fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2020-09-19 11:00

Browse Source
master
Daniel Berteaud 4 years ago
parent d8e45c38dd
commit c1cb8e316b
13 changed files with 367 additions and 320 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      roles/funkwhale/defaults/main.yml
  2. 1
      roles/funkwhale/meta/main.yml
  3. 9
      roles/funkwhale/tasks/archive_post.yml
  4. 31
      roles/funkwhale/tasks/archive_pre.yml
  5. 12
      roles/funkwhale/tasks/cleanup.yml
  6. 22
      roles/funkwhale/tasks/conf.yml
  7. 30
      roles/funkwhale/tasks/directories.yml
  8. 36
      roles/funkwhale/tasks/facts.yml
  9. 187
      roles/funkwhale/tasks/install.yml
  10. 328
      roles/funkwhale/tasks/main.yml
  11. 9
      roles/funkwhale/tasks/service.yml
  12. 10
      roles/funkwhale/tasks/user.yml
  13. 6
      roles/funkwhale/tasks/write_version.yml

6
roles/funkwhale/defaults/main.yml
Unescape View File

@ -1,12 +1,12 @@
---
funkwhale_version: 0.21.2
funkwhale_version: 1.0
funkwhale_id: 1
#funkwhale_archive_url: https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/{{ funkwhale_version }}/funkwhale-{{ funkwhale_version }}.tar.gz
funkwhale_base_url: https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/{{ funkwhale_version }}/download
funkwhale_archive_sha1:
api: 7411d5e506ab1f720202ec77e0a7b26f2d146ebb
front: a2b0b62c2311258675a74abebfef495e1d8a49a9
api: 9b97d4f5e6f2891fdbb9f51ca7fd066ec50d090d
front: bc07a1626949725356431d95fa2cabb180e6cce0
funkwhale_root_dir: /opt/funkwhale_{{ funkwhale_id }}
# Should ansible manage upgrades of funkwhale, or only initial install

1
roles/funkwhale/meta/main.yml
Unescape View File

@ -1,7 +1,6 @@
---
allow_duplicates: true
dependencies:
- role: repo_scl # for python36
- role: repo_nux_dextop # for ffmpeg
- role: httpd_common
- role: redis_server

9
roles/funkwhale/tasks/archive_post.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Compress previous version
command: tar cf {{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}.tar.zst --use-compress-program=zstd ./
args:
chdir: "{{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}"
warn: False
tags: funkwhale

31
roles/funkwhale/tasks/archive_pre.yml
Unescape View File

@ -0,0 +1,31 @@
---
- name: Create archive dir
file: path={{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }} state=directory
tags: funkwhale
- name: Archive previous version
synchronize:
src: "{{ funkwhale_root_dir }}/{{ item }}"
dest: "{{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}/"
recursive: True
delete: True
loop:
- api
- front
- venv
delegate_to: "{{ inventory_hostname }}"
tags: funkwhale
- name: Archive a database dump
command: >
/usr/pgsql-12/bin/pg_dump
--clean
--host={{ funkwhale_db_server }}
--port={{ funkwhale_db_port }}
--username=sqladmin {{ funkwhale_db_name }}
--file={{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}/{{ funkwhale_db_name }}.sql
environment:
- PGPASSWORD: "{{ pg_admin_pass }}"
tags: funkwhale

12
roles/funkwhale/tasks/cleanup.yml
Unescape View File

@ -0,0 +1,12 @@
---
- name: Remove temp files
file: path={{ funkwhale_root_dir }}/{{ item }} state=absent
loop:
- tmp/api.zip
- tmp/api
- tmp/front.zip
- tmp/front
- archives/{{ funkwhale_current_version }}
- db_dumps
tags: funkwhale

22
roles/funkwhale/tasks/conf.yml
Unescape View File

@ -0,0 +1,22 @@
---
- name: Deploy funkwhale configuration
template: src=env.j2 dest={{ funkwhale_root_dir }}/config/.env group={{ funkwhale_user }}
notify: restart funkwhale
tags: funkwhale
- name: Deploy permissions script
template: src=perms.sh.j2 dest={{ funkwhale_root_dir }}/perms.sh mode=755
register: funkwhale_perms
tags: funkwhale
- name: Set optimal permissions
command: "{{ funkwhale_root_dir }}/perms.sh"
when: funkwhale_install_mode != 'none' or funkwhale_perms.changed
tags: funkwhale
- name: Deploy apache config
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/40-funkwhale_{{ funkwhale_id }}.conf
notify: reload httpd
tags: funkwhale

30
roles/funkwhale/tasks/directories.yml
Unescape View File

@ -0,0 +1,30 @@
---
- name: Create directories
file:
path: "{{ funkwhale_root_dir }}/{{ item.dir }}"
state: directory
owner: "{{ item.user | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- dir: /
- dir: api
- dir: front
- dir: data
- dir: data/media
- dir: data/music
- dir: data/static
- dir: config
group: "{{ funkwhale_user }}"
mode: 750
- dir: archives
mode: 700
- dir: meta
mode: 700
- dir: tmp
mode: 700
- dir: backup
mode: 700
tags: funkwhale

36
roles/funkwhale/tasks/facts.yml
Unescape View File

@ -0,0 +1,36 @@
---
- fail: msg="pg_admin_pass must be set"
when: pg_admin_pass is not defined
tags: funkwhale
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ funkwhale_root_dir }}"
- version: "{{ funkwhale_version }}"
tags: funkwhale
- set_fact: funkwhale_install_mode={{ (install_mode == 'upgrade' and not funkwhale_manage_upgrade) | ternary('none',install_mode) }}
tags: funkwhale
- set_fact: funkwhale_current_version={{ current_version | default('') }}
tags: funkwhale
# Create a random pass for the DB if needed
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_dbpass"
when: funkwhale_db_pass is not defined
tags: funkwhale
- set_fact: funkwhale_db_pass={{ rand_pass }}
when: funkwhale_db_pass is not defined
tags: funkwhale
# Create a random django secret key
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_django_key"
when: funkwhale_secret_key is not defined
tags: funkwhale
- set_fact: funkwhale_secret_key={{ rand_pass }}
when: funkwhale_secret_key is not defined
tags: funkwhale

187
roles/funkwhale/tasks/install.yml
Unescape View File

@ -0,0 +1,187 @@
---
- name: Install packages
yum:
name:
- gcc
- git
- postgresql12
- postgresql-devel
- openldap-devel
- cyrus-sasl-devel
- libjpeg-turbo-devel
- python-psycopg2
- python-setuptools
- python3-virtualenv
- python3-pip
- ffmpeg
- mod_xsendfile
tags: funkwhale
- name: Download funkwhale frontend and api
get_url:
url: "{{ funkwhale_base_url }}?job=build_{{ item }}"
dest: "{{ funkwhale_root_dir }}/tmp/{{ item }}.zip"
checksum: sha1:{{ funkwhale_archive_sha1[item] }}
when: funkwhale_install_mode != 'none'
loop:
- front
- api
tags: funkwhale
- name: Extract funkwhale archives
unarchive:
src: "{{ funkwhale_root_dir }}/tmp/{{ item }}.zip"
dest: "{{ funkwhale_root_dir }}/tmp/"
remote_src: True
when: funkwhale_install_mode != 'none'
loop:
- front
- api
tags: funkwhale
- name: Move files to their final location
synchronize:
src: "{{ funkwhale_root_dir }}/tmp/{{ item }}/"
dest: "{{ funkwhale_root_dir }}/{{ item }}/"
recursive: True
delete: True
loop:
- api
- front
delegate_to: "{{ inventory_hostname }}"
when: funkwhale_install_mode != 'none'
tags: funkwhale
- name: Create the PostgreSQL role
postgresql_user:
db: postgres
name: "{{ funkwhale_db_user }}"
password: "{{ funkwhale_db_pass }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: funkwhale
- name: Create the PostgreSQL database
postgresql_db:
name: "{{ funkwhale_db_name }}"
encoding: UTF-8
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ funkwhale_db_user }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: funkwhale
- name: Enable required PostgreSQL extensions
postgresql_ext:
name: "{{ item }}"
db: "{{ funkwhale_db_name }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
loop:
- unaccent
- citext
tags: funkwhale
- name: Wipe the venv on upgrade
file: path={{ funkwhale_root_dir }}/venv state=absent
when: funkwhale_install_mode == 'upgrade'
tags: funkwhale
- name: Create the venv dir
file: path={{ funkwhale_root_dir }}/venv state=directory
tags: funkwhale
- name: Create the virtualenv
pip:
name:
- wheel
- pip
- virtualenv
- service_identity
state: latest
virtualenv: "{{ funkwhale_root_dir }}/venv"
virtualenv_command: /bin/virtualenv-3
virtualenv_python: /bin/python3
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
- name: Install python modules in the virtualenv
pip:
requirements: "{{ funkwhale_root_dir }}/api/requirements.txt"
state: latest
virtualenv: "{{ funkwhale_root_dir }}/venv"
virtualenv_command: /bin/virtualenv-3
virtualenv_python: /bin/python3
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
- name: Migrate database
django_manage:
command: migrate
app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv"
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
- name: Collect static files
django_manage:
command: collectstatic
app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv"
when: funkwhale_install_mode != 'none'
tags: funkwhale
- name: Deploy systemd units
template: src=funkwhale-{{ item }}.service.j2 dest=/etc/systemd/system/funkwhale_{{ funkwhale_id }}-{{ item }}.service
register: funkwhale_units
loop:
- server
- worker
- beat
notify: restart funkwhale
tags: funkwhale
- name: Deploy library update units
template: src=funkwhale-update-media.{{ item }}.j2 dest=/etc/systemd/system/funkwhale_{{ funkwhale_id }}-update-media.{{ item }}
register: funkwhale_media_updater
loop:
- service
- timer
tags: funkwhale
- name: Reload systemd
systemd: daemon_reload=True
when: (funkwhale_units.results + funkwhale_media_updater.results) | selectattr('changed','equalto',True) | list | length > 0
tags: funkwhale
- name: Deploy pre and post backup scripts
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/funkwhale_{{ funkwhale_id }}.sh mode=750
loop:
- pre
- post
tags: funkwhale
# When upgrading to funkwhale 1.0, we have to rebuild thumbnails
- block:
- name: Wipe the thumbnail directory
file: path={{ funkwhale_root_dir }}/data/media/__sized__ state=absent
- name: Rebuild thumbnails
django_manage:
command: fw media generate-thumbnails
app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv"
when:
- funkwhale_install_mode == 'upgrade'
- funkwhale_current_version is version('1.0', '<')
tags: funkwhale

328
roles/funkwhale/tasks/main.yml
Unescape View File

@ -1,318 +1,14 @@
---
- name: Install packages
yum:
name:
- gcc
- git
- postgresql12
- postgresql-devel
- openldap-devel
- cyrus-sasl-devel
- libjpeg-turbo-devel
- python-psycopg2
- python-setuptools
- rh-python36-python-virtualenv
- rh-python36-python-pip
- ffmpeg
- mod_xsendfile
tags: funkwhale
- fail: msg="pg_admin_pass must be set"
when: pg_admin_pass is not defined
tags: funkwhale
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ funkwhale_root_dir }}"
- version: "{{ funkwhale_version }}"
tags: funkwhale
- set_fact: funkwhale_install_mode={{ (install_mode == 'upgrade' and not funkwhale_manage_upgrade) | ternary('none',install_mode) }}
tags: funkwhale
- set_fact: funkwhale_current_version={{ current_version | default('') }}
tags: funkwhale
- name: Create a system user account
user:
name: "{{ funkwhale_user }}"
comment: "Funkwhale system user"
system: True
shell: /sbin/nologin
home: "{{ funkwhale_root_dir }}"
tags: funkwhale
- name: Create directories
file:
path: "{{ funkwhale_root_dir }}/{{ item.dir }}"
state: directory
owner: "{{ item.user | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- dir: /
- dir: api
- dir: front
- dir: data
- dir: data/media
- dir: data/music
- dir: data/static
- dir: config
group: "{{ funkwhale_user }}"
mode: 750
- dir: archives
mode: 700
- dir: meta
mode: 700
- dir: tmp
mode: 700
- dir: venv
- dir: backup
mode: 700
tags: funkwhale
- name: Create archive dir
file: path={{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }} state=directory
when: funkwhale_install_mode == 'upgrade'
tags: funkwhale
- name: Archive previous version
synchronize:
src: "{{ funkwhale_root_dir }}/{{ item }}"
dest: "{{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}/"
recursive: True
delete: True
loop:
- api
- front
delegate_to: "{{ inventory_hostname }}"
when: funkwhale_install_mode == 'upgrade'
tags: funkwhale
- name: Archive a database dump
command: >
/usr/pgsql-12/bin/pg_dump
--clean
--host={{ funkwhale_db_server }}
--port={{ funkwhale_db_port }}
--username=sqladmin {{ funkwhale_db_name }}
--file={{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}/{{ funkwhale_db_name }}.sql
environment:
- PGPASSWORD: "{{ pg_admin_pass }}"
when: funkwhale_install_mode == 'upgrade'
tags: funkwhale
- name: Download funkwhale frontend and api
get_url:
url: "{{ funkwhale_base_url }}?job=build_{{ item }}"
dest: "{{ funkwhale_root_dir }}/tmp/{{ item }}.zip"
checksum: sha1:{{ funkwhale_archive_sha1[item] }}
when: funkwhale_install_mode != 'none'
loop:
- front
- api
tags: funkwhale
- name: Extract funkwhale archives
unarchive:
src: "{{ funkwhale_root_dir }}/tmp/{{ item }}.zip"
dest: "{{ funkwhale_root_dir }}/tmp/"
remote_src: True
when: funkwhale_install_mode != 'none'
loop:
- front
- api
tags: funkwhale
- name: Move files to their final location
synchronize:
src: "{{ funkwhale_root_dir }}/tmp/{{ item }}/"
dest: "{{ funkwhale_root_dir }}/{{ item }}/"
recursive: True
delete: True
loop:
- api
- front
delegate_to: "{{ inventory_hostname }}"
when: funkwhale_install_mode != 'none'
tags: funkwhale
# Create a random pass for the DB if needed
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_dbpass"
when: funkwhale_db_pass is not defined
tags: funkwhale
- set_fact: funkwhale_db_pass={{ rand_pass }}
when: funkwhale_db_pass is not defined
tags: funkwhale
- name: Create the PostgreSQL role
postgresql_user:
db: postgres
name: "{{ funkwhale_db_user }}"
password: "{{ funkwhale_db_pass }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: funkwhale
- name: Create the PostgreSQL database
postgresql_db:
name: "{{ funkwhale_db_name }}"
encoding: UTF-8
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ funkwhale_db_user }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: funkwhale
- name: Enable required PostgreSQL extensions
postgresql_ext:
name: "{{ item }}"
db: "{{ funkwhale_db_name }}"
login_host: "{{ funkwhale_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
loop:
- unaccent
- citext
tags: funkwhale
- name: Create the virtualenv
pip:
name:
- wheel
- pip
- virtualenv
- service_identity
state: latest
virtualenv: "{{ funkwhale_root_dir }}/venv"
virtualenv_command: /opt/rh/rh-python36/root/usr/bin/virtualenv
virtualenv_python: /opt/rh/rh-python36/root/usr/bin/python
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
- name: Install python modules in the virtualenv
pip:
requirements: "{{ funkwhale_root_dir }}/api/requirements.txt"
state: latest
virtualenv: "{{ funkwhale_root_dir }}/venv"
virtualenv_command: /opt/rh/rh-python36/root/usr/bin/virtualenv
virtualenv_python: /opt/rh/rh-python36/root/usr/bin/python
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
# Create a random django secret key
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_django_key"
when: funkwhale_secret_key is not defined
tags: funkwhale
- set_fact: funkwhale_secret_key={{ rand_pass }}
when: funkwhale_secret_key is not defined
tags: funkwhale
- name: Deploy funkwhale configuration
template: src=env.j2 dest={{ funkwhale_root_dir }}/config/.env group={{ funkwhale_user }}
notify: restart funkwhale
tags: funkwhale
- name: Deploy permissions script
template: src=perms.sh.j2 dest={{ funkwhale_root_dir }}/perms.sh mode=755
register: funkwhale_perms
tags: funkwhale
- name: Set optimal permissions
command: "{{ funkwhale_root_dir }}/perms.sh"
when: funkwhale_install_mode != 'none' or funkwhale_perms.changed
tags: funkwhale
- name: Deploy apache config
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/40-funkwhale_{{ funkwhale_id }}.conf
notify: reload httpd
tags: funkwhale
- name: Migrate database
django_manage:
command: migrate
app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv"
when: funkwhale_install_mode != 'none'
notify: restart funkwhale
tags: funkwhale
- name: Collect static files
django_manage:
command: collectstatic
app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv"
when: funkwhale_install_mode != 'none'
tags: funkwhale
- name: Deploy systemd units
template: src=funkwhale-{{ item }}.service.j2 dest=/etc/systemd/system/funkwhale_{{ funkwhale_id }}-{{ item }}.service
register: funkwhale_units
loop:
- server
- worker
- beat
notify: restart funkwhale
tags: funkwhale
- name: Deploy library update units
template: src=funkwhale-update-media.{{ item }}.j2 dest=/etc/systemd/system/funkwhale_{{ funkwhale_id }}-update-media.{{ item }}
register: funkwhale_media_updater
loop:
- service
- timer
tags: funkwhale
- name: Reload systemd
systemd: daemon_reload=True
when: (funkwhale_units.results + funkwhale_media_updater.results) | selectattr('changed','equalto',True) | list | length > 0
tags: funkwhale
- name: Deploy pre and post backup scripts
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/funkwhale_{{ funkwhale_id }}.sh mode=750
loop:
- pre
- post
tags: funkwhale
- name: Start and enable funkwhale services
systemd: name=funkwhale_{{ funkwhale_id }}-{{ item }} state=started enabled=True
loop:
- server.service
- update-media.timer
tags: funkwhale
- name: Write version
copy: content={{ funkwhale_version }} dest={{ funkwhale_root_dir }}/meta/ansible_version
when: funkwhale_install_mode != "none"
tags: funkwhale
- name: Compress previous version
command: tar cf {{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ funkwhale_root_dir }}/archives/{{ funkwhale_current_version }}"
warn: False
when: funkwhale_install_mode == 'upgrade'
tags: funkwhale
- name: Remove temp files
file: path={{ funkwhale_root_dir }}/{{ item }} state=absent
loop:
- tmp/api.zip
- tmp/api
- tmp/front.zip
- tmp/front
- archives/{{ funkwhale_current_version }}
- db_dumps
tags: funkwhale
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: funkwhale_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: service.yml
- include: write_version.yml
- include: archive_post.yml
when: funkwhale_install_mode == 'upgrade'
- include: cleanup.yml

9
roles/funkwhale/tasks/service.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Start and enable funkwhale services
systemd: name=funkwhale_{{ funkwhale_id }}-{{ item }} state=started enabled=True
loop:
- server.service
- update-media.timer
tags: funkwhale

10
roles/funkwhale/tasks/user.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Create a system user account
user:
name: "{{ funkwhale_user }}"
comment: "Funkwhale system user"
system: True
shell: /sbin/nologin
home: "{{ funkwhale_root_dir }}"
tags: funkwhale

6
roles/funkwhale/tasks/write_version.yml
Unescape View File

@ -0,0 +1,6 @@
---
- name: Write version
copy: content={{ funkwhale_version }} dest={{ funkwhale_root_dir }}/meta/ansible_version
tags: funkwhale
Write Preview
Loading…
Cancel
Save