Update to 2020-11-08 19:00

4 years ago · 50ad36a2d8
parent 314f6212cd
commit 50ad36a2d8
9 changed files with 134 additions and 146 deletions
--- a/roles/ampache/defaults/main.yml
+++ b/roles/ampache/defaults/main.yml
@ -5,8 +5,8 @@ ampache_manage_upgrade: True

 ampache_version: '4.2.4'
 ampache_config_version: 45
-ampache_zip_url: https://github.com/ampache/ampache/archive/{{ ampache_version }}.zip
-ampache_zip_sha1: 8054e8772c0098eeda1702a40c693dbd20625c8a
+ampache_zip_url: https://github.com/ampache/ampache/releases/download/{{ ampache_version }}/ampache-{{ ampache_version }}_all.zip
+ampache_zip_sha1: 1cc7ee48af1970b40d596ae90c5f81a34c3aabe5

 ampache_root_dir: /opt/ampache_{{ ampache_id }}

--- a/roles/ampache/meta/main.yml
+++ b/roles/ampache/meta/main.yml
@ -1,6 +1,6 @@
 ---
 allow_duplicates: true
 dependencies:
-  - role: repo_nux_dextop
  - role: httpd_php
+  - role: repo_rpmfusion
 ...
--- a/roles/ampache/tasks/main.yml
+++ b/roles/ampache/tasks/main.yml
@ -4,13 +4,10 @@
  yum:
    name:
      - unzip
-      - MySQL-python
-      - mariadb
      - acl
      - git
-      - composer
-      - patch
      - ffmpeg
+      - mariadb
  tags: ampache

 - import_tasks: ../includes/create_system_user.yml
@ -37,22 +34,6 @@
  when: ampache_install_mode == 'upgrade'
  tags: ampache

- name: Download Ampache
-  get_url:
-    url: "{{ ampache_zip_url }}"
-    dest: "{{ ampache_root_dir }}/tmp/"
-    checksum: "sha1:{{ ampache_zip_sha1 }}"
-  when: ampache_install_mode != 'none'
-  tags: ampache
-
- name: Extract ampache archive
-  unarchive:
-    src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
-    dest: "{{ ampache_root_dir }}/tmp"
-    remote_src: yes
-  when: ampache_install_mode != 'none'
-  tags: ampache
-
 - name: Create directory structure
  file: path={{ item }} state=directory
  with_items:
@ -66,18 +47,33 @@
    - "{{ ampache_root_dir }}/data/metadata"
    - "{{ ampache_root_dir }}/data/music"
    - "{{ ampache_root_dir }}/data/video"
-    - "{{ ampache_root_dir }}/db_dumps"
-  tags: ampache
-
-
- name: Move files to the correct directory
-  synchronize:
-    src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}/"
-    dest: "{{ ampache_root_dir }}/web/"
-    recursive: True
-    delete: True
-  delegate_to: "{{ inventory_hostname }}"
-  when: ampache_install_mode != 'none'
+    - "{{ ampache_root_dir }}/backup"
+  tags: ampache
+
+- when: ampache_install_mode != 'none'
+  block:
+    - name: Create tmp dir
+      file: path={{ ampache_root_dir }}/tmp/ampache state=directory
+
+    - name: Download Ampache
+      get_url:
+        url: "{{ ampache_zip_url }}"
+        dest: "{{ ampache_root_dir }}/tmp/"
+        checksum: "sha1:{{ ampache_zip_sha1 }}"
+    
+    - name: Extract ampache archive
+      unarchive:
+        src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
+        dest: "{{ ampache_root_dir }}/tmp/ampache"
+        remote_src: yes
+    
+    - name: Move files to the correct directory
+      synchronize:
+        src: "{{ ampache_root_dir }}/tmp/ampache/"
+        dest: "{{ ampache_root_dir }}/web/"
+        recursive: True
+        delete: True
+      delegate_to: "{{ inventory_hostname }}"
  tags: ampache

 - name: Check if htaccess files needs to be moved
@ -95,17 +91,6 @@
  when: item.stat.exists
  tags: ampache

- name: Install libs using composer
-  composer: command=install working_dir={{ ampache_root_dir }}/web executable={{ (ampache_php_version == '54') | ternary('/bin/php','/bin/php' ~ ampache_php_version ) }}
-  tags: ampache
-
- name: Remove temp files
-  file: path={{ item }} state=absent
-  with_items:
-    - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}.zip"
-    - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}"
-  tags: ampache
-
 - import_tasks: ../includes/get_rand_pass.yml
  vars:
    - pass_file: "{{ ampache_root_dir }}/meta/key.txt"
@ -142,7 +127,7 @@
  tags: ampache

 - name: Upgrade SQL database
-  command: php{{ (ampache_php_version == '54') | ternary('', ampache_php_version) }} {{ ampache_root_dir }}/web/bin/install/update_db.inc
+  command: php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/install/update_db.inc
  become_user: "{{ ampache_php_user }}"
  when: ampache_install_mode == 'upgrade'
  tags: ampache
@ -195,12 +180,10 @@
  tags: ampache

 - name: Deploy backup scripts
-  template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/ampache_{{ ampache_id }}_{{ item.script }} mode=750
-  with_items:
-    - script: dump_db
-      type: pre
-    - script: rm_dump
-      type: post
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/ampache_{{ ampache_id }} mode=750
+  loop:
+    - pre
+    - post
  tags: ampache

 - import_tasks: ../includes/webapps_compress_archive.yml
@ -215,4 +198,15 @@
    - root_dir: "{{ ampache_root_dir }}"
    - version: "{{ ampache_version }}"
  tags: ampache
+
+- name: Remove temp and obsolete files
+  file: path={{ item }} state=absent
+  with_items:
+    - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip"
+    - "{{ ampache_root_dir }}/tmp/ampache/"
+    - "{{ ampache_root_dir }}/db_dumps"
+    - /etc/backup/pre.d/ampache_{{ ampache_id }}_dump_db
+    - /etc/backup/post.d/ampache_{{ ampache_id }}_rm_dump
+  tags: ampache
+
 ...
--- a/roles/ampache/templates/post-backup.j2
+++ b/roles/ampache/templates/post-backup.j2
@ -0,0 +1,3 @@
+#!/bin/sh
+
+rm -f {{ ampache_root_dir }}/backup/*
--- a/roles/ampache/templates/pre-backup.j2
+++ b/roles/ampache/templates/pre-backup.j2
@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/bin/mysqldump --user={{ ampache_mysql_user | quote }} \
+                   --password={{ ampache_mysql_pass | quote }} \
+                   --host={{ ampache_mysql_server | quote }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ ampache_mysql_db | quote }} | zstd -c > {{ ampache_root_dir }}/backup/{{ ampache_mysql_db }}.sql.zst
--- a/roles/grafana/tasks/main.yml
+++ b/roles/grafana/tasks/main.yml
@ -2,9 +2,11 @@
 - name: Install grafana
  yum: name=grafana state=present
  register: grafana_install
+  tags: grafana

 - name: Create unit snippet dir
  file: path=/etc/systemd/system/grafana-server.service.d state=directory
+  tags: grafana

 - name: Tune to restart indefinitely
  copy:
@ -14,18 +16,12 @@
      RestartSec=20
    dest: /etc/systemd/system/grafana-server.service.d/restart.conf
  register: grafana_unit
+  tags: grafana

 - name: Reload systemd
  systemd: daemon_reload=True
  when: grafana_unit.changed
-
- name: Install MySQL support
-  yum: name=MySQL-python state=present
-  when: grafana_db_type == 'mysql'
-
- name: Install PostgreSQL support
-  yum: name=python-psycopg2 state=present
-  when: grafana_db_type == 'postgres'
+  tags: grafana

 - name: Handle grafana port
  iptables_raw:
@ -33,90 +29,54 @@
    state: "{{ (grafana_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ grafana_port }} -s {{ grafana_src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)
-
- name: Generate a random pass for database
-  shell: openssl rand -base64 45 > /etc/grafana/ansible_db_pass
-  args:
-    creates: /etc/grafana/ansible_db_pass
-  when:
-    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
-    - grafana_db_pass is not defined
-
- name: Restrict permission on db pass file
-  file: path=/etc/grafana/ansible_db_pass mode=600
-  when:
-    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
-    - grafana_db_pass is not defined
-
- name: Read db password
-  command: cat /etc/grafana/ansible_db_pass
-  register: grafana_rand_db_pass
-  when:
-    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
-    - grafana_db_pass is not defined
-
- name: Set db pass
-  set_fact: grafana_db_pass={{ grafana_rand_db_pass.stdout }}
-  when:
-    - grafana_db_type == 'mysql' or grafana_db_type == 'postgres'
-    - grafana_db_pass is not defined
-
- name: Create MySQL database
-  mysql_db:
-    name: "{{ grafana_db_name }}"
-    state: present
-    login_host: "{{ grafana_db_server }}"
-    login_user: sqladmin
-    login_password: "{{ mysql_admin_pass }}"
+  tags: grafana,firewall
+
+- when: grafana_db_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: /etc/grafana/ansible_db_pass
+    - set_fact: grafana_db_pass={{ rand_pass }}
+  tags: grafana
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ grafana_db_name }}"
+    - db_user: "{{ grafana_db_user }}"
+    - db_server: "{{ grafana_db_server }}"
+    - db_pass: "{{ grafana_db_pass }}"
  when: grafana_db_type == 'mysql'
-
- name: Create MySQL User
-  mysql_user:
-    name: "{{ grafana_db_user | default('grafana') }}"
-    password: "{{ grafana_db_pass }}"
-    priv: "{{ grafana_db_name | default('grafana') }}.*:ALL"
-    host: "{{ (grafana_db_server == 'localhost') | ternary('localhost', item) }}"
-    login_host: "{{ grafana_db_server }}"
-    login_user: sqladmin
-    login_password: "{{ mysql_admin_pass }}"
-    state: present
-  when: grafana_db_type == 'mysql'
-  with_items: "{{ ansible_all_ipv4_addresses }}"
-
- name: Create the PostgreSQL role
-  postgresql_user:
-    name: "{{ grafana_db_user }}"
-    password: "{{ grafana_db_pass }}"
-    login_host: "{{ grafana_db_server }}"
-    login_user: sqladmin
-    login_password: "{{ pg_admin_pass }}"
-  when: grafana_db_type == 'postgres'
-
- name: Create the PostgreSQL database
-  postgresql_db:
-    name: "{{ grafana_db_name }}"
-    encoding: UTF-8
-    lc_collate: C
-    lc_ctype: C
-    template: template0
-    owner: "{{ grafana_db_user }}"
-    login_host: "{{ grafana_db_server }}"
-    login_user: sqladmin
-    login_password: "{{ pg_admin_pass }}"
-  when: grafana_db_type == 'postgres'
-
- name: Generate a secret key
-  shell: </dev/urandom tr -dc 'A-Za-z0-9!$%&\()*+,-./:;<=>?@[\]^_`|~' | head -c 50 > /etc/grafana/ansible_secret_key
-  args:
-    creates: /etc/grafana/ansible_secret_key
-
- name: Restrict permission on the secret key file
-  file: path=/etc/grafana/ansible_secret_key mode=600
-
- name: Read the secret key
-  command: cat /etc/grafana/ansible_secret_key
-  register: grafana_secret_key
-  changed_when: False
+  tags: grafana
+
+- when: grafana_db_type == 'postgres'
+  block:
+    - name: Create the PostgreSQL role
+      postgresql_user:
+        name: "{{ grafana_db_user }}"
+        password: "{{ grafana_db_pass }}"
+        login_host: "{{ grafana_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+    
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ grafana_db_name }}"
+        encoding: UTF-8
+        lc_collate: C
+        lc_ctype: C
+        template: template0
+        owner: "{{ grafana_db_user }}"
+        login_host: "{{ grafana_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+  tags: grafana
+
+- block:
+  - import_tasks: ../includes/get_rand_pass.yml
+    vars:
+      - pass_file: /etc/grafana/ansible_secret_key
+  - set_fact: grafana_secret_key={{ rand_pass }}
+  tags: grafana

 - name: Deploy grafana configuration
  template: src={{ item }}.j2 dest=/etc/grafana/{{ item }} owner=root group=grafana mode=640
@ -124,42 +84,51 @@
    - grafana.ini
    - ldap.toml
  notify: restart grafana
+  tags: grafana

 - name: Build a list of installed plugins
  shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s\d+\./ && print "$1\n"'
  register: grafana_installed_plugins
  changed_when: False
+  tags: grafana

 - name: Remove unmanaged plugins
  command: grafana-cli plugins uninstall {{ item }}
  with_items: "{{ grafana_installed_plugins.stdout_lines }}"
  when: item not in grafana_plugins
  notify: restart grafana
+  tags: grafana

 - name: Install plugins
  command: grafana-cli plugins install {{ item }}
  with_items: "{{ grafana_plugins }}"
  when: item not in grafana_installed_plugins.stdout_lines
  notify: restart grafana
+  tags: grafana

 - name: Check installed plugins versions
  shell: grafana-cli plugins ls | perl -ne '/^(\w[\-\w]+)\s\@\s(\d+[^\s]*)/ && print "$1 $2\n"'
  register: grafana_installed_plugins_versions
  changed_when: False
+  tags: grafana

 - name: Check available plugins versions
  shell: grafana-cli plugins list-remote | perl -ne '/^id:\s+(\w[\-\w]+)\sversion:\s+(\d+[^\s]*)/ && print "$1 $2\n"'
  register: grafana_remote_plugins_versions
  changed_when: False
+  tags: grafana

 - name: Update grafana plugins
  command: grafana-cli plugins update-all
  when: grafana_installed_plugins_versions.stdout_lines is not subset(grafana_remote_plugins_versions.stdout_lines)
  notify: restart grafana
+  tags: grafana

 - name: Start and enable the service
-  service: name=grafana-server state=started enabled=yes
+  service: name=grafana-server state=started enabled=True
+  tags: grafana

 - name: Change admin password to a random one
  command: grafana-cli admin reset-admin-password --homepath="/usr/share/grafana" --config /etc/grafana/grafana.ini $(openssl rand -base64 33)
  when: grafana_install.changed
+  tags: grafana
--- a/roles/grafana/templates/grafana.ini.j2
+++ b/roles/grafana/templates/grafana.ini.j2
@ -29,7 +29,7 @@ reporting_enabled = {{ grafana_reporting | ternary('true', 'false') }}
 check_for_updates = {{ grafana_check_for_updates | ternary('true', 'false') }}

 [security]
-secret_key = {{ grafana_secret_key.stdout }}
+secret_key = {{ grafana_secret_key }}

 [snapshots]

--- a/roles/repo_rpmfusion/tasks/main.yml
+++ b/roles/repo_rpmfusion/tasks/main.yml
@ -0,0 +1,11 @@
+---
+
+- name: Configure rpm fusion repository
+  yum_repository:
+    name: rpmfusion-free-updates
+    file: rpmfusion
+    description: RPM Fusion for EL - Free - Updates
+    baseurl: http://download1.rpmfusion.org/free/el/updates/$releasever/$basearch/
+    gpgcheck: True
+    gpgkey: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-el-$releasever
+  tags: repo
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@ -321,3 +321,7 @@ openresty.org

 # Tiny Tiny RSS
 tt-rss.org
+
+# RPM Fusion
+rpmfusion.org
+download1.rpmfusion.org