From e0bcc3ef3e38af172b05d1b923783949c1597e22 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 24 Nov 2021 11:00:06 +0100 Subject: [PATCH] Update to 2021-11-24 11:00 --- roles/bookstack/defaults/main.yml | 4 +- roles/etherpad/defaults/main.yml | 6 +-- roles/etherpad/tasks/archive_pre.yml | 29 +++++++++--- roles/etherpad/tasks/cleanup.yml | 10 +++-- roles/etherpad/tasks/conf.yml | 4 +- roles/etherpad/tasks/directories.yml | 4 +- roles/etherpad/tasks/facts.yml | 66 ++++++++++++++-------------- roles/etherpad/tasks/install.yml | 65 +++++++++++++-------------- roles/etherpad/templates/etherpad.service.j2 | 5 +-- roles/etherpad/templates/perms.sh.j2 | 8 ++-- roles/etherpad/templates/post_backup.sh.j2 | 2 +- roles/etherpad/templates/pre_backup.sh.j2 | 13 +++--- 12 files changed, 118 insertions(+), 98 deletions(-) diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml index 8c574a9..c88513b 100644 --- a/roles/bookstack/defaults/main.yml +++ b/roles/bookstack/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -bookstack_version: '21.11' +bookstack_version: '21.11.1' # URL of the arhive bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz # Expected sha1 of the archive -bookstack_archive_sha1: 5e468cffd7c1a44e3d927c621d9edf6a6af5aedd +bookstack_archive_sha1: 1e4fa33649a2fabbd081ec219908bc15d27a808a # Should ansible handle bookstack upgrades or just the inintial install bookstack_manage_upgrade: True diff --git a/roles/etherpad/defaults/main.yml b/roles/etherpad/defaults/main.yml index f9eb350..e3ff2ad 100644 --- a/roles/etherpad/defaults/main.yml +++ b/roles/etherpad/defaults/main.yml @@ -3,9 +3,9 @@ etherpad_id: 1 etherpad_root_dir: /opt/etherpad_{{ etherpad_id }} etherpad_user: etherpad_{{ etherpad_id }} -etherpad_version: 1.8.14 +etherpad_version: 1.8.15 etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz -etherpad_archive_sha1: 6df38bd74bf87c95196382e374a701dca12d8226 +etherpad_archive_sha1: c7995d0418c919d97e62c941e70fb20940ce7b35 etherpad_port: 9003 etherpad_src_ip: [] @@ -26,7 +26,5 @@ etherpad_plugins_base: - adminpads - delete_after_delay - delete_empty_pads - - small_list - - markdown etherpad_plugins_extra: [] etherpad_plugins: "{{ etherpad_plugins_base + etherpad_plugins_extra }}" diff --git a/roles/etherpad/tasks/archive_pre.yml b/roles/etherpad/tasks/archive_pre.yml index db8c1ca..b4b9b36 100644 --- a/roles/etherpad/tasks/archive_pre.yml +++ b/roles/etherpad/tasks/archive_pre.yml @@ -1,9 +1,28 @@ --- -- import_tasks: ../includes/webapps_archive.yml - vars: - - root_dir: "{{ etherpad_root_dir }}" - - version: "{{ current_version }}" - - db_name: "{{ etherpad_db_name }}" +- name: Create archive dir + file: path={{ etherpad_root_dir }}/archives/{{ etherpad_current_version }} state=directory mode=700 tags: etherpad +- name: Archive previous version + synchronize: + src: "{{ etherpad_root_dir }}/{{ etherpad_web_dir.stat.exists | ternary('web','app') }}" # previous versions were installed in the web subdir, now in app) + dest: "{{ etherpad_root_dir }}/archives/{{ etherpad_current_version }}/" + compress: False + delete: True + delegate_to: "{{ inventory_hostname }}" + tags: etherpad + +- name: Dump the database + mysql_db: + state: dump + name: "{{ etherpad_db_name }}" + target: "{{ etherpad_root_dir }}/archives/{{ etherpad_current_version }}/{{ etherpad_db_name }}.sql.xz" + login_host: "{{ etherpad_db_server | default(mysql_server) }}" + login_user: "{{ etherpad_db_user }}" + login_password: "{{ etherpad_db_pass }}" + quick: True + single_transaction: True + environment: + XZ_OPT: -T0 + tags: etherpad diff --git a/roles/etherpad/tasks/cleanup.yml b/roles/etherpad/tasks/cleanup.yml index a4da541..370a402 100644 --- a/roles/etherpad/tasks/cleanup.yml +++ b/roles/etherpad/tasks/cleanup.yml @@ -1,8 +1,10 @@ --- -- name: Remove temp files - file: path={{ etherpad_root_dir }}/tmp/{{ item }} state=absent +- name: Remove temp and obsolete files + file: path={{ etherpad_root_dir }}/{{ item }} state=absent loop: - - etherpad-lite-{{ etherpad_version }} - - etherpad-lite-{{ etherpad_version }}.tar.gz + - tmp/etherpad-lite-{{ etherpad_version }} + - tmp/etherpad-lite-{{ etherpad_version }}.tar.gz + - web + - db_dumps tags: etherpad diff --git a/roles/etherpad/tasks/conf.yml b/roles/etherpad/tasks/conf.yml index eff9331..b9762f8 100644 --- a/roles/etherpad/tasks/conf.yml +++ b/roles/etherpad/tasks/conf.yml @@ -1,7 +1,7 @@ --- - name: Configure random keys - copy: content={{ item.value }} dest={{ etherpad_root_dir }}/web/{{ item.file }} + copy: content={{ item.value }} dest={{ etherpad_root_dir }}/app/{{ item.file }} owner={{ etherpad_user }} group={{ etherpad_user }} mode=600 loop: - file: SESSIONKEY.txt value: "{{ etherpad_session_key }}" @@ -10,6 +10,6 @@ tags: etherpad - name: Deploy service configuration - template: src=settings.json.j2 dest={{ etherpad_root_dir }}/web/settings.json + template: src=settings.json.j2 dest={{ etherpad_root_dir }}/app/settings.json notify: restart etherpad tags: etherpad diff --git a/roles/etherpad/tasks/directories.yml b/roles/etherpad/tasks/directories.yml index be9f4ce..211717e 100644 --- a/roles/etherpad/tasks/directories.yml +++ b/roles/etherpad/tasks/directories.yml @@ -8,11 +8,11 @@ - dir: tmp mode: 770 group: "{{ etherpad_user }}" - - dir: db_dumps + - dir: backup mode: 700 - dir: archives mode: 700 - - dir: web + - dir: app owner: "{{ etherpad_user }}" tags: etherpad diff --git a/roles/etherpad/tasks/facts.yml b/roles/etherpad/tasks/facts.yml index 327015e..8b2fa49 100644 --- a/roles/etherpad/tasks/facts.yml +++ b/roles/etherpad/tasks/facts.yml @@ -1,44 +1,46 @@ --- -- import_tasks: ../includes/webapps_set_install_mode.yml - vars: - root_dir: "{{ etherpad_root_dir }}" - version: "{{ etherpad_version }}" - tags: etherpad -- set_fact: etherpad_install_mode={{ install_mode }} +- block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + root_dir: "{{ etherpad_root_dir }}" + version: "{{ etherpad_version }}" + - set_fact: etherpad_install_mode={{ install_mode }} + - set_fact: etherpad_current_version={{ current_version | default('') }} tags: etherpad -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "{{etherpad_root_dir }}/meta/ansible_dbpass" - when: etherpad_db_pass is not defined - tags: etherpad -- set_fact: etherpad_db_pass={{ rand_pass }} - when: etherpad_db_pass is not defined +- when: etherpad_db_pass is not defined + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{etherpad_root_dir }}/meta/ansible_dbpass" + - set_fact: etherpad_db_pass={{ rand_pass }} tags: etherpad -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "{{etherpad_root_dir }}/meta/ansible_session_key" - tags: etherpad -- set_fact: etherpad_session_key={{ rand_pass }} +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{etherpad_root_dir }}/meta/ansible_session_key" + - set_fact: etherpad_session_key={{ rand_pass }} tags: etherpad -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "{{etherpad_root_dir }}/meta/ansible_api_key" - when: etherpad_api_key is not defined - tags: etherpad -- set_fact: etherpad_api_key={{ rand_pass }} - when: etherpad_api_key is not defined +- when: etherpad_api_key is not defined + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{etherpad_root_dir }}/meta/ansible_api_key" + - set_fact: etherpad_api_key={{ rand_pass }} tags: etherpad -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "{{etherpad_root_dir }}/meta/ansible_admin_pass" - when: etherpad_admin_pass is not defined - tags: etherpad -- set_fact: etherpad_admin_pass={{ rand_pass }} - when: etherpad_admin_pass is not defined +- when: etherpad_admin_pass is not defined + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{etherpad_root_dir }}/meta/ansible_admin_pass" + - set_fact: etherpad_admin_pass={{ rand_pass }} tags: etherpad +- name: Check if web dir exists + stat: path={{ etherpad_root_dir }}/web + register: etherpad_web_dir + tags: etherpad diff --git a/roles/etherpad/tasks/install.yml b/roles/etherpad/tasks/install.yml index abd6797..3143eee 100644 --- a/roles/etherpad/tasks/install.yml +++ b/roles/etherpad/tasks/install.yml @@ -7,48 +7,45 @@ notify: restart etherpad tags: etherpad -- name: Download etherpad - get_url: - url: "{{ etherpad_archive_url }}" - dest: "{{ etherpad_root_dir }}/tmp" - checksum: "sha1:{{ etherpad_archive_sha1 }}" - when: etherpad_install_mode != 'none' - tags: etherpad +- when: etherpad_install_mode != 'none' + block: + - name: Download etherpad + get_url: + url: "{{ etherpad_archive_url }}" + dest: "{{ etherpad_root_dir }}/tmp" + checksum: "sha1:{{ etherpad_archive_sha1 }}" + + - name: Extract etherpad + unarchive: + src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}.tar.gz" + dest: "{{ etherpad_root_dir }}/tmp/" + remote_src: True + + - name: Move etherpad to its correct dir + synchronize: + src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}/" + dest: "{{ etherpad_root_dir }}/app/" + recursive: True + delete: True + compress: False + delegate_to: "{{ inventory_hostname }}" + become_user: "{{ etherpad_user }}" -- name: Extract etherpad - unarchive: - src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}.tar.gz" - dest: "{{ etherpad_root_dir }}/tmp/" - remote_src: True - when: etherpad_install_mode != 'none' - tags: etherpad - -- name: Move etherpad to its correct dir - synchronize: - src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}/" - dest: "{{ etherpad_root_dir }}/web/" - recursive: True - delete: True - delegate_to: "{{ inventory_hostname }}" - become_user: "{{ etherpad_user }}" - when: etherpad_install_mode != 'none' - tags: etherpad - -- name: Ensure node_modules dir exists - file: path={{ etherpad_root_dir }}/web/node_modules state=directory - tags: etherpad - -- name: Link etherpad sources in node_modules - file: src={{ etherpad_root_dir }}/web/src dest={{ etherpad_root_dir }}/web/node_modules/ep_etherpad-lite state=link tags: etherpad - name: Install node modules - npm: path={{ etherpad_root_dir }}/web/node_modules/ep_etherpad-lite production=True state={{ (etherpad_install_mode == 'none') | ternary('present','latest') }} + npm: + path: "{{ etherpad_root_dir }}/app/src" + state: "{{ (etherpad_install_mode == 'none') | ternary('present','latest') }}" become_user: "{{ etherpad_user }}" + notify: restart etherpad tags: etherpad - name: Install plugins - npm: name=ep_{{ item }} path={{ etherpad_root_dir }}/web/node_modules/ep_etherpad-lite production=True state={{ (etherpad_install_mode == 'none') | ternary('present','latest') }} + npm: + name: ep_{{ item }} + path: "{{ etherpad_root_dir }}/app/src" + state: "{{ (etherpad_install_mode == 'none') | ternary('present','latest') }}" loop: "{{ etherpad_plugins }}" become_user: "{{ etherpad_user }}" notify: restart etherpad diff --git a/roles/etherpad/templates/etherpad.service.j2 b/roles/etherpad/templates/etherpad.service.j2 index 7f89a0a..f0a0781 100644 --- a/roles/etherpad/templates/etherpad.service.j2 +++ b/roles/etherpad/templates/etherpad.service.j2 @@ -6,9 +6,8 @@ After=syslog.target network.target Type=simple User={{ etherpad_user }} Group={{ etherpad_user }} -WorkingDirectory={{ etherpad_root_dir }}/web -ExecStartPre=/bin/rm -f {{ etherpad_root_dir }}/web/var/minified* -ExecStart=/usr/bin/node ./node_modules/ep_etherpad-lite/node/server.js +WorkingDirectory={{ etherpad_root_dir }}/app +ExecStart=/usr/bin/node ./src/node/server.js PrivateTmp=yes PrivateDevices=yes ProtectSystem=full diff --git a/roles/etherpad/templates/perms.sh.j2 b/roles/etherpad/templates/perms.sh.j2 index c8032bf..9322183 100644 --- a/roles/etherpad/templates/perms.sh.j2 +++ b/roles/etherpad/templates/perms.sh.j2 @@ -1,7 +1,7 @@ #!/bin/bash -e restorecon -R {{ etherpad_root_dir }} -chown -R {{ etherpad_user }}:{{ etherpad_user }} {{ etherpad_root_dir }}/web -find {{ etherpad_root_dir }}/web -type f -exec chmod 644 "{}" \; -find {{ etherpad_root_dir }}/web -type d -exec chmod 755 "{}" \; -chmod 640 {{ etherpad_root_dir }}/web/{settings.json,SESSIONKEY.txt,APIKEY.txt} +chown -R {{ etherpad_user }}:{{ etherpad_user }} {{ etherpad_root_dir }}/app +find {{ etherpad_root_dir }}/app -type f -exec chmod 644 "{}" \; +find {{ etherpad_root_dir }}/app -type d -exec chmod 755 "{}" \; +chmod 600 {{ etherpad_root_dir }}/app/{settings.json,SESSIONKEY.txt,APIKEY.txt} diff --git a/roles/etherpad/templates/post_backup.sh.j2 b/roles/etherpad/templates/post_backup.sh.j2 index bcbd271..2f54002 100644 --- a/roles/etherpad/templates/post_backup.sh.j2 +++ b/roles/etherpad/templates/post_backup.sh.j2 @@ -1,3 +1,3 @@ #!/bin/sh -rm -f {{ etherpad_root_dir }}/db_dumps/* +rm -f {{ etherpad_root_dir }}/backup/* diff --git a/roles/etherpad/templates/pre_backup.sh.j2 b/roles/etherpad/templates/pre_backup.sh.j2 index 0b492a7..5a288d9 100644 --- a/roles/etherpad/templates/pre_backup.sh.j2 +++ b/roles/etherpad/templates/pre_backup.sh.j2 @@ -2,8 +2,11 @@ set -eo pipefail -/usr/bin/mysqldump --user={{ etherpad_db_user }} \ - --password={{ etherpad_db_pass | quote }} \ - --host={{ etherpad_db_server }} \ - --quick --single-transaction \ - --add-drop-table {{ etherpad_db_name }} | zstd -c > {{ etherpad_root_dir }}/db_dumps/{{ etherpad_db_name }}.sql.zst +/usr/bin/mysqldump \ +{% if etherpad_db_server not in ['localhost', '127.0.0.1'] %} + --user={{ etherpad_db_user }} \ + --password={{ etherpad_db_pass | quote }} \ + --host={{ etherpad_db_server }} \ +{% endif %} + --quick --single-transaction \ + --add-drop-table {{ etherpad_db_name }} | zstd -c > {{ etherpad_root_dir }}/backup/{{ etherpad_db_name }}.sql.zst