You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
323 lines
9.3 KiB
323 lines
9.3 KiB
---
|
|
|
|
- name: Set default install mode to none
|
|
set_fact: bounca_install_mode="none"
|
|
tags: bounca
|
|
|
|
- name: Check if bounca is installed
|
|
stat: path={{ bounca_root_dir }}/meta/ansible_version
|
|
register: bounca_version_file
|
|
tags: bounca
|
|
|
|
- name: Check installed version
|
|
command: cat {{ bounca_root_dir }}/meta/ansible_version
|
|
register: bounca_current_version
|
|
changed_when: False
|
|
when: bounca_version_file.stat.exists
|
|
tags: bounca
|
|
|
|
- name: Set install mode to install
|
|
set_fact: bounca_install_mode='install'
|
|
when: not bounca_version_file.stat.exists
|
|
tags: bounca
|
|
|
|
- name: Set install mode to upgrade
|
|
set_fact: bounca_install_mode='upgrade'
|
|
when:
|
|
- bounca_version_file.stat.exists
|
|
- bounca_current_version is defined
|
|
- bounca_current_version.stdout != bounca_version
|
|
# - bounca_manage_upgrade
|
|
tags: bounca
|
|
|
|
- name: Install dependencies
|
|
yum:
|
|
name:
|
|
- python34-virtualenv
|
|
- python34-pip
|
|
- uwsgi-plugin-python3
|
|
- uwsgi-logger-systemd
|
|
- python-psycopg2
|
|
- openssl-devel
|
|
- postgresql-devel
|
|
- postgresql
|
|
- gcc
|
|
- git
|
|
tags: bounca
|
|
|
|
- name: Create user account for bounca
|
|
user:
|
|
name: bounca
|
|
system: True
|
|
shell: /sbin/nologin
|
|
home: "{{ bounca_root_dir }}"
|
|
tags: bounca
|
|
|
|
- name: Create directories
|
|
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
|
|
with_items:
|
|
- dir: "{{ bounca_root_dir }}/tmp"
|
|
- dir: "{{ bounca_root_dir }}/app"
|
|
- dir: "{{ bounca_root_dir }}/data"
|
|
mode: 700
|
|
group: "{{ bounca_user }}"
|
|
owner: "{{ bounca_user }}"
|
|
- dir: "{{ bounca_root_dir }}/meta"
|
|
mode: 700
|
|
- dir: "{{ bounca_root_dir }}/archives"
|
|
mode: 700
|
|
- dir: /etc/bounca
|
|
mode: 750
|
|
group: "{{ bounca_user }}"
|
|
tags: bounca
|
|
|
|
- name: Create archive dir
|
|
file: path={{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }} state=directory mode=700
|
|
when: bounca_install_mode == "upgrade"
|
|
tags: bounca
|
|
|
|
- name: Archive current BounCA install
|
|
synchronize:
|
|
src: "{{ bounca_root_dir }}/app"
|
|
dest: "{{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }}/app"
|
|
recursive: True
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
when: bounca_install_mode == "upgrade"
|
|
tags: bounca
|
|
|
|
- name: Dump database
|
|
postgresql_db:
|
|
name: "{{ bounca_db_name }}"
|
|
state: dump
|
|
login_host: "{{ bounca_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ pg_admin_pass }}"
|
|
target: "{{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }}/{{ bounca_db_name }}.sql.gz"
|
|
when: bounca_install_mode == "upgrade"
|
|
tags: bounca
|
|
|
|
- name: Compress previous version
|
|
command: tar cJf {{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }}.txz ./
|
|
environment:
|
|
XZ_OPT: -T0
|
|
args:
|
|
chdir: "{{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }}"
|
|
when: bounca_install_mode == 'upgrade'
|
|
tags: bounca
|
|
|
|
- name: Remove the archive directory
|
|
file: path={{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }} state=absent
|
|
when: bounca_install_mode == 'upgrade'
|
|
tags: bounca
|
|
|
|
- name: Download BounCA
|
|
get_url:
|
|
url: "{{ bounca_archive_url }}"
|
|
dest: "{{ bounca_root_dir }}/tmp"
|
|
when: bounca_install_mode != 'none'
|
|
tags: bounca
|
|
|
|
- name: Extract BounCA
|
|
unarchive:
|
|
src: "{{ bounca_root_dir }}/tmp/bounca-{{ bounca_version }}.tar.gz"
|
|
dest: "{{ bounca_root_dir }}/tmp"
|
|
remote_src: yes
|
|
when: bounca_install_mode != "none"
|
|
tags: bounca
|
|
|
|
- name: Move BounCA to it's directory
|
|
synchronize:
|
|
src: "{{ bounca_root_dir }}/tmp/bounca-{{ bounca_version }}/"
|
|
dest: "{{ bounca_root_dir }}/app/"
|
|
recursive: True
|
|
delete: True
|
|
when: bounca_install_mode != "none"
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
tags: bounca
|
|
|
|
#- name: Clone GIT repo
|
|
# git:
|
|
# repo: "{{ bounca_git_url }}"
|
|
# dest: "{{ bounca_root_dir }}/app"
|
|
# version: "{{ bounca_version }}"
|
|
# force: True
|
|
# register: bounca_git
|
|
# tags: bounca
|
|
#
|
|
#- name: Get new git commit
|
|
# command: git rev-parse HEAD
|
|
# args:
|
|
# chdir: "{{ bounca_root_dir }}/app"
|
|
# register: bounca_git_commit
|
|
# changed_when: False
|
|
# tags: bounca
|
|
#
|
|
#- name: Set install mode to upgrade
|
|
# set_fact: bounca_install_mode='upgrade'
|
|
# when:
|
|
# - bounca_install_mode == 'none'
|
|
# - bounca_git_commit.stdout != bounca_current_version.stdout
|
|
# tags: bounca
|
|
|
|
- name: Create archive dir
|
|
file: path={{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }} state=directory mode=700
|
|
when: bounca_install_mode == "upgrade"
|
|
tags: bounca
|
|
|
|
- name: Dump database
|
|
postgresql_db:
|
|
name: "{{ bounca_db_name }}"
|
|
state: dump
|
|
login_host: "{{ bounca_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ pg_admin_pass }}"
|
|
target: "{{ bounca_root_dir }}/archives/{{ bounca_current_version.stdout }}/{{ bounca_db_name }}.sql.gz"
|
|
when: bounca_install_mode == "upgrade"
|
|
tags: bounca
|
|
|
|
- name: Create the virtualenv
|
|
pip:
|
|
state: latest
|
|
virtualenv: "{{ bounca_root_dir }}"
|
|
virtualenv_command: /usr/bin/virtualenv-3
|
|
requirements: "{{ bounca_root_dir }}/app/requirements.txt"
|
|
tags: bounca
|
|
|
|
- name: Link pki to the data dir
|
|
file: src={{ bounca_root_dir }}/data dest={{ bounca_root_dir }}/app/pki state=link
|
|
tags: bounca
|
|
|
|
- name: Handle bounca ports
|
|
iptables_raw:
|
|
name: bounca_ports
|
|
state: "{{ (bounca_src_ip | length > 0) | ternary('present','absent') }}"
|
|
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ bounca_port }} -s {{ bounca_src_ip | join(',') }} -j ACCEPT"
|
|
tags: [firewall,bounca]
|
|
|
|
#- name: Install additional python module
|
|
# pip:
|
|
# state: latest
|
|
# virtualenv: "{{ bounca_root_dir }}"
|
|
# name: "{{ item }}"
|
|
# with_items:
|
|
# - django-lemonldap
|
|
# tags: bounca
|
|
|
|
- name: Generate a random pass for the database
|
|
shell: openssl rand -base64 45 > {{ bounca_root_dir }}/meta/ansible_dbpass
|
|
args:
|
|
creates: "{{ bounca_root_dir }}/meta/ansible_dbpass"
|
|
when: bounca_db_pass is not defined
|
|
tags: bounca
|
|
|
|
- name: Read database password
|
|
command: cat {{ bounca_root_dir }}/meta/ansible_dbpass
|
|
register: bounca_rand_pass
|
|
when: bounca_db_pass is not defined
|
|
changed_when: False
|
|
tags: bounca
|
|
|
|
- name: Set database pass
|
|
set_fact: bounca_db_pass={{ bounca_rand_pass.stdout }}
|
|
when: bounca_db_pass is not defined
|
|
tags: bounca
|
|
|
|
- name: Generate a random secret
|
|
shell: openssl rand -base64 45 > {{ bounca_root_dir }}/meta/ansible_secret
|
|
args:
|
|
creates: "{{ bounca_root_dir }}/meta/ansible_secret"
|
|
when: bounca_secret_key is not defined
|
|
tags: bounca
|
|
|
|
- name: Read secret_key
|
|
command: cat {{ bounca_root_dir }}/meta/ansible_secret
|
|
register: bounca_rand_secret
|
|
when: bounca_secret_key is not defined
|
|
changed_when: False
|
|
tags: bounca
|
|
|
|
- name: Set secret_key
|
|
set_fact: bounca_secret_key={{ bounca_rand_secret.stdout }}
|
|
when: bounca_secret_key is not defined
|
|
tags: bounca
|
|
|
|
- name: Create the PostgreSQL role
|
|
postgresql_user:
|
|
db: postgres
|
|
name: "{{ bounca_db_user }}"
|
|
password: "{{ bounca_db_pass }}"
|
|
login_host: "{{ bounca_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ pg_admin_pass }}"
|
|
tags: bounca
|
|
|
|
- name: Create the PostgreSQL database
|
|
postgresql_db:
|
|
name: "{{ bounca_db_name }}"
|
|
encoding: UTF-8
|
|
lc_collate: C
|
|
lc_ctype: C
|
|
template: template0
|
|
owner: "{{ bounca_db_user }}"
|
|
login_host: "{{ bounca_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ pg_admin_pass }}"
|
|
tags: bounca
|
|
|
|
- name: Deploy configuration
|
|
template: src={{ item.src }} dest={{ item.dest }} owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
|
|
with_items:
|
|
- src: main.ini.j2
|
|
dest: /etc/bounca/main.ini
|
|
group: bounca
|
|
mode: 640
|
|
- src: uwsgi.ini.j2
|
|
dest: /etc/bounca/uwsgi.ini
|
|
group: bounca
|
|
mode: 640
|
|
notify: restart bounca
|
|
tags: bounca
|
|
|
|
#- name: Add a tmpfiles.d snippet
|
|
# copy: content="d /run/bounca 750 bounca apache" dest=/etc/tmpfiles.d/bounca.conf
|
|
# register: bounca_tmpfiles
|
|
# tags: bounca
|
|
#
|
|
#- name: Create tmpdir
|
|
# command: systemd-tmpfiles --create
|
|
# when: bounca_tmpfiles.changed
|
|
# tags: bounca
|
|
|
|
- name: Deploy BounCA unit
|
|
template: src=bounca.service.j2 dest=/etc/systemd/system/bounca.service
|
|
register: bounca_unit
|
|
tags: bounca
|
|
|
|
- name: Reload systemd
|
|
command: systemctl daemon-reload
|
|
when: bounca_unit.changed
|
|
tags: bounca
|
|
|
|
- name: Stop BounCA daemon for DB upgrade
|
|
service: name=bounca state=stopped
|
|
when: bounca_install_mode == 'upgrade'
|
|
tags: bounca
|
|
|
|
- name: Migrate BounCA DB
|
|
django_manage: command="migrate --noinput" app_path={{ bounca_root_dir }}/app virtualenv={{ bounca_root_dir }}
|
|
when: bounca_install_mode != 'none'
|
|
tags: bounca
|
|
|
|
- name: Collect static assets
|
|
django_manage: command="collectstatic --noinput" app_path={{ bounca_root_dir }}/app virtualenv={{ bounca_root_dir }}
|
|
when: bounca_install_mode != 'none'
|
|
tags: bounca
|
|
|
|
- name: Start and enable the daemon
|
|
service: name=bounca state=started enabled=True
|
|
tags: bounca
|
|
|
|
- name: Write installed version
|
|
# copy: content={{ bounca_git_commit.stdout}} dest={{ bounca_root_dir }}/meta/ansible_version
|
|
copy: content={{ bounca_version }} dest={{ bounca_root_dir }}/meta/ansible_version
|
|
tags: bounca
|
|
|