Update to 2021-11-25 15:00

master
Daniel Berteaud 3 years ago
parent 29959730f5
commit c8fe1a2671
  1. 8
      roles/metabase/defaults/main.yml
  2. 4
      roles/metabase/meta/main.yml
  3. 16
      roles/metabase/tasks/archive_pre.yml
  4. 26
      roles/metabase/tasks/install.yml
  5. 7
      roles/metabase/templates/env.j2
  6. 9
      roles/metabase/templates/pre-backup.j2
  7. 6
      roles/openvpn/handlers/main.yml
  8. 23
      roles/openvpn/tasks/main.yml
  9. 24
      roles/openvpn/templates/openvpn@.service.j2
  10. 13
      roles/pgadmin4/tasks/conf.yml
  11. 1
      roles/pgadmin4/vars/RedHat-7.yml
  12. 1
      roles/pgadmin4/vars/RedHat-8.yml

@ -20,9 +20,11 @@ metabase_port: 3002
# List of IP or CIDR allowed to reach metabase_port
metabase_src_ip: []
# MySQL database
metabase_db_server: "{{ mysql_server | default('localhost') }}"
metabase_db_port: 3306
# application database
# Can be either mysql or postgres
metabase_db_engine: mysql
metabase_db_server: "{{ (metabase_db_engine == 'mysql') | ternary(mysql_server, pg_server) | default('localhost') }}"
metabase_db_port: "{{ (metabase_db_engine == 'mysql') | ternary('3306', '5432') }}"
metabase_db_name: metabase
metabase_db_user: metabase
# A random pass will be generated and stored in the meta dir if not defined

@ -2,4 +2,6 @@
dependencies:
- role: mysql_server
when: metabase_db_server in ['localhost','127.0.0.1']
when: metabase_db_server in ['localhost','127.0.0.1'] and metabase_db_engine == 'mysql'
- role: postgresql_server
when: metabase_db_server in ['localhost','127.0.0.1'] and metabase_db_engine == 'postgres'

@ -33,4 +33,20 @@
single_transaction: True
environment:
XZ_OPT: -T0
when: metabase_db_engine == 'mysql'
tags: metabase
- name: Dump the database
shell: >
/usr/pgsql-14/bin/pg_dump
--clean
--create
--host={{ metabase_db_server }}
--port={{ metabase_db_port }}
--username={{ metabase_db_user }} {{ metabase_db_name }} |
zstd -10 -c > {{ metabase_root_dir }}/archives/{{ metabase_current_version }}/{{ metabase_db_name }}.sql.zst
environment:
- PGPASSWORD: "{{ metabase_db_pass }}"
when: metabase_db_engine == 'postgres'
tags: metabase

@ -43,6 +43,32 @@
- db_user: "{{ metabase_db_user }}"
- db_server: "{{ metabase_db_server }}"
- db_pass: "{{ metabase_db_pass }}"
when: metabase_db_engine == 'mysql'
tags: metabase
- when: metabase_db_engine == 'postgres'
block:
- name: Create postgres user
postgresql_user:
db: postgres
name: "{{ metabase_db_user }}"
password: "{{ metabase_db_pass }}"
login_host: "{{ metabase_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
- name: Create the PostgreSQL database
postgresql_db:
name: "{{ metabase_db_name }}"
encoding: UTF-8
lc_collate: C
lc_ctype: C
template: template0
owner: "{{ metabase_db_user }}"
login_host: "{{ metabase_db_server }}"
login_user: sqladmin
login_password: "{{ pg_admin_pass }}"
tags: metabase
- name: Install pre and post backup hooks

@ -8,16 +8,19 @@ MB_EMAIL_SMTP_PASSWORD={{ metabase_smtp_pass }}
{% endif %}
MB_EMAIL_SMTP_SECURITY={{ metabase_smtp_starttls | ternary('starttls','none') }}
MB_ANON_TRACKING_ENABLED=false
MB_DB_FILE={{ metabase_root_dir }}/data/metabase.db
MB_DB_DBNAME={{ metabase_db_name }}
MB_DB_HOST={{ metabase_db_server }}
MB_DB_USER={{ metabase_db_user }}
MB_DB_PASS={{ metabase_db_pass | quote }}
MB_DB_PORT={{ metabase_db_port }}
MB_DB_TYPE=mysql
MB_DB_TYPE={{ metabase_db_engine }}
MB_ENCRYPTION_SECRET_KEY={{ metabase_encryption_key | quote }}
MB_JETTY_HOST=0.0.0.0
MB_JETTY_PORT={{ metabase_port }}
MB_PLUGINS_DIR={{ metabase_root_dir }}/plugins
MB_SITE_LOCALE={{ metabase_lang }}
MB_SITE_URL={{ metabase_public_url }}
MB_CHECK_FOR_UPDATES=false
MB_ENABLE_EMBEDDING=true
MB_ENABLE_PUBLIC_SHARING=true
MB_ENABLE_QUERY_CACHING=false

@ -2,6 +2,7 @@
set -eo pipefail
{% if metabase_db_engine == 'mysql' %}
/usr/bin/mysqldump \
{% if metabase_db_server not in ['localhost','127.0.0.1'] %}
--user={{ metabase_db_user | quote }} \
@ -11,5 +12,13 @@ set -eo pipefail
{% endif %}
--quick --single-transaction \
--add-drop-table {{ metabase_db_name | quote }} | zstd -c > {{ metabase_root_dir }}/backup/{{ metabase_db_name }}.sql.zst
{% elif metabase_db_engine == 'postgres' %}
PGPASSWORD={{ metabase_db_pass | quote }} /usr/pgsql-14/bin/pg_dump \
--clean \
--create \
--username={{ metabase_db_user }} \
--host={{ metabase_db_server }} \
{{ metabase_db_name }} | zstd -c > {{ metabase_root_dir }}/backup/{{ metabase_db_name }}.sql.zst
{% endif %}
cp {{ metabase_root_dir }}/etc/env {{ metabase_root_dir }}/backup/

@ -2,5 +2,9 @@
- name: restart openvpn
service: name=openvpn@{{ item.item.name }} state=restarted
with_items: "{{ ovpn_daemons_mod.results }}"
loop: "{{ ovpn_daemons_mod.results }}"
when: item.changed
- name: restart all openvpn
service: name=openvpn@{{ item.name }} state=restarted
loop: "{{ ovpn_daemons }}"

@ -2,7 +2,7 @@
- name: Build config for OpenVPN tunnels
set_fact: ovpn_daemons_conf={{ ovpn_daemons_conf | default([]) + [ovpn_daemon_defaults | combine(item)] }}
with_items: "{{ ovpn_daemons }}"
loop: "{{ ovpn_daemons }}"
tags: ovpn
- set_fact: ovpn_daemons={{ ovpn_daemons_conf | default([]) }}
tags: ovpn
@ -13,9 +13,20 @@
- openvpn
tags: ovpn
- name: Deploy OpenVPN service template
template: src=openvpn@.service.j2 dest=/etc/systemd/system/openvpn@.service
register: ovpn_service_template
notify: restart all openvpn
tags: ovpn
- name: Reload systemd
systemd: daemon_reload=True
when: ovpn_service_template.changed
tags: ovpn
- name: Deploy daemons configuration
template: src=openvpn.conf.j2 dest=/etc/openvpn/{{ item.name }}.conf mode=640
with_items: "{{ ovpn_daemons }}"
loop: "{{ ovpn_daemons }}"
when: item.enabled
register: ovpn_daemons_mod
notify: restart openvpn
@ -25,7 +36,7 @@
command: openssl dhparam /etc/openvpn/{{ item.iname}}.dh 2048
args:
creates: /etc/openvpn/{{ item.name }}.dh
with_items: "{{ ovpn_daemons }}"
loop: "{{ ovpn_daemons }}"
when:
- item.type == 'server'
- item.enabled
@ -58,7 +69,7 @@
- name: Handle daemons status
service: name=openvpn@{{ item.name }} state={{ (item.enabled) | ternary('started','stopped') }} enabled={{ (item.enabled) | ternary(True,False) }}
with_items: "{{ ovpn_daemons }}"
loop: "{{ ovpn_daemons }}"
tags: ovpn
- name: List managed daemons ID
@ -73,10 +84,10 @@
- name: Disable unmanaged services
service: name=openvpn@{{ item }} state=stopped enabled=False
with_items: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
loop: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
tags: ovpn
- name: Remove unmanaged conf
file: path=/etc/openvpn/{{ item }}.conf state=absent
with_items: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
loop: "{{ ovpn_existing_conf.stdout_lines | difference(ovpn_managed_id) }}"
tags: ovpn

@ -0,0 +1,24 @@
[Unit]
Description=OpenVPN tunnel for %I
After=syslog.target network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/
ExecStart=/usr/sbin/openvpn --suppress-timestamps --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
[Install]
WantedBy=multi-user.target

@ -13,12 +13,23 @@
- name: Initial setup of pgadmin4
expect:
command: "{{ pga_root_dir }}/venv/bin/python {{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4/setup.py"
timeout: 120
echo: true
responses:
'Email address:\s?': "admin@{{ ansible_domain }}"
'(Retype )?[Pp]assword:\s?': "pgadmin"
become_user: pgadmin4_{{ pga_id }}
when: not pga_db.stat.exists
when:
- not pga_db.stat.exists
- pga_auth | length >= 1
tags: pgadmin4
- name: Initial setup of pgAdmin4
command: "{{ pga_root_dir }}/venv/bin/python {{ pga_root_dir }}/venv/lib/python3.6/site-packages/pgadmin4/setup.py"
become_user: pgadmin4_{{ pga_id }}
when:
- not pga_db.stat.exists
- pga_auth | length < 1
tags: pgadmin4
- name: Configure logrotate

@ -10,3 +10,4 @@ pgadmin4_packages:
- python-setuptools # Needed for pip install expect
- python-pip # Also needed to install expect
- krb5-devel
- sqlite

@ -9,3 +9,4 @@ pgadmin4_packages:
- python3-pip
- python3-setuptools # Needed for pip install expect
- krb5-devel
- sqlite

Loading…
Cancel
Save