You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
464 lines
13 KiB
464 lines
13 KiB
---
|
|
|
|
- name: Install Asterisk and its dependencies
|
|
yum:
|
|
name:
|
|
- asterisk
|
|
- asterisk-voicemail
|
|
- asterisk-pjsip
|
|
- asterisk-sip
|
|
- asterisk-mysql
|
|
- asterisk-ael
|
|
- asterisk-iax2
|
|
- asterisk-dahdi
|
|
- asterisk-fax
|
|
- asterisk-ldap
|
|
- asterisk-misdn
|
|
- asterisk-mp3
|
|
- asterisk-odbc
|
|
- mysql-connector-odbc
|
|
- mpg123
|
|
- lame
|
|
- opus
|
|
- nmap
|
|
- nodejs
|
|
#- kmod-dahdi-linux
|
|
#- dahdi-tools
|
|
#- dahdi-linux
|
|
- tar
|
|
- mariadb
|
|
- MySQL-python
|
|
- acl
|
|
- gcc-c++ # needed for ucp
|
|
- icu
|
|
- libicu-devel
|
|
- patch
|
|
- vsftpd
|
|
tags: fpbx
|
|
|
|
- name: Build a list of music on hold format to install
|
|
set_fact: fpbx_moh_pkg={{ fpbx_moh_pkg | default([ 'asterisk-moh-opsound' ]) + [ 'asterisk-moh-opsound-' ~ item ] }}
|
|
loop:
|
|
- alaw
|
|
- g722
|
|
- g729
|
|
- gsm
|
|
- siren14
|
|
- siren7
|
|
- sln16
|
|
- ulaw
|
|
- wav
|
|
tags: fpbx
|
|
|
|
- name: Build a list of languages packages to install
|
|
set_fact: fpbx_snd_pkg={{ fpbx_snd_pkg | default([]) + [ 'asterisk-sounds-core-' ~ item.0 ~ '-' ~ item.1 ] }}
|
|
with_nested:
|
|
- - en
|
|
- es
|
|
- fr
|
|
- it
|
|
- - alaw
|
|
- g722
|
|
- g729
|
|
- gsm
|
|
- siren14
|
|
- siren7
|
|
- sln16
|
|
- ulaw
|
|
- wav
|
|
tags: fpbx
|
|
|
|
- name: Install music on hold and languages packages
|
|
yum: name={{ fpbx_moh_pkg + fpbx_snd_pkg }}
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/disable_selinux.yml
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_set_install_mode.yml
|
|
vars:
|
|
- root_dir: "{{ fpbx_root_dir }}"
|
|
- version: "{{ fpbx_version }}"
|
|
- manage_upgrade: False
|
|
tags: fpbx
|
|
- set_fact: fpbx_install_mode={{ (install_mode == 'install') | ternary('install','none') }}
|
|
tags: fpbx
|
|
- set_fact: fpbx_current_version={{ current_version | default('') }}
|
|
tags: fpbx
|
|
|
|
- name: Create directories
|
|
file: path={{ fpbx_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
|
|
loop:
|
|
- dir: web
|
|
- dir: cgi-bin
|
|
- dir: meta
|
|
mode: 700
|
|
- dir: backup
|
|
mode: 700
|
|
- dir: tmp
|
|
- dir: sessions
|
|
- dir: archives
|
|
- dir: web/admin/modules/ucp/
|
|
- dir: provisioning/contacts
|
|
- dir: provisioning/logs
|
|
- dir: provisioning/overrides
|
|
- dir: provisioning/licenses
|
|
- dir: provisioning/bmp
|
|
tags: fpbx
|
|
|
|
- name: Remove obsolete directories
|
|
file: path={{ fpbx_root_dir }}/{{ item }} state=absent
|
|
loop:
|
|
- db_dumps
|
|
tags: fpbx
|
|
|
|
- name: Create /tftpboot
|
|
file: dest=/tftpboot src={{ fpbx_root_dir }}/provisioning state=link
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/get_rand_pass.yml
|
|
vars:
|
|
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_phonepass"
|
|
- complex: False
|
|
when: fpbxphone_pass is not defined
|
|
tags: fpbx
|
|
- set_fact: fpbx_phone_pass={{ rand_pass }}
|
|
when: fpbx_phone_pass is not defined
|
|
tags: fpbx
|
|
|
|
- name: Create a user for provisioning
|
|
user:
|
|
name: phone
|
|
home: "{{ fpbx_root_dir }}/provisioning"
|
|
shell: /bin/rbash
|
|
password: "{{ fpbx_phone_pass | password_hash('sha256', 65535 | random(seed=inventory_hostname)) }}"
|
|
tags: fpbx
|
|
|
|
- name: Configure vsftpd
|
|
template: src=vsftpd/{{ item }}.j2 dest=/etc/vsftpd/{{ item }}
|
|
loop:
|
|
- user_list
|
|
- vsftpd.conf
|
|
- chroot_list
|
|
notify: restart vsftpd
|
|
tags: fpbx
|
|
|
|
- name: Deploy PAM config for vsftpd
|
|
template: src=vsftpd/pam.j2 dest=/etc/pam.d/vsftpd
|
|
tags: fpbx
|
|
|
|
- name: Load iptables FTP helper
|
|
copy: content="nf_conntrack_ftp" dest=/etc/modules-load.d/freepbx.conf
|
|
notify: restart systemd-modules-load
|
|
tags: fpbx
|
|
|
|
- name: Start and enable vsftpd
|
|
service: name=vsftpd state=started enabled=True
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_archive.yml
|
|
vars:
|
|
- root_dir: "{{ fpbx_root_dir }}"
|
|
- version: "{{ fpbx_current_version }}"
|
|
- db_name: "{{ fpbx_db_name }}"
|
|
- db_server: "{{ fpbx_db_server }}"
|
|
when: fpbx_install_mode == 'upgrade'
|
|
tags: fpbx
|
|
|
|
- name: Download FreePBX
|
|
get_url:
|
|
url: "{{ fpbx_archive_url }}"
|
|
dest: "{{ fpbx_root_dir }}/tmp/"
|
|
checksum: "sha1:{{ fpbx_archive_sha1 }}"
|
|
when: fpbx_install_mode != 'none'
|
|
tags: fpbx
|
|
|
|
- name: Extract fpbx archive
|
|
unarchive:
|
|
src: "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
|
|
dest: "{{ fpbx_root_dir }}/tmp"
|
|
remote_src: yes
|
|
when: fpbx_install_mode != 'none'
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/get_rand_pass.yml
|
|
vars:
|
|
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_dbpass"
|
|
- complex: False
|
|
when: fpbx_db_pass is not defined
|
|
tags: fpbx
|
|
- set_fact: fpbx_db_pass={{ rand_pass }}
|
|
when: fpbx_db_pass is not defined
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_create_mysql_db.yml
|
|
vars:
|
|
- db_name: "{{ fpbx_db_name }}"
|
|
- db_user: "{{ fpbx_db_user }}"
|
|
- db_server: "{{ fpbx_db_server }}"
|
|
- db_pass: "{{ fpbx_db_pass }}"
|
|
- append_privs: True
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_create_mysql_db.yml
|
|
vars:
|
|
- db_name: "{{ fpbx_cdr_db_name }}"
|
|
- db_user: "{{ fpbx_db_user }}"
|
|
- db_server: "{{ fpbx_db_server }}"
|
|
- db_pass: "{{ fpbx_db_pass }}"
|
|
- append_privs: True
|
|
tags: fpbx
|
|
|
|
- name: Ensure asterisk is running
|
|
service: name=asterisk state=started
|
|
when: fpbx_install_mode == 'install'
|
|
tags: fpbx
|
|
|
|
- name: Remove config file before installation
|
|
file: path={{ item }} state=absent
|
|
loop:
|
|
- /etc/freepbx.conf
|
|
- /etc/amportal.conf
|
|
when: fpbx_install_mode == 'install'
|
|
tags: fpbx
|
|
|
|
- name: Install base framework
|
|
command: >
|
|
scl enable php{{ fpbx_php_version }} -- ./install
|
|
-n --webroot={{ fpbx_root_dir }}/web --dbengine=mysql
|
|
--dbuser={{ fpbx_db_user }} --dbname={{ fpbx_db_name }}
|
|
--cdrdbname={{ fpbx_cdr_db_name }} --dbpass={{ fpbx_db_pass | quote }}
|
|
--astmoddir=/usr/lib64/asterisk/modules/
|
|
--astagidir=/usr/share/asterisk/agi-bin/
|
|
--ampsbin=/usr/local/bin
|
|
--ampcgibin=/opt/freepbx/cgi-bin
|
|
args:
|
|
chdir: "{{ fpbx_root_dir }}/tmp/freepbx"
|
|
when: fpbx_install_mode == 'install'
|
|
tags: fpbx
|
|
|
|
# TODO: should be in a loop to patch easily several files, but checking for file presence in a loop
|
|
# is a pain with ansible
|
|
#- name: Check if webrtc class exist
|
|
# stat: path={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
|
|
# register: fpbx_webrtc_class
|
|
# tags: fpbx
|
|
#
|
|
#- name: Patch webrtc class
|
|
# patch: src=patches/webrtc_proxy.patch dest={{ fpbx_root_dir }}/web/admin/modules/webrtc/Webrtc.class.php
|
|
# when: fpbx_webrtc_class.stat.exists
|
|
# tags: fpbx
|
|
|
|
- name: Check for wrapper symlinks
|
|
stat: path=/usr/local/bin/{{ item }}
|
|
register: fpbx_wrapper_links
|
|
loop:
|
|
- fwconsole
|
|
- amportal
|
|
tags: fpbx
|
|
|
|
- name: Remove symlinks
|
|
file: path=/usr/local/bin/{{ item.item }} state=absent
|
|
when: item.stat.islnk is defined and item.stat.islnk
|
|
loop: "{{ fpbx_wrapper_links.results }}"
|
|
tags: fpbx
|
|
|
|
- name: Install wrappers
|
|
template: src={{ item }}.j2 dest=/usr/local/bin/{{ item }} mode=755
|
|
loop:
|
|
- fwconsole
|
|
- amportal
|
|
tags: fpbx
|
|
|
|
- name: Install safe_asterisk
|
|
copy: src=safe_asterisk dest=/usr/local/bin/safe_asterisk mode=755
|
|
tags: fpbx
|
|
|
|
- name: Ensure asterisk service is stopped and disabled
|
|
service: name=asterisk state=stopped enabled=False
|
|
tags: fpbx
|
|
|
|
- name: Ensure /etc/systemd/system/ exists
|
|
file: path=/etc/systemd/system/ state=directory
|
|
tags: fpbx
|
|
|
|
- name: Deploy FreePBX service unit
|
|
template: src=freepbx.service.j2 dest=/etc/systemd/system/freepbx.service
|
|
register: fpbx_unit
|
|
notify: restart freepbx
|
|
tags: fpbx
|
|
|
|
- name: Reload systemd
|
|
systemd: daemon_reload=True
|
|
when: fpbx_unit.changed
|
|
tags: fpbx
|
|
|
|
- name: Remove temp files
|
|
file: path={{ item }} state=absent
|
|
loop:
|
|
- "{{ fpbx_root_dir }}/tmp/freepbx-{{ fpbx_version }}-latest.tgz"
|
|
- "{{ fpbx_root_dir }}/tmp/freepbx"
|
|
tags: fpbx
|
|
|
|
#- name: Update modules
|
|
# command: /usr/local/bin/fwconsole ma updateall
|
|
# changed_when: False
|
|
# tags: fpbx
|
|
|
|
- import_tasks: ../includes/get_rand_pass.yml
|
|
vars:
|
|
- pass_file: "{{ fpbx_root_dir }}/meta/ansible_manager_pass"
|
|
- complex: False
|
|
when: fpbx_manager_pass is not defined
|
|
tags: fpbx
|
|
- set_fact: fpbx_manager_pass={{ rand_pass }}
|
|
when: fpbx_manager_pass is not defined
|
|
tags: fpbx
|
|
|
|
- name: Deploy configuration
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- freepbx.conf
|
|
notify:
|
|
- reload freepbx
|
|
- fpbx chown
|
|
tags: fpbx
|
|
|
|
- name: Configure manager.conf and extensions.conf
|
|
lineinfile:
|
|
path: "{{ item.file }}"
|
|
regexp: '^{{ item.param }}\s*=.*'
|
|
line: '{{ item.param }} = {{ item.value }}'
|
|
loop:
|
|
# - param: AMPMGRPASS
|
|
# value: "{{ fpbx_manager_pass }}"
|
|
# file: /etc/asterisk/extensions_additional.conf
|
|
#- param: AMPDBHOST
|
|
# value: "{{ fpbx_db_server }}"
|
|
# file: /etc/amportal.conf
|
|
#- param: AMPDBNAME
|
|
# value: "{{ fpbx_db_name }}"
|
|
# file: /etc/amportal.conf
|
|
#- param: AMPDBUSER
|
|
# value: "{{ fpbx_db_user }}"
|
|
# file: /etc/amportal.conf
|
|
#- param: AMPDBPASS
|
|
# value: "{{ fpbx_db_pass }}"
|
|
# file: /etc/amportal.conf
|
|
#- param: CDRDBNAME
|
|
# value: "{{ fpbx_cdr_db_name }}"
|
|
# file: /etc/amportal.conf
|
|
- param: secret
|
|
value: "{{ fpbx_manager_pass }}"
|
|
file: /etc/asterisk/manager.conf
|
|
tags: fpbx
|
|
|
|
- name: Set amportal settings
|
|
command: /usr/local/bin/fwconsole setting {{ item.param }} {{ item.value }}
|
|
loop:
|
|
- param: AMPMGRUSER
|
|
value: admin
|
|
- param: AMPMGRPASS
|
|
value: "{{ fpbx_manager_pass }}"
|
|
- param: PROXY_ENABLED
|
|
value: "{{ (system_proxy is defined and system_proxy != '') | ternary('TRUE','FALSE') }}"
|
|
- param: PROXY_ADDRESS
|
|
value: "'{{ (system_proxy is defined and system_proxy != '') | ternary(system_proxy,'') }}'"
|
|
- param: AUTHTYPE
|
|
value: "{{ fpbx_auth_type }}"
|
|
- param: PHPTIMEZONE
|
|
value: "{{ system_tz | default('UTC') }}"
|
|
- param: HTTPENABLED
|
|
value: TRUE
|
|
- param: HTTPBINDADDRESS
|
|
value: 0.0.0.0
|
|
- param: HTTPBINDPORT
|
|
value: 8088
|
|
- param: HTTPPREFIX
|
|
value: asterisk
|
|
- param: NODEJSBINDADDRESS
|
|
value: 0.0.0.0
|
|
- param: NODEJSHTTPSBINDADDRESS
|
|
value: 0.0.0.0
|
|
- param: SIGNATURECHECK
|
|
value: FALSE # Needed since we're going to patch some module to pass through a rev proxy
|
|
changed_when: False
|
|
tags: fpbx
|
|
|
|
- name: Set global language # TODO : this is an ugly hack
|
|
command: mysql --host={{ fpbx_db_server}} --user={{ fpbx_db_user }} --password={{ fpbx_db_pass | quote }} {{ fpbx_db_name }} -e "UPDATE `soundlang_settings` SET `value`='fr' WHERE `keyword`='language'"
|
|
changed_when: False
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_webconf.yml
|
|
vars:
|
|
- app_id: freepbx
|
|
- php_version: "{{ fpbx_php_version }}"
|
|
- php_fpm_pool: "{{ fpbx_php_fpm_pool | default('') }}"
|
|
tags: fpbx
|
|
|
|
- name: Deploy pre/post backup scripts
|
|
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/freepbx.sh mode=750
|
|
loop:
|
|
- pre
|
|
- post
|
|
tags: fpbx
|
|
|
|
- name: Install agi scripts
|
|
copy: src=agi/{{ item }} dest=/usr/share/asterisk/agi-bin/{{ item }} mode=750 group=asterisk
|
|
loop:
|
|
- jitsi_conf_pin
|
|
tags: fpbx
|
|
|
|
- name: Handle FreePBX ports
|
|
iptables_raw:
|
|
name: "{{ item.name }}"
|
|
state: "{{ (item.src | length > 0 and (item.tcp_ports | length > 0 or item.udp_ports | length > 0)) | ternary('present','absent') }}"
|
|
rules: "{% if item.tcp_ports is defined and item.tcp_ports | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.tcp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
|
|
{% if item.udp_ports is defined and item.udp_ports | length > 0 %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.udp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
|
|
when: iptables_manage | default(True)
|
|
loop:
|
|
- name: fpbx_mgm_ports
|
|
tcp_ports: "{{ fpbx_mgm_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_mgm_udp_ports }}"
|
|
src: "{{ fpbx_mgm_src_ip }}"
|
|
- name: fpbx_voip_ports
|
|
tcp_ports: "{{ fpbx_voip_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_voip_udp_ports }}"
|
|
src: "{{ fpbx_voip_src_ip }}"
|
|
- name: fpbx_http_ports
|
|
tcp_ports: "{{ fpbx_http_ports }}"
|
|
src: "{{ fpbx_http_src_ip }}"
|
|
- name: fpbx_prov_ports
|
|
tcp_ports: "{{ fpbx_prov_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_prov_udp_ports }}"
|
|
src: "{{ fpbx_prov_src_ip }}"
|
|
tags: fpbx,firewall
|
|
|
|
- name: Remove old iptables rules
|
|
iptables_raw:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- ast_mgm_tcp_ports
|
|
- ast_mgm_udp_ports
|
|
- ast_voip_tcp_ports
|
|
- ast_voip_udp_ports
|
|
- ast_http_ports
|
|
tags: fpbx,firewall
|
|
|
|
- name: Install logrotate config
|
|
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/asterisk
|
|
tags: fpbx
|
|
|
|
- name: Start and enable the service
|
|
service: name=freepbx state=started enabled=True
|
|
tags: fpbx
|
|
|
|
- import_tasks: ../includes/webapps_post.yml
|
|
vars:
|
|
- root_dir: "{{ fpbx_root_dir }}"
|
|
- version: "{{ fpbx_version }}"
|
|
tags: fpbx
|
|
|
|
- include: filebeat.yml
|
|
|