{{ grafana_db_pass }}"
when: grafana_db_type == 'mysql'
tags: grafana
- name: Create MySQL User
mysql_user:
name: "{{ grafana_db_user | default('grafana') }}"
password: "{{ grafana_db_pass }}"
priv: "{{ grafana_db_name | default('grafana') }}.*:ALL"
host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}"
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
when: grafana_db_type == 'mysql'
with_items: "{{ ansible_all_ipv4_addresses }}"
- when: grafana_db_type == 'postgres'
block:
- name: Create the PostgreSQL role
postgresql_user:
name: "{{ grafana_db_user }}"
@ -90,7 +57,6 @@
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'postgres'
- name: Create the PostgreSQL database
postgresql_db:
@ -103,20 +69,14 @@
login_host: "{{ grafana_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
when: grafana_db_type == 'postgres'
tags: grafana
- name: Generate a secret key
shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
args:
creates: /etc/grafana/ansible_secret_key
- name: Restrict permission on the secret key file
file: path=/etc/grafana/ansible_secret_key mode=600
- name: Read the secret key
command: cat /etc/grafana/ansible_secret_key
register: grafana_secret_key
changed_when: False
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: /etc/grafana/ansible_secret_key
- set_fact: grafana_secret_key={{ rand_pass }}
tags: grafana
- name: Deploy grafana configuration
template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
@ -124,42 +84,51 @@
- grafana.ini
- ldap.toml
notify: restart grafana
tags: grafana
- name: Build a list of installed plugins
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
register: grafana_installed_plugins
changed_when: False
tags: grafana
- name: Remove unmanaged plugins
command: grafana-cli plugins uninstall {{ item }}
with_items: "{{ grafana_installed_plugins.stdout_lines }}"
when: item not in grafana_plugins
notify: restart grafana
tags: grafana
- name: Install plugins
command: grafana-cli plugins install {{ item }}
with_items: "{{ grafana_plugins }}"
when: item not in grafana_installed_plugins.stdout_lines
notify: restart grafana
tags: grafana
- name: Check installed plugins versions
shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_installed_plugins_versions
changed_when: False
tags: grafana
- name: Check available plugins versions
shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
register: grafana_remote_plugins_versions
changed_when: False
tags: grafana
- name: Update grafana plugins
command: grafana-cli plugins update-all
when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
notify: restart grafana
tags: grafana
- name: Start and enable the service
service: name=grafana-server state=started enabled=yes
service: name=grafana-server state=started enabled=True
tags: grafana
- name: Change admin password to a random one
command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
when: grafana_install.changed
tags: grafana

@ -29,7 +29,7 @@ reporting_enabled = {{ grafana_reporting | ternary('true', 'false') }}
check_for_updates = {{ grafana_check_for_updates | ternary('true', 'false') }}
[security]
secret_key = {{ grafana_secret_key.stdout }}
secret_key = {{ grafana_secret_key }}
[snapshots]

@ -0,0 +1,11 @@
---
- name: Configure rpm fusion repository
yum_repository:
name: rpmfusion-free-updates
file: rpmfusion
description: RPM Fusion for EL - Free - Updates
baseurl: http://download1.rpmfusion.org/free/el/updates/$releasever/$basearch/
gpgcheck: True
gpgkey: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-el-$releasever
tags: repo

@ -321,3 +321,7 @@ openresty.org
# Tiny Tiny RSS
tt-rss.org
# RPM Fusion
rpmfusion.org
download1.rpmfusion.org

Loading…
Cancel
Save