parent
d54f0f244d
commit
cd5c73586b
22 changed files with 396 additions and 4 deletions
@ -0,0 +1,35 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
# Version of cocumize to deploy |
||||||
|
documize_version: 3.8.2 |
||||||
|
# URL of the binary to install |
||||||
|
documize_bin_url: https://github.com/documize/community/releases/download/v{{ documize_version }}/documize-community-linux-amd64 |
||||||
|
# Expected sha1 of the binary |
||||||
|
documize_bin_sha1: 5378947731dcd1ce8be28710573201632f6186f9 |
||||||
|
|
||||||
|
# Should documize handle upgrades or only initial install ? |
||||||
|
documize_manage_upgrade: True |
||||||
|
|
||||||
|
# Root directory where documize will be installed |
||||||
|
documize_root_dir: /opt/documize |
||||||
|
|
||||||
|
# User under which documize will run |
||||||
|
documize_user: documize |
||||||
|
|
||||||
|
# port on which documize will listen |
||||||
|
documize_port: 5001 |
||||||
|
|
||||||
|
# List of IP / CIDR allowed to access documize port |
||||||
|
documize_src_ip: [] |
||||||
|
|
||||||
|
# Database settings |
||||||
|
documize_db_engine: 'mysql' |
||||||
|
documize_db_server: "{{ (documize_db_engine == 'postgres') | ternary(pg_server,mysql_server) | default('localhost') }}" |
||||||
|
documize_db_port: "{{ (documize_db_engine == 'postgres') | ternary('5432','3306') }}" |
||||||
|
documize_db_user: documize |
||||||
|
documize_db_name: documize |
||||||
|
# If password is not defined, a random one will be generated and stored in meta/ansible_dbpass |
||||||
|
# documize_db_pass: S3Cr3t. |
||||||
|
|
||||||
|
# Salt for documize. A random one will be generated if not defined |
||||||
|
# documize_salt: tsu3Acndky8cdTNx3 |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: restart documize |
||||||
|
service: name=documize state=restarted |
||||||
|
when: not documize_started.changed |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
allow_duplicates: True |
||||||
|
dependencies: |
||||||
|
- role: mysql_server |
||||||
|
when: documize_db_engine == 'mysql' and documize_db_server in ['127.0.0.1','localhost'] |
||||||
|
- role: postgresql_server |
||||||
|
when: documize_db_engine == 'postgres' and documize_db_server in ['127.0.0.1','localhost'] |
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Compress previous version |
||||||
|
command: tar cf {{ documize_root_dir }}/archives/{{ documize_current_version }}.tar.zst --use-compress-program=zstd ./ |
||||||
|
args: |
||||||
|
chdir: "{{ documize_root_dir }}/archives/{{ documize_current_version }}" |
||||||
|
warn: False |
||||||
|
environment: |
||||||
|
ZSTD_CLEVEL: 10 |
||||||
|
tags: documize |
@ -0,0 +1,40 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create the archive dir |
||||||
|
file: path={{ documize_root_dir }}/archives/{{ documize_current_version }} state=directory |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Backup previous version |
||||||
|
copy: src={{ documize_root_dir }}/bin/documize dest={{ documize_root_dir }}/archives/{{ documize_current_version }}/ remote_src=True |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Backup the database |
||||||
|
command: > |
||||||
|
/usr/pgsql-13/bin/pg_dump |
||||||
|
--clean |
||||||
|
--host={{ documize_db_server }} |
||||||
|
--port={{ documize_db_port }} |
||||||
|
--username={{ documize_db_user }} |
||||||
|
{{ documize_db_name }} |
||||||
|
--file={{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql |
||||||
|
environment: |
||||||
|
- PGPASSWORD: "{{ documize_db_pass }}" |
||||||
|
when: documize_db_engine == 'postgres' |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Archive the database |
||||||
|
mysql_db: |
||||||
|
state: dump |
||||||
|
name: "{{ documize_db_name }}" |
||||||
|
target: "{{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql.xz" |
||||||
|
login_host: "{{ documize_db_server | default(mysql_server) }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ mysql_admin_pass }}" |
||||||
|
quick: True |
||||||
|
single_transaction: True |
||||||
|
environment: |
||||||
|
XZ_OPT: -T0 |
||||||
|
when: documize_db_engine == 'mysql' |
||||||
|
tags: documize |
||||||
|
|
||||||
|
|
@ -0,0 +1,7 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Remove tmp and obsolete files |
||||||
|
file: path={{ item }} state=absent |
||||||
|
loop: |
||||||
|
- "{{ documize_root_dir }}/archives/{{ documize_current_version }}" |
||||||
|
tags: documize |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Deploy documize configuration |
||||||
|
template: src=documize.conf.j2 dest={{ documize_root_dir }}/etc/documize.conf group={{ documize_user }} mode=640 |
||||||
|
notify: restart documize |
||||||
|
tags: documize |
@ -0,0 +1,18 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create needed directories |
||||||
|
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||||
|
loop: |
||||||
|
- dir: "{{ documize_root_dir }}" |
||||||
|
- dir: "{{ documize_root_dir }}/tmp" |
||||||
|
- dir: "{{ documize_root_dir }}/bin" |
||||||
|
- dir: "{{ documize_root_dir }}/etc" |
||||||
|
group: "{{ documize_user }}" |
||||||
|
mode: 750 |
||||||
|
- dir: "{{ documize_root_dir }}/meta" |
||||||
|
mode: 700 |
||||||
|
- dir: "{{ documize_root_dir }}/backup" |
||||||
|
mode: 700 |
||||||
|
- dir: "{{ documize_root_dir }}/archives" |
||||||
|
mode: 700 |
||||||
|
tags: documize |
@ -0,0 +1,33 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
# Detect installed version (if any) |
||||||
|
- block: |
||||||
|
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||||
|
vars: |
||||||
|
- root_dir: "{{ documize_root_dir }}" |
||||||
|
- version: "{{ documize_version }}" |
||||||
|
- set_fact: documize_install_mode={{ (install_mode == 'upgrade' and not documize_manage_upgrade) | ternary('none',install_mode) }} |
||||||
|
- set_fact: documize_current_version={{ current_version | default('') }} |
||||||
|
tags: documize |
||||||
|
|
||||||
|
# Create a random pass for the DB if needed |
||||||
|
- block: |
||||||
|
- import_tasks: ../includes/get_rand_pass.yml |
||||||
|
vars: |
||||||
|
- pass_file: "{{ documize_root_dir }}/meta/ansible_db_pass" |
||||||
|
- complex: False |
||||||
|
- set_fact: documize_db_pass={{ rand_pass }} |
||||||
|
when: documize_db_pass is not defined |
||||||
|
tags: documize |
||||||
|
|
||||||
|
# Create a random salt if needed |
||||||
|
- block: |
||||||
|
- import_tasks: ../includes/get_rand_pass.yml |
||||||
|
vars: |
||||||
|
- pass_file: "{{ documize_root_dir }}/meta/ansible_salt" |
||||||
|
- complex: False |
||||||
|
- pass_size: 17 |
||||||
|
- set_fact: documize_salt={{ rand_pass }} |
||||||
|
when: documize_salt is not defined |
||||||
|
tags: documize |
||||||
|
|
@ -0,0 +1,71 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Install needed tools |
||||||
|
package: |
||||||
|
name: |
||||||
|
- tar |
||||||
|
- zstd |
||||||
|
- postgresql13 |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Download documize |
||||||
|
get_url: |
||||||
|
url: "{{ documize_bin_url }}" |
||||||
|
dest: "{{ documize_root_dir }}/bin/documize" |
||||||
|
checksum: sha1:{{ documize_bin_sha1 }} |
||||||
|
mode: 755 |
||||||
|
when: documize_install_mode != 'none' |
||||||
|
notify: restart documize |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Install systemd unit |
||||||
|
template: src=documize.service.j2 dest=/etc/systemd/system/documize.service |
||||||
|
register: documize_unit |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Reload systemd |
||||||
|
systemd: daemon_reload=True |
||||||
|
when: documize_unit.changed |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- when: documize_db_engine == 'postgres' |
||||||
|
block: |
||||||
|
- name: Create the PostgreSQL role |
||||||
|
postgresql_user: |
||||||
|
db: postgres |
||||||
|
name: "{{ miniflux_db_user }}" |
||||||
|
password: "{{ miniflux_db_pass }}" |
||||||
|
login_host: "{{ miniflux_db_server }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ pg_admin_pass }}" |
||||||
|
|
||||||
|
- name: Create the PostgreSQL database |
||||||
|
postgresql_db: |
||||||
|
name: "{{ miniflux_db_name }}" |
||||||
|
encoding: UTF-8 |
||||||
|
lc_collate: C |
||||||
|
lc_ctype: C |
||||||
|
template: template0 |
||||||
|
owner: "{{ miniflux_db_user }}" |
||||||
|
login_host: "{{ miniflux_db_server }}" |
||||||
|
login_user: sqladmin |
||||||
|
login_password: "{{ pg_admin_pass }}" |
||||||
|
|
||||||
|
tags: miniflux |
||||||
|
|
||||||
|
# Create MySQL database |
||||||
|
- when: documize_db_engine == 'mysql' |
||||||
|
import_tasks: ../includes/webapps_create_mysql_db.yml |
||||||
|
vars: |
||||||
|
- db_name: "{{ documize_db_name }}" |
||||||
|
- db_user: "{{ documize_db_user }}" |
||||||
|
- db_server: "{{ documize_db_server }}" |
||||||
|
- db_pass: "{{ documize_db_pass }}" |
||||||
|
tags: documize |
||||||
|
|
||||||
|
- name: Deploy backup hooks |
||||||
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/documize mode=700 |
||||||
|
loop: |
||||||
|
- pre |
||||||
|
- post |
||||||
|
tags: documize |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Handle documize port in the firewall |
||||||
|
iptables_raw: |
||||||
|
name: documize_port |
||||||
|
state: "{{ (documize_src_ip | length > 0) | ternary('present','absent') }}" |
||||||
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ documize_port }} -s {{ documize_src_ip | join(',') }} -j ACCEPT" |
||||||
|
tags: firewall,documize |
@ -0,0 +1,16 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- include: user.yml |
||||||
|
- include: directories.yml |
||||||
|
- include: facts.yml |
||||||
|
- include: archive_pre.yml |
||||||
|
when: documize_install_mode == 'upgrade' |
||||||
|
- include: install.yml |
||||||
|
- include: conf.yml |
||||||
|
- include: iptables.yml |
||||||
|
when: iptables_manage | default(True) |
||||||
|
- include: services.yml |
||||||
|
- include: write_version.yml |
||||||
|
- include: archive_post.yml |
||||||
|
when: documize_install_mode == 'upgrade' |
||||||
|
- include: cleanup.yml |
@ -0,0 +1,7 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Start and enable the service |
||||||
|
service: name=documize state=started enabled=True |
||||||
|
register: documize_started |
||||||
|
tags: documize |
||||||
|
|
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Create user account |
||||||
|
user: name={{ documize_user }} system=True shell=/sbin/nologin home={{ documize_root_dir }} |
||||||
|
tags: documize |
@ -0,0 +1,5 @@ |
|||||||
|
--- |
||||||
|
|
||||||
|
- name: Write installed version |
||||||
|
copy: content={{ documize_version }} dest={{ documize_root_dir }}/meta/ansible_version |
||||||
|
tags: documize |
@ -0,0 +1,15 @@ |
|||||||
|
[http] |
||||||
|
port = {{ documize_port }} |
||||||
|
|
||||||
|
[database] |
||||||
|
{% if documize_db_engine == 'mysql' %} |
||||||
|
type = "mysql" |
||||||
|
connection = "{{ documize_db_user }}:{{ documize_db_pass }}@tcp({{ documize_db_server }}:{{ documize_db_port }})/{{ documize_db_name }}" |
||||||
|
{% elif documize_db_engine == 'postgres' %} |
||||||
|
type = "postgresql" |
||||||
|
connection = "host={{ documize_db_server }} port={{ documize_db_port }} dbname={{ documize_db_name }} user={{ documize_db_user }} password={{ documize_db_pass }} sslmode=disable" |
||||||
|
{% endif %} |
||||||
|
salt = "{{ documize_salt }}" |
||||||
|
|
||||||
|
[install] |
||||||
|
location = "selfhost" |
@ -0,0 +1,23 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Documize Documentation Manager |
||||||
|
After=network.target postgresql.service mariadb.service |
||||||
|
|
||||||
|
[Service] |
||||||
|
Type=simple |
||||||
|
User={{ documize_user }} |
||||||
|
ExecStart={{ documize_root_dir }}/bin/documize {{ documize_root_dir }}/etc/documize.conf |
||||||
|
Restart=always |
||||||
|
NoNewPrivileges=true |
||||||
|
PrivateDevices=true |
||||||
|
ProtectControlGroups=true |
||||||
|
ProtectHome=true |
||||||
|
ProtectKernelModules=true |
||||||
|
ProtectKernelTunables=true |
||||||
|
ProtectSystem=strict |
||||||
|
RestrictRealtime=true |
||||||
|
ReadWritePaths=/run |
||||||
|
PrivateTmp=true |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
||||||
|
|
@ -0,0 +1,3 @@ |
|||||||
|
#!/bin/bash -e |
||||||
|
|
||||||
|
rm -f {{ documize_root_dir }}/backup/* |
@ -0,0 +1,23 @@ |
|||||||
|
#!/bin/bash -e |
||||||
|
|
||||||
|
{% if documize_db_engine == 'mysql' %} |
||||||
|
/usr/bin/mysqldump \ |
||||||
|
{% if documize_db_server not in ['127.0.0.1','localhost'] %} |
||||||
|
--user={{ documize_db_user | quote }} \ |
||||||
|
--password={{ documize_db_pass | quote }} \ |
||||||
|
--host={{ documize_db_server | quote }} \ |
||||||
|
{% endif %} |
||||||
|
--quick --single-transaction \ |
||||||
|
--add-drop-table {{ documize_db_name | quote }} | zstd -c > "{{ documize_root_dir }}/backup/{{ documize_db_name }}.sql.zst" |
||||||
|
{% elif documize_db_engine == 'postgres' %} |
||||||
|
{% if documize_db_server not in ['127.0.0.1','localhost'] %} |
||||||
|
PGPASSWORD='{{ documize_db_pass }}' /usr/pgsql-13/bin/pg_dump \ |
||||||
|
--clean \ |
||||||
|
--username={{ documize_db_user | quote }} \ |
||||||
|
--host={{ documize_db_server | quote }} \ |
||||||
|
{{ documize_db_name | quote }} | \ |
||||||
|
{% else %} |
||||||
|
su - postgres -c "/usr/pgsql-13/bin/pg_dump --clean {{ documize_db_name | quote }}" | \ |
||||||
|
{% endif %} |
||||||
|
zstd -c > "{{ documize_root_dir }}/backup/{{ documize_db_name }}.sql.zst" |
||||||
|
{% endif %} |
@ -0,0 +1,7 @@ |
|||||||
|
#!/bin/sh |
||||||
|
|
||||||
|
set -e |
||||||
|
|
||||||
|
{% if mysql_remove_dump_after_backup | default(True) %} |
||||||
|
rm -f /home/lbkp/mysql/*.sql* |
||||||
|
{% endif %} |
@ -0,0 +1,40 @@ |
|||||||
|
#!/bin/sh |
||||||
|
|
||||||
|
set -e |
||||||
|
|
||||||
|
# Get the .my.cnf from root |
||||||
|
HOME=/root |
||||||
|
PATH=/usr/bin:$PATH |
||||||
|
DEST=/home/lbkp/mysql |
||||||
|
|
||||||
|
[ -d $DEST ] || mkdir -p $DEST |
||||||
|
|
||||||
|
for DB in $(/usr/bin/mysqlshow | /bin/awk '{print $2}' | /bin/grep -v Databases) |
||||||
|
do |
||||||
|
{% for db in mysql_skip_backup %} |
||||||
|
# {{ db }} is configured not to be backed up |
||||||
|
if [[ "$DB" == "{{ db }}" ]]; then |
||||||
|
continue |
||||||
|
fi |
||||||
|
{% endfor %} |
||||||
|
{% if mysql_compress_cmd %} |
||||||
|
{% if mysql_compress_cmd is search('p?xz') %} |
||||||
|
{% set compext = 'xz' %} |
||||||
|
{% elif mysql_compress_cmd is search('p?bzip2') %} |
||||||
|
{% set compext = 'bz2' %} |
||||||
|
{% elif mysql_compress_cmd is search('(pi)?gz') %} |
||||||
|
{% set compext = 'gz' %} |
||||||
|
{% elif mysql_compress_cmd is search('lzop') %} |
||||||
|
{% set compext = 'lzo' %} |
||||||
|
{% elif mysql_compress_cmd is search('lz4') %} |
||||||
|
{% set compext = 'lz4' %} |
||||||
|
{% elif mysql_compress_cmd is search('zstd') %} |
||||||
|
{% set compext = 'zst' %} |
||||||
|
{% else %} |
||||||
|
{% set compext = 'z' %} |
||||||
|
{% endif %} |
||||||
|
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB | /bin/nice -n 10 {{ mysql_compress_cmd }} > $DEST/$DB.sql.{{ compext }} |
||||||
|
{% else %} |
||||||
|
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB -r $DEST/$DB.sql |
||||||
|
{% endif %} |
||||||
|
done |
Loading…
Reference in new issue