Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

442 lines
13 KiB

---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
- vars/defaults.yml
tags: fpbx
- name: Install Asterisk and its dependencies
yum: name={{ fpbx_packages }}
tags: fpbx
- name: Build a list of music on hold format to install
set_fact: fpbx_moh_pkg={{ fpbx_moh_pkg | default([ 'asterisk-moh-opsound' ]) + [ 'asterisk-moh-opsound-' ~ item ] }}
loop:
- alaw
- g722
- g729
- gsm
- siren14
- siren7
- sln16
- ulaw
- wav
tags: fpbx
- name: Build a list of languages packages to install
set_fact: fpbx_snd_pkg={{ fpbx_snd_pkg | default([]) + [ 'asterisk-sounds-core-' ~ item.0 ~ '-' ~ item.1 ] }}
with_nested:
- - en
- es
- fr
- it
- - alaw
- g722
- g729
- gsm
- siren14
- siren7
- sln16
- ulaw
- wav
tags: fpbx
- name: Install music on hold and languages packages
yum: name={{ fpbx_moh_pkg + fpbx_snd_pkg }}
tags: fpbx
- import_tasks: ../includes/disable_selinux.yml
tags: fpbx
- block:
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_version }}"
- manage_upgrade: False
- set_fact: fpbx_install_mode={{ (install_mode == 'install') | ternary('install','none') }}
- set_fact: fpbx_current_version={{ current_version | default('') }}
tags: fpbx
- name: Create directories
file: path={{ fpbx_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
loop:
- dir: web
- dir: cgi-bin
- dir: meta
mode: 700
- dir: backup
mode: 700
- dir: tmp
- dir: sessions
- dir: archives
- dir: web/admin/modules/ucp/
- dir: provisioning/contacts
- dir: provisioning/logs
- dir: provisioning/overrides
- dir: provisioning/licenses
- dir: provisioning/bmp
- dir: provisioning/config_bkup/contacts
tags: fpbx
- name: Remove obsolete directories
file: path={{ fpbx_root_dir }}/{{ item }} state=absent
loop:
- db_dumps
tags: fpbx
- name: Create /tftpboot
file: dest=/tftpboot src={{ fpbx_root_dir }}/provisioning state=link
tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_phonepass"
- pass_size: 12
- complex: False
when: fpbxphone_pass is not defined
tags: fpbx
- set_fact: fpbx_phone_pass={{ rand_pass }}
when: fpbx_phone_pass is not defined
tags: fpbx
- name: Create a user for provisioning
user:
name: phone
home: "{{ fpbx_root_dir }}/provisioning"
shell: /bin/rbash
password: "{{ fpbx_phone_pass | password_hash('sha256', 65535 | random(seed=inventory_hostname)) }}"
tags: fpbx
- name: Configure vsftpd
template: src=vsftpd/{{ item }}.j2 dest=/etc/vsftpd/{{ item }}
loop:
- user_list
- vsftpd.conf
- chroot_list
notify: restart vsftpd
tags: fpbx
- name: Deploy PAM config for vsftpd
template: src=vsftpd/pam.j2 dest=/etc/pam.d/vsftpd
tags: fpbx
- name: Load iptables FTP helper
copy: content="nf_conntrack_ftp" dest=/etc/modules-load.d/freepbx.conf
notify: restart systemd-modules-load
tags: fpbx
- name: Start and enable vsftpd
service: name=vsftpd state=started enabled=True
tags: fpbx
- import_tasks: ../includes/webapps_archive.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_current_version }}"
- db_name: "{{ fpbx_db_name }}"
- db_server: "{{ fpbx_db_server }}"
when: fpbx_install_mode == 'upgrade'
tags: fpbx
- name: Download FreePBX
get_url:
url: "{{ fpbx_archive_url }}"
dest: "{{ fpbx_root_dir }}/tmp/"
checksum: "sha1:{{ fpbx_archive_sha1 }}"
when: fpbx_install_mode != 'none'
tags: fpbx
- name: Extract fpbx archive
unarchive:
src: "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
dest: "{{ fpbx_root_dir }}/tmp"
remote_src: yes
when: fpbx_install_mode != 'none'
tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_dbpass"
- complex: False
when: fpbx_db_pass is not defined
tags: fpbx
- set_fact: fpbx_db_pass={{ rand_pass }}
when: fpbx_db_pass is not defined
tags: fpbx
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ fpbx_db_name }}"
- db_user: "{{ fpbx_db_user }}"
- db_server: "{{ fpbx_db_server }}"
- db_pass: "{{ fpbx_db_pass }}"
- append_privs: True
tags: fpbx
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ fpbx_cdr_db_name }}"
- db_user: "{{ fpbx_db_user }}"
- db_server: "{{ fpbx_db_server }}"
- db_pass: "{{ fpbx_db_pass }}"
- append_privs: True
tags: fpbx
- name: Ensure asterisk is running
service: name=asterisk state=started
when: fpbx_install_mode == 'install'
tags: fpbx
- name: Remove config file before installation
file: path={{ item }} state=absent
loop:
- /etc/freepbx.conf
- /etc/amportal.conf
when: fpbx_install_mode == 'install'
tags: fpbx
- name: Install base framework
command: >
scl enable php{{ fpbx_php_version }} -- ./install
-n --webroot={{ fpbx_root_dir }}/web --dbengine=mysql
--dbuser={{ fpbx_db_user }} --dbname={{ fpbx_db_name }}
--cdrdbname={{ fpbx_cdr_db_name }} --dbpass={{ fpbx_db_pass | quote }}
--astmoddir=/usr/lib64/asterisk/modules/
--astagidir=/usr/share/asterisk/agi-bin/
--ampsbin=/usr/local/bin
--ampcgibin=/opt/freepbx/cgi-bin
args:
chdir: "{{ fpbx_root_dir }}/tmp/freepbx"
when: fpbx_install_mode == 'install'
tags: fpbx
# TODO: should be in a loop to patch easily several files, but checking for file presence in a loop
# is a pain with ansible
#- name: Check if webrtc class exist
# stat: path={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
# register: fpbx_webrtc_class
# tags: fpbx
#
#- name: Patch webrtc class
# patch: src=patches/webrtc_proxy.patch dest={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
# when: fpbx_webrtc_class.stat.exists
# tags: fpbx
- name: Check for wrapper symlinks
stat: path=/usr/local/bin/{{ item }}
register: fpbx_wrapper_links
loop:
- fwconsole
- amportal
tags: fpbx
- name: Remove symlinks
file: path=/usr/local/bin/{{ item.item }} state=absent
when: item.stat.islnk is defined and item.stat.islnk
loop: "{{ fpbx_wrapper_links.results }}"
tags: fpbx
- name: Install wrappers
template: src={{ item }}.j2 dest=/usr/local/bin/{{ item }} mode=755
loop:
- fwconsole
- amportal
tags: fpbx
- name: Install safe_asterisk
copy: src=safe_asterisk dest=/usr/local/bin/safe_asterisk mode=755
tags: fpbx
- name: Ensure asterisk service is stopped and disabled
service: name=asterisk state=stopped enabled=False
tags: fpbx
- name: Ensure /etc/systemd/system/ exists
file: path=/etc/systemd/system/ state=directory
tags: fpbx
- name: Deploy FreePBX service unit
template: src=freepbx.service.j2 dest=/etc/systemd/system/freepbx.service
register: fpbx_unit
notify: restart freepbx
tags: fpbx
- name: Reload systemd
systemd: daemon_reload=True
when: fpbx_unit.changed
tags: fpbx
- name: Remove temp files
file: path={{ item }} state=absent
loop:
- "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
- "{{ fpbx_root_dir }}/tmp/freepbx"
tags: fpbx
#- name: Update modules
# command: /usr/local/bin/fwconsole ma updateall
# changed_when: False
# tags: fpbx
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_manager_pass"
- complex: False
when: fpbx_manager_pass is not defined
tags: fpbx
- set_fact: fpbx_manager_pass={{ rand_pass }}
when: fpbx_manager_pass is not defined
tags: fpbx
- name: Deploy configuration
template: src={{ item }}.j2 dest=/etc/{{ item }}
loop:
- freepbx.conf
notify:
- reload freepbx
- fpbx chown
tags: fpbx
- name: Configure manager.conf and extensions.conf
lineinfile:
path: "{{ item.file }}"
regexp: '^{{ item.param }}\s*=.*'
line: '{{ item.param }} = {{ item.value }}'
loop:
# - param: AMPMGRPASS
# value: "{{ fpbx_manager_pass }}"
# file: /etc/asterisk/extensions_additional.conf
#- param: AMPDBHOST
# value: "{{ fpbx_db_server }}"
# file: /etc/amportal.conf
#- param: AMPDBNAME
# value: "{{ fpbx_db_name }}"
# file: /etc/amportal.conf
#- param: AMPDBUSER
# value: "{{ fpbx_db_user }}"
# file: /etc/amportal.conf
#- param: AMPDBPASS
# value: "{{ fpbx_db_pass }}"
# file: /etc/amportal.conf
#- param: CDRDBNAME
# value: "{{ fpbx_cdr_db_name }}"
# file: /etc/amportal.conf
- param: secret
value: "{{ fpbx_manager_pass }}"
file: /etc/asterisk/manager.conf
tags: fpbx
- name: Set amportal settings
command: /usr/local/bin/fwconsole setting {{ item.param }} {{ item.value }}
loop:
- param: AMPMGRUSER
value: admin
- param: AMPMGRPASS
value: "{{ fpbx_manager_pass }}"
- param: PROXY_ENABLED
value: "{{ (system_proxy is defined and system_proxy != '') | ternary('TRUE','FALSE') }}"
- param: PROXY_ADDRESS
value: "'{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}'"
- param: AUTHTYPE
value: "{{ fpbx_auth_type }}"
- param: PHPTIMEZONE
value: "{{ system_tz | default('UTC') }}"
- param: HTTPENABLED
value: TRUE
- param: HTTPBINDADDRESS
value: 0.0.0.0
- param: HTTPBINDPORT
value: 8088
- param: HTTPPREFIX
value: asterisk
- param: NODEJSBINDADDRESS
value: 0.0.0.0
- param: NODEJSHTTPSBINDADDRESS
value: 0.0.0.0
- param: SIGNATURECHECK
value: FALSE # Needed since we're going to patch some module to pass through a rev proxy
changed_when: False
tags: fpbx
- name: Set global language # TODO : this is an ugly hack
command: mysql --host={{ fpbx_db_server}} --user={{ fpbx_db_user }} --password={{ fpbx_db_pass | quote }} {{ fpbx_db_name }} -e "UPDATE `soundlang_settings` SET `value`='fr' WHERE `keyword`='language'"
changed_when: False
tags: fpbx
- import_tasks: ../includes/webapps_webconf.yml
vars:
- app_id: freepbx
- php_version: "{{ fpbx_php_version }}"
- php_fpm_pool: "{{ fpbx_php_fpm_pool | default('') }}"
tags: fpbx
- name: Deploy pre/post backup scripts
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/freepbx.sh mode=750
loop:
- pre
- post
tags: fpbx
- name: Install agi scripts
copy: src=agi/{{ item }} dest=/usr/share/asterisk/agi-bin/{{ item }} mode=750 group=asterisk
loop:
- jitsi_conf_pin
tags: fpbx
- name: Handle FreePBX ports
iptables_raw:
name: "{{ item.name }}"
state: "{{ (item.src | length > 0 and (item.tcp_ports | length > 0 or item.udp_ports | length > 0)) | ternary('present','absent') }}"
rules: "{% if item.tcp_ports is defined and item.tcp_ports | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.tcp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
{% if item.udp_ports is defined and item.udp_ports | length > 0 %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.udp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
when: iptables_manage | default(True)
loop:
- name: fpbx_mgm_ports
tcp_ports: "{{ fpbx_mgm_tcp_ports }}"
udp_ports: "{{ fpbx_mgm_udp_ports }}"
src: "{{ fpbx_mgm_src_ip }}"
- name: fpbx_voip_ports
tcp_ports: "{{ fpbx_voip_tcp_ports }}"
udp_ports: "{{ fpbx_voip_udp_ports }}"
src: "{{ fpbx_voip_src_ip }}"
- name: fpbx_http_ports
tcp_ports: "{{ fpbx_http_ports }}"
src: "{{ fpbx_http_src_ip }}"
- name: fpbx_prov_ports
tcp_ports: "{{ fpbx_prov_tcp_ports }}"
udp_ports: "{{ fpbx_prov_udp_ports }}"
src: "{{ fpbx_prov_src_ip }}"
tags: fpbx,firewall
- name: Remove old iptables rules
iptables_raw:
name: "{{ item }}"
state: absent
loop:
- ast_mgm_tcp_ports
- ast_mgm_udp_ports
- ast_voip_tcp_ports
- ast_voip_udp_ports
- ast_http_ports
tags: fpbx,firewall
- name: Install logrotate config
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/asterisk
tags: fpbx
- name: Start and enable the service
service: name=freepbx state=started enabled=True
tags: fpbx
- import_tasks: ../includes/webapps_post.yml
vars:
- root_dir: "{{ fpbx_root_dir }}"
- version: "{{ fpbx_version }}"
tags: fpbx
- include: filebeat.yml