Update to 2021-02-04 16:00

4 years ago · 51213061ef
parent 27d9c95d5c
commit 51213061ef
19 changed files with 296 additions and 0 deletions
--- a/roles/n8n/defaults/main.yml
+++ b/roles/n8n/defaults/main.yml
@ -0,0 +1,47 @@
 ---
 # Version to deploy
 n8n_version: 0.105.0
 # Root directory where n8n will be installed
 n8n_root_dir: /opt/n8n
 # User account under which n8n will run
 n8n_user: n8n
 # Should ansible manage upgrades ? If False, only the initial install will be handled
 n8n_manage_upgrade: True
 # Port on which n8n will bind to expose its web interface
 n8n_port: 8021
 # List of IP / CIDR allowed to access n8n_port
 n8n_src_ip: []
 n8n_db_server: "{{ mysql_server | default('localhost') }}"
 n8n_db_port: 3306
 n8n_db_name: n8n
 n8n_db_user: n8n
 # If not defined, a random one will be created and stored in the {{ n8n_root_dir }}/meta/ansible_dbpass
 #n8n_db_pass: S3cR3t.
 # Config dfirectives, will be translated to json in {{ n8n_root_dir }}/etc/n8n.json
 n8n_config_base:
  database:
    type: mysqldb
    mysqldb:
      database: "{{ n8n_db_name }}"
      host: "{{ n8n_db_server }}"
      port: "{{ n8n_db_port }}"
      user: "{{ n8n_db_user }}"
      password: "{{ n8n_db_pass }}"
  generic:
    timezone: "{{ system_tz | default('Europe/Paris') }}"
  port: "{{ n8n_port }}"
  encryptionKey: "{{ n8n_secret_key }}"
 # This lets you override just part of the defaults
 n8n_config_extra: {}
 n8n_config: "{{ n8n_config_base | combine(n8n_config_extra,recursive=True) }}"
  # The URL which will be used to reach n8n.
 # You'll likely have to change it, especially if n8n runs behind a reverse proxy
 n8n_public_url: http://{{ inventory_hostname }}:{{ n8n_port }}/
 # A secret key used to encrypt data in the DB. A random one is created is not defined here
 # n8n_secret_key: p@ssW0rd
--- a/roles/n8n/handlers/main.yml
+++ b/roles/n8n/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart n8n
  service: name=n8n state=restarted
  when: not n8n_started.changed
--- a/roles/n8n/meta/main.yml
+++ b/roles/n8n/meta/main.yml
@ -0,0 +1,6 @@
 ---
 dependencies:
  - role: repo_nodejs
  - role: mysql_server
    when: n8n_db_server in ['localhost','127.0.0.1']
--- a/roles/n8n/tasks/archive_post.yml
+++ b/roles/n8n/tasks/archive_post.yml
@ -0,0 +1,10 @@
 ---
 - name: Compress previous version
  command: tar cf {{ n8n_root_dir }}/archives/{{ n8n_current_version }}.tar.zst --use-compress-program=zstd ./
  environment:
    ZST_CLEVEL: 10
  args:
    chdir: "{{ n8n_archive_dir }}"
    warn: False
  tags: n8n
--- a/roles/n8n/tasks/archive_pre.yml
+++ b/roles/n8n/tasks/archive_pre.yml
@ -0,0 +1,36 @@
 ---
 - name: Create the archive dir
  file:
    path: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
    state: directory
  tags: n8n
 - name: Archive previous version
  synchronize:
    src: "{{ n8n_root_dir }}/{{ item }}"
    dest: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
    recursive: True
    delete: True
  loop:
    - app
    - etc
    - data
  delegate_to: "{{ inventory_hostname }}"
  tags: n8n
 - name: Dump the database
  mysql_db:
    state: dump
    name: "{{ item }}"
    target: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}/{{ n8n_db_name }}.sql.xz"
    login_host: "{{ n8n_db_server }}"
    login_port: "{{ n8n_db_port }}"
    login_user: "{{ n8n_db_user }}"
    login_password: "{{ n8n_db_pass }}"
    quick: True
    single_transaction: True
  environment:
    XZ_OPT: -T0
  tags: n8n
--- a/roles/n8n/tasks/cleanup.yml
+++ b/roles/n8n/tasks/cleanup.yml
@ -0,0 +1,7 @@
 ---
 - name: Remove tmp and unused files
  file: path={{ item }} state=absent
  loop:
    - "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
  tags: n8n
--- a/roles/n8n/tasks/conf.yml
+++ b/roles/n8n/tasks/conf.yml
@ -0,0 +1,6 @@
 ---
 - name: Deploy n8n config
  template: src=n8n.json.j2 dest={{ n8n_root_dir }}/etc/n8n.j2 group={{ n8n_user }} mode=640
  notify: restart n8n
  tags: n8n
--- a/roles/n8n/tasks/directories.yml
+++ b/roles/n8n/tasks/directories.yml
@ -0,0 +1,26 @@
 ---
 - name: Create needed directories
  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
  loop:
    - dir: "{{ n8n_root_dir }}"
      mode: 700
    - dir: "{{ n8n_root_dir }}/app"
      group: "{{ n8n_user }}"
      mode: 775
    - dir: "{{ n8n_root_dir }}/data"
      owner: "{{ n8n_user }}"
      mode: 700
    - dir: "{{ n8n_root_dir }}/etc"
      group: "{{ n8n_user }}"
      mode: 750
    - dir: "{{ n8n_root_dir }}/tmp"
      owner: "{{ n8n_user }}"
      mode: 700
    - dir: "{{ n8n_root_dir }}/meta"
      mode: 700
    - dir: "{{ n8n_root_dir }}/backup"
      mode: 700
    - dir: "{{ n8n_root_dir }}/archives"
      mode: 700
  tags: n8n
--- a/roles/n8n/tasks/facts.yml
+++ b/roles/n8n/tasks/facts.yml
@ -0,0 +1,29 @@
 ---
 # Detect installed version (if any)
 - block:
    - import_tasks: ../includes/webapps_set_install_mode.yml
      vars:
        - root_dir: "{{ n8n_root_dir }}"
        - version: "{{ n8n_version }}"
    - set_fact: n8n_install_mode={{ (install_mode == 'upgrade' and not n8n_manage_upgrade) | ternary('none',install_mode) }}
    - set_fact: n8n_current_version={{ current_version | default('') }}
  tags: n8n
 # Create a random pass for the DB if needed
 - block:
    - import_tasks: ../includes/get_rand_pass.yml
      vars:
        - pass_file: "{{ n8n_root_dir }}/meta/ansible_dbpass"
    - set_fact: n8n_db_pass={{ rand_pass }}
  when: n8n_db_pass is not defined
  tags: n8n
 # Random encryption key
 - block:
    - import_tasks: ../includes/get_rand_pass.yml
      vars:
        - pass_file: "{{ n8n_root_dir }}/meta/ansible_secret_key"
    - set_fact: n8n_secret_key={{ rand_pass }}
  when: n8n_secret_key is not defined
  tags: n8n
--- a/roles/n8n/tasks/install.yml
+++ b/roles/n8n/tasks/install.yml
@ -0,0 +1,47 @@
 ---
 - name: Install nodejs and dependencies
  yum:
    name:
      - nodejs
      - gcc
      - make
      - sqlite-devel
  tags: n8n
 - name: Install n8n
  npm:
    name: n8n
    path: "{{ n8n_root_dir }}/app"
    version: "{{ n8n_version }}"
  environment:
    - npm_config_python: /bin/python3 # This is needed for sqlite3 build
  become_user: "{{ n8n_user }}"
  tags: n8n
 # Create the database
 - import_tasks: ../includes/webapps_create_mysql_db.yml
  vars:
    - db_name: "{{ n8n_db_name }}"
    - db_user: "{{ n8n_db_user }}"
    - db_server: "{{ n8n_db_server }}"
    - db_pass: "{{ n8n_db_pass }}"
  tags: n8n
 - name: Deploy systemd unit
  template: src=n8n.service.j2 dest=/etc/systemd/system/n8n.service
  register: n8n_unit
  notify: restart n8n
  tags: n8n
 - name: Reload systemd
  systemd: daemon_reload=True
  when: n8n_unit.changed
  tags: n8n
 - name: Install pre/post backup hooks
  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/n8n mode=700
  loop:
    - pre
    - post
  tags: n8n
--- a/roles/n8n/tasks/iptables.yml
+++ b/roles/n8n/tasks/iptables.yml
@ -0,0 +1,8 @@
 ---
 - name:  Handle n8n port in the firewall
  iptables_raw:
    name: n8n_port
    state: "{{ (n8n_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ n8n_port }} -s {{ n8n_src_ip | join(',') }} -j ACCEPT"
  tags: firewall,n8n
--- a/roles/n8n/tasks/main.yml
+++ b/roles/n8n/tasks/main.yml
@ -0,0 +1,15 @@
 ---
 - include: user.yml
 - include: directories.yml
 - include: facts.yml
 - include: archive_pre.yml
  when: n8n_install_mode == 'upgrade'
 - include: install.yml
 - include: conf.yml
 - include: iptables.yml
 - include: services.yml
 - include: write_version.yml
 - include: archive_post.yml
  when: n8n_install_mode == 'upgrade'
 - include: cleanup.yml
--- a/roles/n8n/tasks/services.yml
+++ b/roles/n8n/tasks/services.yml
@ -0,0 +1,6 @@
 ---
 - name: Start and enable n8n daemon
  service: name=n8n state=started enabled=True
  register: n8n_started
  tags: n8n
--- a/roles/n8n/tasks/user.yml
+++ b/roles/n8n/tasks/user.yml
@ -0,0 +1,5 @@
 ---
 - name: Create n8n user account
  user: name={{ n8n_user }} home={{ n8n_root_dir }} system=True
  tags: n8n
--- a/roles/n8n/tasks/write_version.yml
+++ b/roles/n8n/tasks/write_version.yml
@ -0,0 +1,5 @@
 ---
 - name: Write installed version
  copy: content={{ n8n_version }} dest={{ n8n_root_dir }}/meta/ansible_version
  tags: n8n
--- a/roles/n8n/templates/n8n.json.j2
+++ b/roles/n8n/templates/n8n.json.j2
@ -0,0 +1 @@
 {{ n8n_config | to_nice_json(indent=4) }}
--- a/roles/n8n/templates/n8n.service.j2
+++ b/roles/n8n/templates/n8n.service.j2
@ -0,0 +1,24 @@
 [Unit]
 Description=n8n workflow automation daemon
 After=syslog.target network.target mariadb.service
 [Service]
 Type=simple
 User={{ n8n_user }}
 Group={{ n8n_user }}
 #EnvironmentFile={{ n8n_root_dir }}/etc/env
 Environment=N8N_CONFIG_FILES={{ n8n_root_dir }}/etc/n8n.json
 Environment=N8N_USER_FOLDER={{ n8n_root_dir }}/data
 Environment=WEBHOOK_TUNNEL_URL={{ n8n_public_url }}
 ExecStart={{ n8n_root_dir }}/app/node_modules/n8n/bin/n8n
 PrivateTmp=yes
 ProtectSystem=full
 ProtectHome=yes
 NoNewPrivileges=yes
 MemoryLimit=2048M
 Restart=on-failure
 StartLimitInterval=0
 RestartSec=30
 [Install]
 WantedBy=multi-user.target
--- a/roles/n8n/templates/post-backup.sh.j2
+++ b/roles/n8n/templates/post-backup.sh.j2
@ -0,0 +1,3 @@
 #!/bin/bash -e
 rm -f {{ n8n_root_dir }}/backup/*.sql.zst
--- a/roles/n8n/templates/pre-backup.sh.j2
+++ b/roles/n8n/templates/pre-backup.sh.j2
@ -0,0 +1,10 @@
 #!/bin/bash -e
 /usr/bin/mysqldump \
 {% if n8n_db_server not in ['localhost','127.0.0.1'] %}
  --user={{ n8n_db_user | quote }} \
  --password={{ n8n_db_pass | quote }} \
  --host={{ n8n_db_server | quote }} \
 {% endif %}
  --quick --single-transaction \
  --add-drop-table {{ n8n_db_name | quote }} | zstd -c > {{ n8n_root_dir }}/backup/{{ n8n_db_name }}.sql.zst
		`@ -0,0 +1,3 @@`
							`#!/bin/bash -e`

							`rm -f {{ n8n_root_dir }}/backup/*.sql.zst`