parent
d54f0f244d
commit
cd5c73586b
22 changed files with 396 additions and 4 deletions
@ -0,0 +1,35 @@ |
||||
--- |
||||
|
||||
# Version of cocumize to deploy |
||||
documize_version: 3.8.2 |
||||
# URL of the binary to install |
||||
documize_bin_url: https://github.com/documize/community/releases/download/v{{ documize_version }}/documize-community-linux-amd64 |
||||
# Expected sha1 of the binary |
||||
documize_bin_sha1: 5378947731dcd1ce8be28710573201632f6186f9 |
||||
|
||||
# Should documize handle upgrades or only initial install ? |
||||
documize_manage_upgrade: True |
||||
|
||||
# Root directory where documize will be installed |
||||
documize_root_dir: /opt/documize |
||||
|
||||
# User under which documize will run |
||||
documize_user: documize |
||||
|
||||
# port on which documize will listen |
||||
documize_port: 5001 |
||||
|
||||
# List of IP / CIDR allowed to access documize port |
||||
documize_src_ip: [] |
||||
|
||||
# Database settings |
||||
documize_db_engine: 'mysql' |
||||
documize_db_server: "{{ (documize_db_engine == 'postgres') | ternary(pg_server,mysql_server) | default('localhost') }}" |
||||
documize_db_port: "{{ (documize_db_engine == 'postgres') | ternary('5432','3306') }}" |
||||
documize_db_user: documize |
||||
documize_db_name: documize |
||||
# If password is not defined, a random one will be generated and stored in meta/ansible_dbpass |
||||
# documize_db_pass: S3Cr3t. |
||||
|
||||
# Salt for documize. A random one will be generated if not defined |
||||
# documize_salt: tsu3Acndky8cdTNx3 |
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: restart documize |
||||
service: name=documize state=restarted |
||||
when: not documize_started.changed |
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
allow_duplicates: True |
||||
dependencies: |
||||
- role: mysql_server |
||||
when: documize_db_engine == 'mysql' and documize_db_server in ['127.0.0.1','localhost'] |
||||
- role: postgresql_server |
||||
when: documize_db_engine == 'postgres' and documize_db_server in ['127.0.0.1','localhost'] |
@ -0,0 +1,10 @@ |
||||
--- |
||||
|
||||
- name: Compress previous version |
||||
command: tar cf {{ documize_root_dir }}/archives/{{ documize_current_version }}.tar.zst --use-compress-program=zstd ./ |
||||
args: |
||||
chdir: "{{ documize_root_dir }}/archives/{{ documize_current_version }}" |
||||
warn: False |
||||
environment: |
||||
ZSTD_CLEVEL: 10 |
||||
tags: documize |
@ -0,0 +1,40 @@ |
||||
--- |
||||
|
||||
- name: Create the archive dir |
||||
file: path={{ documize_root_dir }}/archives/{{ documize_current_version }} state=directory |
||||
tags: documize |
||||
|
||||
- name: Backup previous version |
||||
copy: src={{ documize_root_dir }}/bin/documize dest={{ documize_root_dir }}/archives/{{ documize_current_version }}/ remote_src=True |
||||
tags: documize |
||||
|
||||
- name: Backup the database |
||||
command: > |
||||
/usr/pgsql-13/bin/pg_dump |
||||
--clean |
||||
--host={{ documize_db_server }} |
||||
--port={{ documize_db_port }} |
||||
--username={{ documize_db_user }} |
||||
{{ documize_db_name }} |
||||
--file={{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql |
||||
environment: |
||||
- PGPASSWORD: "{{ documize_db_pass }}" |
||||
when: documize_db_engine == 'postgres' |
||||
tags: documize |
||||
|
||||
- name: Archive the database |
||||
mysql_db: |
||||
state: dump |
||||
name: "{{ documize_db_name }}" |
||||
target: "{{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql.xz" |
||||
login_host: "{{ documize_db_server | default(mysql_server) }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ mysql_admin_pass }}" |
||||
quick: True |
||||
single_transaction: True |
||||
environment: |
||||
XZ_OPT: -T0 |
||||
when: documize_db_engine == 'mysql' |
||||
tags: documize |
||||
|
||||
|
@ -0,0 +1,7 @@ |
||||
--- |
||||
|
||||
- name: Remove tmp and obsolete files |
||||
file: path={{ item }} state=absent |
||||
loop: |
||||
- "{{ documize_root_dir }}/archives/{{ documize_current_version }}" |
||||
tags: documize |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
- name: Deploy documize configuration |
||||
template: src=documize.conf.j2 dest={{ documize_root_dir }}/etc/documize.conf group={{ documize_user }} mode=640 |
||||
notify: restart documize |
||||
tags: documize |
@ -0,0 +1,18 @@ |
||||
--- |
||||
|
||||
- name: Create needed directories |
||||
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||
loop: |
||||
- dir: "{{ documize_root_dir }}" |
||||
- dir: "{{ documize_root_dir }}/tmp" |
||||
- dir: "{{ documize_root_dir }}/bin" |
||||
- dir: "{{ documize_root_dir }}/etc" |
||||
group: "{{ documize_user }}" |
||||
mode: 750 |
||||
- dir: "{{ documize_root_dir }}/meta" |
||||
mode: 700 |
||||
- dir: "{{ documize_root_dir }}/backup" |
||||
mode: 700 |
||||
- dir: "{{ documize_root_dir }}/archives" |
||||
mode: 700 |
||||
tags: documize |
@ -0,0 +1,33 @@ |
||||
--- |
||||
|
||||
# Detect installed version (if any) |
||||
- block: |
||||
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||
vars: |
||||
- root_dir: "{{ documize_root_dir }}" |
||||
- version: "{{ documize_version }}" |
||||
- set_fact: documize_install_mode={{ (install_mode == 'upgrade' and not documize_manage_upgrade) | ternary('none',install_mode) }} |
||||
- set_fact: documize_current_version={{ current_version | default('') }} |
||||
tags: documize |
||||
|
||||
# Create a random pass for the DB if needed |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ documize_root_dir }}/meta/ansible_db_pass" |
||||
- complex: False |
||||
- set_fact: documize_db_pass={{ rand_pass }} |
||||
when: documize_db_pass is not defined |
||||
tags: documize |
||||
|
||||
# Create a random salt if needed |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ documize_root_dir }}/meta/ansible_salt" |
||||
- complex: False |
||||
- pass_size: 17 |
||||
- set_fact: documize_salt={{ rand_pass }} |
||||
when: documize_salt is not defined |
||||
tags: documize |
||||
|
@ -0,0 +1,71 @@ |
||||
--- |
||||
|
||||
- name: Install needed tools |
||||
package: |
||||
name: |
||||
- tar |
||||
- zstd |
||||
- postgresql13 |
||||
tags: documize |
||||
|
||||
- name: Download documize |
||||
get_url: |
||||
url: "{{ documize_bin_url }}" |
||||
dest: "{{ documize_root_dir }}/bin/documize" |
||||
checksum: sha1:{{ documize_bin_sha1 }} |
||||
mode: 755 |
||||
when: documize_install_mode != 'none' |
||||
notify: restart documize |
||||
tags: documize |
||||
|
||||
- name: Install systemd unit |
||||
template: src=documize.service.j2 dest=/etc/systemd/system/documize.service |
||||
register: documize_unit |
||||
tags: documize |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: documize_unit.changed |
||||
tags: documize |
||||
|
||||
- when: documize_db_engine == 'postgres' |
||||
block: |
||||
- name: Create the PostgreSQL role |
||||
postgresql_user: |
||||
db: postgres |
||||
name: "{{ miniflux_db_user }}" |
||||
password: "{{ miniflux_db_pass }}" |
||||
login_host: "{{ miniflux_db_server }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ pg_admin_pass }}" |
||||
|
||||
- name: Create the PostgreSQL database |
||||
postgresql_db: |
||||
name: "{{ miniflux_db_name }}" |
||||
encoding: UTF-8 |
||||
lc_collate: C |
||||
lc_ctype: C |
||||
template: template0 |
||||
owner: "{{ miniflux_db_user }}" |
||||
login_host: "{{ miniflux_db_server }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ pg_admin_pass }}" |
||||
|
||||
tags: miniflux |
||||
|
||||
# Create MySQL database |
||||
- when: documize_db_engine == 'mysql' |
||||
import_tasks: ../includes/webapps_create_mysql_db.yml |
||||
vars: |
||||
- db_name: "{{ documize_db_name }}" |
||||
- db_user: "{{ documize_db_user }}" |
||||
- db_server: "{{ documize_db_server }}" |
||||
- db_pass: "{{ documize_db_pass }}" |
||||
tags: documize |
||||
|
||||
- name: Deploy backup hooks |
||||
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/documize mode=700 |
||||
loop: |
||||
- pre |
||||
- post |
||||
tags: documize |
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Handle documize port in the firewall |
||||
iptables_raw: |
||||
name: documize_port |
||||
state: "{{ (documize_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ documize_port }} -s {{ documize_src_ip | join(',') }} -j ACCEPT" |
||||
tags: firewall,documize |
@ -0,0 +1,16 @@ |
||||
--- |
||||
|
||||
- include: user.yml |
||||
- include: directories.yml |
||||
- include: facts.yml |
||||
- include: archive_pre.yml |
||||
when: documize_install_mode == 'upgrade' |
||||
- include: install.yml |
||||
- include: conf.yml |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
- include: services.yml |
||||
- include: write_version.yml |
||||
- include: archive_post.yml |
||||
when: documize_install_mode == 'upgrade' |
||||
- include: cleanup.yml |
@ -0,0 +1,7 @@ |
||||
--- |
||||
|
||||
- name: Start and enable the service |
||||
service: name=documize state=started enabled=True |
||||
register: documize_started |
||||
tags: documize |
||||
|
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Create user account |
||||
user: name={{ documize_user }} system=True shell=/sbin/nologin home={{ documize_root_dir }} |
||||
tags: documize |
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Write installed version |
||||
copy: content={{ documize_version }} dest={{ documize_root_dir }}/meta/ansible_version |
||||
tags: documize |
@ -0,0 +1,15 @@ |
||||
[http] |
||||
port = {{ documize_port }} |
||||
|
||||
[database] |
||||
{% if documize_db_engine == 'mysql' %} |
||||
type = "mysql" |
||||
connection = "{{ documize_db_user }}:{{ documize_db_pass }}@tcp({{ documize_db_server }}:{{ documize_db_port }})/{{ documize_db_name }}" |
||||
{% elif documize_db_engine == 'postgres' %} |
||||
type = "postgresql" |
||||
connection = "host={{ documize_db_server }} port={{ documize_db_port }} dbname={{ documize_db_name }} user={{ documize_db_user }} password={{ documize_db_pass }} sslmode=disable" |
||||
{% endif %} |
||||
salt = "{{ documize_salt }}" |
||||
|
||||
[install] |
||||
location = "selfhost" |
@ -0,0 +1,23 @@ |
||||
[Unit] |
||||
Description=Documize Documentation Manager |
||||
After=network.target postgresql.service mariadb.service |
||||
|
||||
[Service] |
||||
Type=simple |
||||
User={{ documize_user }} |
||||
ExecStart={{ documize_root_dir }}/bin/documize {{ documize_root_dir }}/etc/documize.conf |
||||
Restart=always |
||||
NoNewPrivileges=true |
||||
PrivateDevices=true |
||||
ProtectControlGroups=true |
||||
ProtectHome=true |
||||
ProtectKernelModules=true |
||||
ProtectKernelTunables=true |
||||
ProtectSystem=strict |
||||
RestrictRealtime=true |
||||
ReadWritePaths=/run |
||||
PrivateTmp=true |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
|
@ -0,0 +1,3 @@ |
||||
#!/bin/bash -e |
||||
|
||||
rm -f {{ documize_root_dir }}/backup/* |
@ -0,0 +1,23 @@ |
||||
#!/bin/bash -e |
||||
|
||||
{% if documize_db_engine == 'mysql' %} |
||||
/usr/bin/mysqldump \ |
||||
{% if documize_db_server not in ['127.0.0.1','localhost'] %} |
||||
--user={{ documize_db_user | quote }} \ |
||||
--password={{ documize_db_pass | quote }} \ |
||||
--host={{ documize_db_server | quote }} \ |
||||
{% endif %} |
||||
--quick --single-transaction \ |
||||
--add-drop-table {{ documize_db_name | quote }} | zstd -c > "{{ documize_root_dir }}/backup/{{ documize_db_name }}.sql.zst" |
||||
{% elif documize_db_engine == 'postgres' %} |
||||
{% if documize_db_server not in ['127.0.0.1','localhost'] %} |
||||
PGPASSWORD='{{ documize_db_pass }}' /usr/pgsql-13/bin/pg_dump \ |
||||
--clean \ |
||||
--username={{ documize_db_user | quote }} \ |
||||
--host={{ documize_db_server | quote }} \ |
||||
{{ documize_db_name | quote }} | \ |
||||
{% else %} |
||||
su - postgres -c "/usr/pgsql-13/bin/pg_dump --clean {{ documize_db_name | quote }}" | \ |
||||
{% endif %} |
||||
zstd -c > "{{ documize_root_dir }}/backup/{{ documize_db_name }}.sql.zst" |
||||
{% endif %} |
@ -0,0 +1,7 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
{% if mysql_remove_dump_after_backup | default(True) %} |
||||
rm -f /home/lbkp/mysql/*.sql* |
||||
{% endif %} |
@ -0,0 +1,40 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
# Get the .my.cnf from root |
||||
HOME=/root |
||||
PATH=/usr/bin:$PATH |
||||
DEST=/home/lbkp/mysql |
||||
|
||||
[ -d $DEST ] || mkdir -p $DEST |
||||
|
||||
for DB in $(/usr/bin/mysqlshow | /bin/awk '{print $2}' | /bin/grep -v Databases) |
||||
do |
||||
{% for db in mysql_skip_backup %} |
||||
# {{ db }} is configured not to be backed up |
||||
if [[ "$DB" == "{{ db }}" ]]; then |
||||
continue |
||||
fi |
||||
{% endfor %} |
||||
{% if mysql_compress_cmd %} |
||||
{% if mysql_compress_cmd is search('p?xz') %} |
||||
{% set compext = 'xz' %} |
||||
{% elif mysql_compress_cmd is search('p?bzip2') %} |
||||
{% set compext = 'bz2' %} |
||||
{% elif mysql_compress_cmd is search('(pi)?gz') %} |
||||
{% set compext = 'gz' %} |
||||
{% elif mysql_compress_cmd is search('lzop') %} |
||||
{% set compext = 'lzo' %} |
||||
{% elif mysql_compress_cmd is search('lz4') %} |
||||
{% set compext = 'lz4' %} |
||||
{% elif mysql_compress_cmd is search('zstd') %} |
||||
{% set compext = 'zst' %} |
||||
{% else %} |
||||
{% set compext = 'z' %} |
||||
{% endif %} |
||||
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB | /bin/nice -n 10 {{ mysql_compress_cmd }} > $DEST/$DB.sql.{{ compext }} |
||||
{% else %} |
||||
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB -r $DEST/$DB.sql |
||||
{% endif %} |
||||
done |
Loading…
Reference in new issue