Daniel Berteaud
4 years ago
parent
1385e4e751
commit
52dbb3e6e0
25 changed files with 368 additions and 19 deletions
|
After Width: | Height: | Size: 7.5 KiB |
@ -0,0 +1,9 @@ |
||||
USER=apache |
||||
GROUP=apache |
||||
NPROC={{ llng_fcgi_workers }} |
||||
SOCKET=/run/llng-fastcgi-server/llng-fastcgi.sock |
||||
PID=/run/llng-fastcgi-server/llng-fastcgi-server.pid |
||||
PERL_LWP_ENV_PROXY={{ llng_reload_use_proxy | ternary('1','0') }} |
||||
PM_MAX_REQUESTS=500 |
||||
PM_SIZECHECK_NUM_REQUESTS=100 |
||||
PM_MAX_SIZE=800000 |
||||
Binary file not shown.
@ -0,0 +1,65 @@ |
||||
--- |
||||
|
||||
# Version to deploy |
||||
metabase_version: 0.38.0 |
||||
# URL to fetch the jar |
||||
metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar |
||||
# Expected sha1 of the jar |
||||
metabase_jar_sha1: 2d2333deff92c18784c4a0e0d23288b29d2c8a87 |
||||
# Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled |
||||
metabase_manage_upgrade: True |
||||
|
||||
# User account under which metabase will run |
||||
# Will be created |
||||
metabase_user: metabase |
||||
# Path under which metabase will be installed |
||||
metabase_root_dir: /opt/metabase |
||||
|
||||
# Port on which metabase will listen |
||||
metabase_port: 3002 |
||||
# List of IP or CIDR allowed to reach metabase_port |
||||
metabase_src_ip: [] |
||||
|
||||
# MySQL database |
||||
metabase_db_server: "{{ mysql_server | default('localhost') }}" |
||||
metabase_db_port: 3306 |
||||
metabase_db_name: metabase |
||||
metabase_db_user: metabase |
||||
# A random pass will be generated and stored in the meta dir if not defined |
||||
# metabase_db_pass: S3cr3t. |
||||
|
||||
# Email of the admins |
||||
metabase_admin_email: "{{ system_admin_email }}" |
||||
# From email for emails sent by metabase |
||||
metabase_from_email: metabase-noreply@{{ ansible_domain }} |
||||
# Settings for sending emails |
||||
metabase_smtp_server: localhost |
||||
metabase_smtp_port: 25 |
||||
# metabase_smtp_user: metabase@example.org |
||||
# metabase_smtp_pass: S3cr3t. |
||||
metabase_smtp_starttls: False |
||||
|
||||
# Encryption key to protect credentials stored in the DB |
||||
# If not set, a random one will be created and store in the mata directory |
||||
# metabase_encryption_key: SuperS3cr3t. |
||||
|
||||
# Default language for notifications |
||||
metabase_lang: fr |
||||
|
||||
# Public URL to reach metabase. |
||||
# Will most likely need to be adjusted, because you'll put it behind a reverse proxy don't you ? |
||||
metabase_public_url: http://{{ inventory_hostname }}:{{ metabase_port }}/ |
||||
|
||||
# LDAP Auth settings |
||||
metabase_ldap: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}" |
||||
metabase_ldap_attr_email: mail |
||||
metabase_ldap_attr_firstname: givenName |
||||
metabase_ldap_attr_lastname: sn |
||||
metabase_ldap_server: "{{ (ldap_uri is defined) | ternary(ldap_uri | urlsplit('hostname'), ad_auth | default(False) | ternary(ad_realm | default(samba_realm) | default(ansible_domain) | lower, ansible_domain)) }}" |
||||
metabase_ldap_port: "{{ (ldap_auth is defined and ldap_auth | urlsplit('port') is search('\\d+')) | ternary(ldap_auth | urlsplit('port'), '389') }}" |
||||
# metabase_ldap_user: CN=Metabase,OU=Apps,DC=example,DC=org |
||||
# metabase_ldap_pass: S3cr3t. |
||||
metabase_ldap_user_base: "{{ (ad_ldap_user_search_base is defined and ad_auth) | ternary(ad_ldap_user_search_base, ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), 'ou=Users,' + ldap_base)) }}" |
||||
metabase_ldap_user_filter: (&{{ ad_auth | default(False) | ternary('(objectClass=user)(objectCategory=person)(primaryGroupId=513)','(objectClass=inetOrgPerson)') }}(|(uid={login})(mail={login})) |
||||
metabase_ldap_group_base: "{{ (ad_ldap_group_search_base is defined and ad_auth) | ternary(ad_ldap_group_search_base, ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), 'ou=Groups,' + ldap_base)) }}" |
||||
|
||||
@ -0,0 +1,4 @@ |
||||
--- |
||||
|
||||
- name: restart metabase |
||||
service: name=metabase state=restarted |
||||
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
dependencies: |
||||
- role: mysql_server |
||||
when: metabase_db_server in ['localhost','127.0.0.1'] |
||||
@ -0,0 +1,10 @@ |
||||
--- |
||||
|
||||
- name: Compress previous version |
||||
command: tar cf {{ metabase_root_dir }}/archives/{{ metabase_current_version }}.tar.zst --use-compress-program=zstd ./ |
||||
environment: |
||||
ZSTD_CLEVEL: 10 |
||||
args: |
||||
chdir: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}" |
||||
warn: False |
||||
tags: metabase |
||||
@ -0,0 +1,36 @@ |
||||
--- |
||||
|
||||
- name: Create the archive dir |
||||
file: |
||||
path: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}" |
||||
state: directory |
||||
tags: metabase |
||||
|
||||
- name: Archive previous version |
||||
synchronize: |
||||
src: "{{ metabase_root_dir }}/{{ item }}" |
||||
dest: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}" |
||||
recursive: True |
||||
delete: True |
||||
loop: |
||||
- app |
||||
- plugins |
||||
- data |
||||
- etc |
||||
delegate_to: "{{ inventory_hostname }}" |
||||
tags: metabase |
||||
|
||||
- name: Dump the database |
||||
mysql_db: |
||||
state: dump |
||||
name: "{{ metabase_db_name }}" |
||||
target: "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}/{{ metabase_db_name }}.sql.xz" |
||||
login_host: "{{ metabase_db_server }}" |
||||
login_port: "{{ metabase_db_port }}" |
||||
login_user: "{{ metabase_db_user }}" |
||||
login_password: "{{ metabase_db_pass }}" |
||||
quick: True |
||||
single_transaction: True |
||||
environment: |
||||
XZ_OPT: -T0 |
||||
tags: metabase |
||||
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Remove tmp and unused files |
||||
file: path={{ item }} state=absent |
||||
loop: |
||||
- "{{ metabase_root_dir }}/archives/{{ metabase_current_version }}" |
||||
- "{{ metabase_root_dir }}/tmp/metabase.jar" |
||||
tags: metabase |
||||
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
- name: Deploy configuration |
||||
template: src=env.j2 dest={{ metabase_root_dir }}/etc/env group={{ metabase_user }} mode=640 |
||||
notify: restart metabase |
||||
tags: metabase |
||||
@ -0,0 +1,23 @@ |
||||
--- |
||||
|
||||
- name: Create needed directories |
||||
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||
loop: |
||||
- dir: "{{ metabase_root_dir }}/app" |
||||
- dir: "{{ metabase_root_dir }}/tmp" |
||||
- dir: "{{ metabase_root_dir }}/data" |
||||
owner: "{{ metabase_user }}" |
||||
mode: 700 |
||||
- dir: "{{ metabase_root_dir }}/etc" |
||||
group: "{{ metabase_user }}" |
||||
mode: 750 |
||||
- dir: "{{ metabase_root_dir }}/plugins" |
||||
owner: "{{ metabase_user }}" |
||||
- dir: "{{ metabase_root_dir }}/archives" |
||||
mode: 700 |
||||
- dir: "{{ metabase_root_dir }}/meta" |
||||
mode: 700 |
||||
- dir: "{{ metabase_root_dir }}/backup" |
||||
mode: 700 |
||||
tags: metabase |
||||
|
||||
@ -0,0 +1,29 @@ |
||||
--- |
||||
|
||||
# Detect installed version (if any) |
||||
- block: |
||||
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||
vars: |
||||
- root_dir: "{{ metabase_root_dir }}" |
||||
- version: "{{ metabase_version }}" |
||||
- set_fact: metabase_install_mode={{ (install_mode == 'upgrade' and not metabase_manage_upgrade) | ternary('none',install_mode) }} |
||||
- set_fact: metabase_current_version={{ current_version | default('') }} |
||||
tags: metabase |
||||
|
||||
# Create a random pass for the DB if needed |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ metabase_root_dir }}/meta/ansible_dbpass" |
||||
- set_fact: metabase_db_pass={{ rand_pass }} |
||||
when: metabase_db_pass is not defined |
||||
tags: metabase |
||||
|
||||
# Create a random encryption key |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ metabase_root_dir }}/meta/ansible_encryption_key" |
||||
- set_fact: metabase_encryption_key={{ rand_pass }} |
||||
when: metabase_encryption_key is not defined |
||||
tags: metabase |
||||
@ -0,0 +1,46 @@ |
||||
--- |
||||
|
||||
- name: Install dependencies |
||||
yum: |
||||
name: |
||||
- java-11-openjdk |
||||
tags: metabase |
||||
|
||||
- name: Stop the service during upgrades |
||||
service: name=metabase state=stopped |
||||
when: metabase_install_mode == 'upgrade' |
||||
tags: metabase |
||||
|
||||
- when: metabase_install_mode != 'none' |
||||
block: |
||||
- name: Download metabase JAR file |
||||
get_url: |
||||
url: "{{ metabase_jar_url }}" |
||||
dest: "{{ metabase_root_dir }}/tmp/" |
||||
checksum: sha1:{{ metabase_jar_sha1 }} |
||||
|
||||
- name: Move the JAR to the app dir |
||||
copy: src={{ metabase_root_dir }}/tmp/metabase.jar dest={{ metabase_root_dir }}/app/ mode=644 remote_src=True |
||||
notify: restart metabase |
||||
|
||||
tags: metabase |
||||
|
||||
- name: Deploy systemd unit |
||||
template: src=metabase.service.j2 dest=/etc/systemd/system/metabase.service |
||||
register: metabase_unit |
||||
notify: restart metabase |
||||
tags: metabase |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: metabase_unit.changed |
||||
tags: metabase |
||||
|
||||
# Create the database |
||||
- import_tasks: ../includes/webapps_create_mysql_db.yml |
||||
vars: |
||||
- db_name: "{{ metabase_db_name }}" |
||||
- db_user: "{{ metabase_db_user }}" |
||||
- db_server: "{{ metabase_db_server }}" |
||||
- db_pass: "{{ metabase_db_pass }}" |
||||
tags: metabase |
||||
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Handle metabase port in the firewall |
||||
iptables_raw: |
||||
name: metabase_port |
||||
state: "{{ (metabase_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ metabase_port }} -s {{ metabase_src_ip | join(',') }} -j ACCEPT" |
||||
tags: firewall,metabase |
||||
@ -0,0 +1,16 @@ |
||||
--- |
||||
|
||||
- include: user.yml |
||||
- include: directories.yml |
||||
- include: facts.yml |
||||
- include: archive_pre.yml |
||||
when: metabase_install_mode == 'upgrade' |
||||
- include: install.yml |
||||
- include: conf.yml |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
- include: services.yml |
||||
- include: write_version.yml |
||||
- include: archive_post.yml |
||||
when: metabase_install_mode == 'upgrade' |
||||
- include: cleanup.yml |
||||
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Start and enable the service |
||||
service: name=metabase state=started enabled=True |
||||
tags: metabase |
||||
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Create metabase user account |
||||
user: name={{ metabase_user }} home={{ metabase_root_dir }} system=True |
||||
tags: metabase |
||||
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Write installed version |
||||
copy: content={{ metabase_version }} dest={{ metabase_root_dir }}/meta/ansible_version |
||||
tags: metabase |
||||
@ -0,0 +1,43 @@ |
||||
MB_ADMIN_EMAIL={{ metabase_admin_email }} |
||||
MB_EMAIL_FROM_ADDRESS={{ metabase_from_email }} |
||||
MB_EMAIL_SMTP_HOST={{metabase_smtp_server }} |
||||
MB_EMAIL_SMTP_PORT={{ metabase_smtp_port }} |
||||
{% if metabase_smtp_user is defined and metabase_smtp_pass is defined %} |
||||
MB_EMAIL_SMTP_USERNAME={{ metabase_smtp_user }} |
||||
MB_EMAIL_SMTP_PASSWORD={{ metabase_smtp_pass }} |
||||
{% endif %} |
||||
MB_EMAIL_SMTP_SECURITY={{ metabase_smtp_starttls | ternary('starttls','none') }} |
||||
MB_ANON_TRACKING_ENABLED=false |
||||
MB_DB_FILE={{ metabase_root_dir }}/data/metabase.db |
||||
MB_DB_DBNAME={{ metabase_db_name }} |
||||
MB_DB_HOST={{ metabase_db_server }} |
||||
MB_DB_USER={{ metabase_db_user }} |
||||
MB_DB_PASS={{ metabase_db_pass | quote }} |
||||
MB_DB_PORT={{ metabase_db_port }} |
||||
MB_DB_TYPE=mysql |
||||
MB_ENABLE_QUERY_CACHING=true |
||||
MB_ENABLE_PUBLIC_SHARING=true |
||||
MB_ENABLE_EMBEDDING=true |
||||
MB_ENCRYPTION_SECRET_KEY={{ metabase_encryption_key | quote }} |
||||
MB_JETTY_HOST=0.0.0.0 |
||||
MB_JETTY_PORT={{ metabase_port }} |
||||
MB_PLUGINS_DIR={{ metabase_root_dir }}/plugins |
||||
MB_SITE_LOCALE={{ metabase_lang }} |
||||
MB_SITE_URL={{ metabase_public_url }} |
||||
{% if metabase_ldap %} |
||||
MB_LDAP_ENABLED=true |
||||
MB_LDAP_HOST={{ metabase_ldap_server }} |
||||
MB_LDAP_PORT={{ metabase_ldap_port }} |
||||
MB_LDAP_SECURITY=tls |
||||
{% if metabase_ldap_user is defined and metabase_ldap_pass is defined %} |
||||
MB_LDAP_BIND_DN={{ metabase_ldap_user | quote }} |
||||
MB_LDAP_PASSWORD={{ metabase_ldap_pass | quote }} |
||||
{% endif %} |
||||
MB_LDAP_ATTRIBUTE_EMAIL={{ metabase_ldap_attr_email }} |
||||
MB_LDAP_ATTRIBUTE_FIRSTNAME={{ metabase_ldap_attr_firstname }} |
||||
MB_LDAP_ATTRIBUTE_LASTNAME={{ metabase_ldap_attr_lastname }} |
||||
MB_LDAP_USER_BASE={{ metabase_ldap_user_base }} |
||||
MB_LDAP_USER_FILTER={{ metabase_ldap_user_filter | quote }} |
||||
MB_LDAP_GROUP_SYNC=true |
||||
MB_LDAP_GROUP_BASE={{ metabase_ldap_group_base }} |
||||
{% endif %} |
||||
@ -0,0 +1,25 @@ |
||||
[Unit] |
||||
Description=Metabase opensource BI |
||||
After=syslog.target network.target |
||||
|
||||
[Service] |
||||
Type=simple |
||||
User={{ metabase_user }} |
||||
WorkingDirectory={{ metabase_root_dir }}/app |
||||
EnvironmentFile={{ metabase_root_dir }}/etc/env |
||||
ExecStart=/usr/bin/java -Djava.net.preferIPv4Stack=true \ |
||||
{% if system_proxy is defined and system_proxy != '' %} |
||||
-Dhttp.proxyHost={{ system_proxy | urlsplit('hostname') }} -Dhttp.proxyPort={{ system_proxy | urlsplit('port') }} \ |
||||
-Dhttps.proxyHost={{ system_proxy | urlsplit('hostname') }} -Dhttps.proxyPort={{ system_proxy | urlsplit('port') }} \ |
||||
{% endif %} |
||||
-jar {{ metabase_root_dir }}/app/metabase.jar |
||||
PrivateTmp=yes |
||||
PrivateDevices=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
Restart=on-failure |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
|
||||
Loading…
Reference in new issue