--- - name: Install packages yum: name: - tis-waptserver - tis-waptsetup - postgresql12 - python-psycopg2 # Needed to manage PG with ansible tags: wapt - include_tasks: postgresql.yml when: wapt_db_server == '127.0.0.1' or wapt_db_server == 'localhost' tags: wapt - name: Create directories file: path={{ item.path }} state=directory mode={{ item.mode | default(omit) }} owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} loop: - path: /opt/wapt/meta mode: 700 - path: /var/www/html/ssl mode: 750 owner: wapt group: nginx tags: wapt - import_tasks: ../includes/get_rand_pass.yml vars: - pass_file: "/opt/wapt/meta/ansible_dbpass" when: wapt_db_pass is not defined tags: wapt - set_fact: wapt_db_pass={{ rand_pass }} when: wapt_db_pass is not defined tags: wapt - name: Create wapt DB user postgresql_user: db: postgres name: "{{ wapt_db_user }}" password: "{{ wapt_db_pass }}" login_host: "{{ wapt_db_server }}" login_user: sqladmin login_password: "{{ pg_admin_pass }}" tags: wapt - name: Create the PostgreSQL database postgresql_db: name: wapt encoding: UTF-8 template: template0 owner: "{{ wapt_db_user }}" login_host: "{{ wapt_db_server }}" login_user: sqladmin login_password: "{{ pg_admin_pass }}" tags: wapt - name: Enable the hstore extension postgresql_ext: db: "{{ wapt_db_name }}" login_host: "{{ wapt_db_server }}" login_user: sqladmin login_password: "{{ pg_admin_pass }}" name: hstore tags: wapt - name: Configure SELinux seboolean: name={{ item }} state=True persistent=True with_items: - httpd_can_network_connect - httpd_setrlimit when: ansible_selinux.status == 'enabled' tags: wapt - name: Set SELinux context on repo dir sefcontext: target: '/var/www/html/wapt(\-host)?(/.*)?' setype: httpd_sys_content_t when: ansible_selinux.status == 'enabled' tags: wapt - name: Reset SELinux contexts command: restorecon -Rv /var/www/html changed_when: False tags: wapt - import_tasks: ../includes/get_rand_pass.yml vars: - pass_file: "/opt/wapt/meta/ansible_secret_key" tags: wapt - set_fact: wapt_secret_key={{ rand_pass }} tags: wapt - name: Configure WAPT server ini_file: path=/opt/wapt/conf/waptserver.ini section=options option={{ item.option }} value={{ item.value }} with_items: - option: db_name value: "{{ wapt_db_name }}" - option: db_host value: "{{ wapt_db_server }}" - option: db_user value: "{{ wapt_db_user }}" - option: db_password value: "{{ wapt_db_pass }}" - option: waptwua_folder value: /var/www/html/waptwua - option: server_uuid value: "{{ inventory_hostname | to_uuid }}" - option: allow_unauthenticated_connect value: 'False' - option: allow_unauthenticated_registration value: 'False' - option: secret_key value: "{{ wapt_secret_key }}" - option: use_kerberos value: 'False' notify: restart wapt tags: wapt - name: Create unit snippet dir file: path=/etc/systemd/system/waptserver.service.d state=directory tags: wapt - name: Tune wapt to restart indefinitely copy: content: | [Service] Restart=on-failure StartLimitInterval=0 RestartSec=20 dest: /etc/systemd/system/waptserver.service.d/restart.conf register: wapt_unit tags: wapt - name: Reload systemd systemd: daemon_reload=True when: wapt_unit.changed tags: wapt - name: Configure system proxy ini_file: path=/opt/wapt/conf/waptserver.ini section=options option=http_proxy value={{ system_proxy }} when: system_proxy is defined and system_proxy != '' notify: restart wapt tags: wapt - name: Check if admin password is set command: grep -qP '^wapt_password' /opt/wapt/conf/waptserver.ini ignore_errors: True register: wapt_admin_pass_set changed_when: False tags: wapt - name: Hash the WAPT admin password command: python -c 'from passlib.hash import pbkdf2_sha256; print pbkdf2_sha256.hash("admin".encode("utf8"))' register: wapt_admin_pass_hash environment: - PYTHONPATH: /opt/wapt/lib/python2.7/site-packages/ when: wapt_admin_pass_set.rc != 0 changed_when: False tags: wapt - set_fact: wapt_admin_pass_hash={{ wapt_admin_pass_hash.stdout }} when: wapt_admin_pass_set.rc != 0 tags: wapt - name: Set default admin password ini_file: path=/opt/wapt/conf/waptserver.ini section=options option=wapt_password value={{ wapt_admin_pass_hash }} when: wapt_admin_pass_set.rc != 0 notify: restart wapt tags: wapt - name: Set correct ownership for wapt configuration file: path=/opt/wapt/conf/waptserver.ini owner=wapt mode=0600 tags: wapt - name: Deploy nginx config template: src={{ item.src }}.j2 dest={{ item.dest }} with_items: - src: nginx.conf dest: /etc/nginx/nginx.conf - src: wapt.conf dest: /etc/nginx/conf.d/wapt.conf notify: restart nginx tags: wapt - name: Start and enable nginx service: name=nginx state=started enabled=True tags: wapt - name: Start and enable WAPT services service: name={{ item }} state=started enabled=True with_items: - waptserver #- wapttasks tags: wapt - name: Handle ports iptables_raw: name: wapt_ports state: "{{ (wapt_src_ip is defined and wapt_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ wapt_ports | join(',') }} -s {{ wapt_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) tags: wapt - name: Create DB dump directory file: path=/opt/wapt/db_dumps state=directory mode=0700 tags: wapt - name: Deploy pre and post backup scripts template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/wapt.sh mode=0755 with_items: - pre - post tags: wapt