diff --git a/roles/cmp-rdbms/tasks/main.yml b/roles/cmp-rdbms/tasks/main.yml index 44661f57..246a2115 100644 --- a/roles/cmp-rdbms/tasks/main.yml +++ b/roles/cmp-rdbms/tasks/main.yml @@ -23,4 +23,4 @@ when: applications | get_app_conf(application_id, 'features.central_database', False) - name: "For '{{ application_id }}': Add Entry for Backup Procedure" - include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml" + include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" diff --git a/roles/docker-core/tasks/01_core.yml b/roles/docker-core/tasks/01_core.yml new file mode 100644 index 00000000..be74659c --- /dev/null +++ b/roles/docker-core/tasks/01_core.yml @@ -0,0 +1,13 @@ +- name: docker & docker compose install + pacman: + name: ['docker','docker-compose'] + state: present + notify: docker restart + +- name: "create {{path_docker_compose_instances}}" + file: + path: "{{path_docker_compose_instances}}" + state: directory + mode: 0700 + owner: root + group: root diff --git a/roles/docker-core/tasks/main.yml b/roles/docker-core/tasks/main.yml index b389f5d9..c782215a 100644 --- a/roles/docker-core/tasks/main.yml +++ b/roles/docker-core/tasks/main.yml @@ -1,22 +1,5 @@ --- - block: - - name: docker & docker compose install - pacman: - name: ['docker','docker-compose'] - state: present - notify: docker restart - - - name: "create {{path_docker_compose_instances}}" - file: - path: "{{path_docker_compose_instances}}" - state: directory - mode: 0700 - owner: administrator - group: administrator - - - name: Set docker_enabled to true, to activate svc-opt-ssd-hdd - set_fact: - docker_enabled: true - - - include_tasks: utils/run_once.yml + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_docker_core is not defined diff --git a/roles/srv-web-6-6-tls-renew/tasks/01_core.yml b/roles/srv-web-6-6-tls-renew/tasks/01_core.yml new file mode 100644 index 00000000..c895adad --- /dev/null +++ b/roles/srv-web-6-6-tls-renew/tasks/01_core.yml @@ -0,0 +1,22 @@ +- name: install certbot + pacman: + name: + - certbot-nginx + state: present + +- name: configure srv-web-6-6-tls-renew.infinito.service + template: + src: srv-web-6-6-tls-renew.service.j2 + dest: /etc/systemd/system/srv-web-6-6-tls-renew.infinito.service + notify: reload certbot service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_renew_lets_encrypt_certificates}}" + persistent: "true" \ No newline at end of file diff --git a/roles/srv-web-6-6-tls-renew/tasks/main.yml b/roles/srv-web-6-6-tls-renew/tasks/main.yml index 21515e68..f42e9099 100644 --- a/roles/srv-web-6-6-tls-renew/tasks/main.yml +++ b/roles/srv-web-6-6-tls-renew/tasks/main.yml @@ -1,26 +1,4 @@ - block: - - name: install certbot - pacman: - name: - - certbot-nginx - state: present - - - name: configure srv-web-6-6-tls-renew.infinito.service - template: - src: srv-web-6-6-tls-renew.service.j2 - dest: /etc/systemd/system/srv-web-6-6-tls-renew.infinito.service - notify: reload certbot service - - - name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - - - name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_renew_lets_encrypt_certificates}}" - persistent: "true" - + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml when: run_once_srv_web_6_6_tls_renew is not defined diff --git a/roles/srv-web-7-4-core/tasks/01_core.yml b/roles/srv-web-7-4-core/tasks/01_core.yml new file mode 100644 index 00000000..0afec51b --- /dev/null +++ b/roles/srv-web-7-4-core/tasks/01_core.yml @@ -0,0 +1,49 @@ +- name: Include openresty + # Outside of run_once block is necessary for handler loading + # Otherwise the when: condition from the block is added to the handlers + # Inside openresty their is a validation that it doesn't run multiple times + include_role: + name: svc-prx-openresty + public: false + # Explicit set to guaranty that application_id will not be overwritten. + # Should be anyhow the default case + +- name: "reset (if enabled)" + include_tasks: 02_reset.yml + when: mode_reset | bool + +- name: Ensure nginx configuration directories are present + file: + path: "{{ item }}" + state: directory + owner: "{{nginx.user}}" + group: "{{nginx.user}}" + mode: '0755' + recurse: yes + loop: > + {{ + [ nginx.directories.configuration ] + + ( nginx.directories.http.values() | list ) + + [ nginx.directories.streams ] + }} + +- name: Ensure nginx data storage directories are present + file: + path: "{{ item }}" + state: directory + recurse: yes + owner: "{{nginx.user}}" + group: "{{nginx.user}}" + mode: '0755' + loop: > + {{ nginx.directories.data.values() | list }} + +- name: "Include tasks to create cache directories" + include_tasks: 03_cache_directories.yml + +- name: create nginx config file + template: + src: nginx.conf.j2 + dest: "{{ nginx.files.configuration }}" + notify: restart openresty + \ No newline at end of file diff --git a/roles/srv-web-7-4-core/tasks/01_reset.yml b/roles/srv-web-7-4-core/tasks/02_reset.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/01_reset.yml rename to roles/srv-web-7-4-core/tasks/02_reset.yml diff --git a/roles/srv-web-7-4-core/tasks/02_cache_directories.yml b/roles/srv-web-7-4-core/tasks/03_cache_directories.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/02_cache_directories.yml rename to roles/srv-web-7-4-core/tasks/03_cache_directories.yml diff --git a/roles/srv-web-7-4-core/tasks/main.yml b/roles/srv-web-7-4-core/tasks/main.yml index 3c357fbe..43c7b724 100644 --- a/roles/srv-web-7-4-core/tasks/main.yml +++ b/roles/srv-web-7-4-core/tasks/main.yml @@ -1,53 +1,5 @@ --- -- name: Include openresty - # Outside of run_once block is necessary for handler loading - # Otherwise the when: condition from the block is added to the handlers - # Inside openresty their is a validation that it doesn't run multiple times - include_role: - name: svc-prx-openresty - public: false - # Explicit set to guaranty that application_id will not be overwritten. - # Should be anyhow the default case - -- block: - - name: "reset (if enabled)" - include_tasks: 01_reset.yml - when: mode_reset | bool - - - name: Ensure nginx configuration directories are present - file: - path: "{{ item }}" - state: directory - owner: "{{nginx.user}}" - group: "{{nginx.user}}" - mode: '0755' - recurse: yes - loop: > - {{ - [ nginx.directories.configuration ] + - ( nginx.directories.http.values() | list ) + - [ nginx.directories.streams ] - }} - - - name: Ensure nginx data storage directories are present - file: - path: "{{ item }}" - state: directory - recurse: yes - owner: "{{nginx.user}}" - group: "{{nginx.user}}" - mode: '0755' - loop: > - {{ nginx.directories.data.values() | list }} - - - name: "Include tasks to create cache directories" - include_tasks: 02_cache_directories.yml - - - name: create nginx config file - template: - src: nginx.conf.j2 - dest: "{{ nginx.files.configuration }}" - notify: restart openresty - +- block: + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml when: run_once_srv_web_7_4_core is not defined diff --git a/roles/svc-db-mariadb/tasks/01_core.yml b/roles/svc-db-mariadb/tasks/01_core.yml new file mode 100644 index 00000000..21efb6d9 --- /dev/null +++ b/roles/svc-db-mariadb/tasks/01_core.yml @@ -0,0 +1,48 @@ + +- name: Create Docker network for MariaDB + docker_network: + name: "{{ mariadb_network_name }}" + state: present + ipam_config: + - subnet: "{{ mariadb_subnet }}" + +- name: install MariaDB + docker_container: + name: "{{ mariadb_name }}" + image: "{{ mariadb_image }}:{{ mariadb_version}}" + detach: yes + env: + MARIADB_ROOT_PASSWORD: "{{ mariadb_root_pwd }}" + MARIADB_AUTO_UPGRADE: "1" + networks: + - name: "{{ mariadb_network_name }}" + volumes: + - "{{ mariadb_volume }}:/var/lib/mysql" + published_ports: + - "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets + command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud + restart_policy: "{{ DOCKER_RESTART_POLICY }}" + healthcheck: + test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\"" + interval: 10s + timeout: 5s + retries: 18 + register: setup_mariadb_container_result + +- name: install python-mysqlclient + pacman: + name: python-mysqlclient + state: present + +- name: "Wait until the MariaDB container with hostname '{{ mariadb_name }}' is healthy" + community.docker.docker_container_info: + name: "{{ mariadb_name }}" + register: db_info + until: + - db_info.container is defined + - db_info.container.State.Health.Status == "healthy" + retries: 30 + delay: 5 + when: + - setup_mariadb_container_result is defined + - setup_mariadb_container_result.changed diff --git a/roles/svc-db-mariadb/tasks/init.yml b/roles/svc-db-mariadb/tasks/02_init.yml similarity index 100% rename from roles/svc-db-mariadb/tasks/init.yml rename to roles/svc-db-mariadb/tasks/02_init.yml diff --git a/roles/svc-db-mariadb/tasks/main.yml b/roles/svc-db-mariadb/tasks/main.yml index 802186ba..b6f0c90c 100644 --- a/roles/svc-db-mariadb/tasks/main.yml +++ b/roles/svc-db-mariadb/tasks/main.yml @@ -1,60 +1,8 @@ -- name: Create Docker network for MariaDB - docker_network: - name: "{{ mariadb_network_name }}" - state: present - ipam_config: - - subnet: "{{ mariadb_subnet }}" +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_svc_db_mariadb is not defined -- name: install MariaDB - docker_container: - name: "{{ mariadb_name }}" - image: "{{ mariadb_image }}:{{ mariadb_version}}" - detach: yes - env: - MARIADB_ROOT_PASSWORD: "{{ mariadb_root_pwd }}" - MARIADB_AUTO_UPGRADE: "1" - networks: - - name: "{{ mariadb_network_name }}" - volumes: - - "{{ mariadb_volume }}:/var/lib/mysql" - published_ports: - - "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets - command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud - restart_policy: "{{ DOCKER_RESTART_POLICY }}" - healthcheck: - test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\"" - interval: 10s - timeout: 5s - retries: 18 - when: run_once_svc_db_mariadb is not defined - register: setup_mariadb_container_result - -- name: install python-mysqlclient - pacman: - name: python-mysqlclient - state: present - when: run_once_svc_db_mariadb is not defined - -- name: "Wait until the MariaDB container with hostname '{{ mariadb_name }}' is healthy" - community.docker.docker_container_info: - name: "{{ mariadb_name }}" - register: db_info - until: - - db_info.container is defined - - db_info.container.State.Health.Status == "healthy" - retries: 30 - delay: 5 - when: - - setup_mariadb_container_result is defined - - setup_mariadb_container_result.changed - - run_once_svc_db_mariadb is not defined - - name: "Initialize database for '{{ database_name }}'" - include_tasks: init.yml - when: "{{ mariadb_init }}" - -- name: run the docker_mariadb tasks once - set_fact: - run_once_svc_db_mariadb: true - when: run_once_svc_db_mariadb is not defined \ No newline at end of file + include_tasks: 02_init.yml + when: "{{ mariadb_init }}" \ No newline at end of file diff --git a/roles/svc-db-postgres/tasks/01_core.yml b/roles/svc-db-postgres/tasks/01_core.yml new file mode 100644 index 00000000..cc806736 --- /dev/null +++ b/roles/svc-db-postgres/tasks/01_core.yml @@ -0,0 +1,22 @@ +- name: Create Docker network for PostgreSQL + docker_network: + name: "{{ postgres_network_name }}" + state: present + ipam_config: + - subnet: "{{ postgres_subnet }}" + +- name: "include docker-compose role" + include_role: + name: docker-compose + +- name: Wait for Postgres inside the container + shell: "docker exec {{ postgres_name }} pg_isready -U postgres" + register: pg_ready + until: pg_ready.rc == 0 + retries: 30 + delay: 5 + +- name: install python-psycopg2 + pacman: + name: python-psycopg2 + state: present diff --git a/roles/svc-db-postgres/tasks/init.yml b/roles/svc-db-postgres/tasks/02_init.yml similarity index 100% rename from roles/svc-db-postgres/tasks/init.yml rename to roles/svc-db-postgres/tasks/02_init.yml diff --git a/roles/svc-db-postgres/tasks/main.yml b/roles/svc-db-postgres/tasks/main.yml index 81275aae..33acb3ec 100644 --- a/roles/svc-db-postgres/tasks/main.yml +++ b/roles/svc-db-postgres/tasks/main.yml @@ -1,27 +1,5 @@ - block: - - name: Create Docker network for PostgreSQL - docker_network: - name: "{{ postgres_network_name }}" - state: present - ipam_config: - - subnet: "{{ postgres_subnet }}" - - - name: "include docker-compose role" - include_role: - name: docker-compose - - - name: Wait for Postgres inside the container - shell: "docker exec {{ postgres_name }} pg_isready -U postgres" - register: pg_ready - until: pg_ready.rc == 0 - retries: 30 - delay: 5 - - - name: install python-psycopg2 - pacman: - name: python-psycopg2 - state: present - + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml when: run_once_svc_db_postgres is not defined @@ -31,5 +9,5 @@ handler_role_name: "docker-compose" - name: "Initialize database for '{{ database_name }}'" - include_tasks: init.yml + include_tasks: 02_init.yml when: "{{ postgres_init }}" \ No newline at end of file diff --git a/roles/sys-bkp-docker-2-loc/tasks/01_core.yml b/roles/sys-bkp-docker-2-loc/tasks/01_core.yml new file mode 100644 index 00000000..fef742be --- /dev/null +++ b/roles/sys-bkp-docker-2-loc/tasks/01_core.yml @@ -0,0 +1,28 @@ +- include_tasks: 02_pkgmgr_routines.yml + when: backup_docker_to_local_folder is not defined + +- name: "reset (if enabled)" + include_tasks: 03_reset.yml + when: mode_reset | bool + +- name: configure sys-bkp-docker-2-loc-everything.infinito.service + template: + src: sys-bkp-docker-2-loc-everything.service.j2 + dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service + notify: reload sys-bkp-docker-2-loc-everything.infinito.service + +- name: configure sys-bkp-docker-2-loc.infinito.service + template: + src: sys-bkp-docker-2-loc.service.j2 + dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service + notify: reload sys-bkp-docker-2-loc.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_backup_docker_to_local}}" diff --git a/roles/sys-bkp-docker-2-loc/tasks/01_pkgmgr_routines.yml b/roles/sys-bkp-docker-2-loc/tasks/02_pkgmgr_routines.yml similarity index 100% rename from roles/sys-bkp-docker-2-loc/tasks/01_pkgmgr_routines.yml rename to roles/sys-bkp-docker-2-loc/tasks/02_pkgmgr_routines.yml diff --git a/roles/sys-bkp-docker-2-loc/tasks/02_reset.yml b/roles/sys-bkp-docker-2-loc/tasks/03_reset.yml similarity index 100% rename from roles/sys-bkp-docker-2-loc/tasks/02_reset.yml rename to roles/sys-bkp-docker-2-loc/tasks/03_reset.yml diff --git a/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml b/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml similarity index 98% rename from roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml rename to roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml index 103938fc..f4350356 100644 --- a/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml +++ b/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml @@ -1,4 +1,4 @@ -- include_tasks: 01_pkgmgr_routines.yml +- include_tasks: 02_pkgmgr_routines.yml when: backup_docker_to_local_folder is not defined - name: "Display all database variables" diff --git a/roles/sys-bkp-docker-2-loc/tasks/main.yml b/roles/sys-bkp-docker-2-loc/tasks/main.yml index 374ef737..b3929cd5 100644 --- a/roles/sys-bkp-docker-2-loc/tasks/main.yml +++ b/roles/sys-bkp-docker-2-loc/tasks/main.yml @@ -1,39 +1,11 @@ - block: - - include_tasks: 01_pkgmgr_routines.yml - when: backup_docker_to_local_folder is not defined - - - name: "reset (if enabled)" - include_tasks: 02_reset.yml - when: mode_reset | bool - - - name: configure sys-bkp-docker-2-loc-everything.infinito.service - template: - src: sys-bkp-docker-2-loc-everything.service.j2 - dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service - notify: reload sys-bkp-docker-2-loc-everything.infinito.service - - - name: configure sys-bkp-docker-2-loc.infinito.service - template: - src: sys-bkp-docker-2-loc.service.j2 - dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service - notify: reload sys-bkp-docker-2-loc.infinito.service - - - name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - - - name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_backup_docker_to_local}}" - - - include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml" + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: - run_once_sys_bkp_docker_2_loc is not defined - database_enabled | bool -- name: "include 03_seed-database-to-backup.yml" - include_tasks: 03_seed-database-to-backup.yml +- name: "include 04_seed-database-to-backup.yml" + include_tasks: 04_seed-database-to-backup.yml when: - database_enabled | bool diff --git a/roles/sys-cln-disc-space/vars/main.yml b/roles/sys-cln-disc-space/vars/main.yml index 376f4a44..84ad3eae 100644 --- a/roles/sys-cln-disc-space/vars/main.yml +++ b/roles/sys-cln-disc-space/vars/main.yml @@ -1 +1 @@ -cleanup_disc_space_folder: '{{path_administrator_scripts}}sys-cln-disc-space/' +cleanup_disc_space_folder: '{{ path_administrator_scripts }}sys-cln-disc-space/' diff --git a/roles/sys-rpr-docker-hard/tasks/01_core.yml b/roles/sys-rpr-docker-hard/tasks/01_core.yml new file mode 100644 index 00000000..2aeeeccd --- /dev/null +++ b/roles/sys-rpr-docker-hard/tasks/01_core.yml @@ -0,0 +1,26 @@ +- name: "create {{restart_docker_folder}}" + file: + path: "{{restart_docker_folder}}" + state: directory + mode: 0755 + +- name: create {{restart_docker_script}} + copy: + src: sys-rpr-docker-hard.py + dest: "{{restart_docker_script}}" + +- name: configure sys-rpr-docker-hard.infinito.service + template: + src: sys-rpr-docker-hard.service.j2 + dest: /etc/systemd/system/sys-rpr-docker-hard.infinito.service + notify: "reload sys-rpr-docker-hard.infinito.service" + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_restart_docker}}" \ No newline at end of file diff --git a/roles/sys-rpr-docker-hard/tasks/main.yml b/roles/sys-rpr-docker-hard/tasks/main.yml index a8bc6883..d618e712 100644 --- a/roles/sys-rpr-docker-hard/tasks/main.yml +++ b/roles/sys-rpr-docker-hard/tasks/main.yml @@ -1,30 +1,4 @@ - block: - - name: "create {{restart_docker_folder}}" - file: - path: "{{restart_docker_folder}}" - state: directory - mode: 0755 - - - name: create {{restart_docker_script}} - copy: - src: sys-rpr-docker-hard.py - dest: "{{restart_docker_script}}" - - - name: configure sys-rpr-docker-hard.infinito.service - template: - src: sys-rpr-docker-hard.service.j2 - dest: /etc/systemd/system/sys-rpr-docker-hard.infinito.service - notify: "reload sys-rpr-docker-hard.infinito.service" - - - name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - - - name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_restart_docker}}" - - - include_tasks: utils/run_once.yml + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_rpr_docker_hard is not defined \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 5f694c95..22035ce7 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -3,8 +3,8 @@ include_role: name: cmp-docker-proxy -- name: "include 03_seed-database-to-backup.yml" - include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml" +- name: "include 04_seed-database-to-backup.yml" + include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" - name: configure websocket_upgrade.conf copy: diff --git a/roles/web-app-discourse/tasks/01_core.yml b/roles/web-app-discourse/tasks/01_core.yml new file mode 100644 index 00000000..cbc0080b --- /dev/null +++ b/roles/web-app-discourse/tasks/01_core.yml @@ -0,0 +1,75 @@ +- name: "reset (if enabled)" + include_tasks: 02_reset.yml + when: mode_reset | bool + +# Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838 +- name: install which + pacman: + name: which + state: present + +- name: "load docker, db and proxy for {{application_id}}" + include_role: + name: cmp-db-docker-proxy + +- name: pull docker repository + git: + repo: "https://github.com/discourse/discourse_docker.git" + dest: "{{docker_repository_directory }}" + update: yes + notify: recreate discourse + become: true + ignore_errors: true + +- name: set chmod 700 for {{docker_repository_directory }}containers + ansible.builtin.file: + path: "{{docker_repository_directory }}/containers" + mode: '700' + state: directory + +- name: "copy configuration to {{discourse_application_yml_destination}}" + template: + src: config.yml.j2 + dest: "{{ discourse_application_yml_destination }}" + mode: '0640' + notify: recreate discourse + +- name: "Verify that '{{ discourse_container }}' is running" + command: docker compose ps --filter status=running --format '{{"{{"}}.Name{{"}}"}}' | grep -x {{ discourse_container }} + register: docker_ps + changed_when: docker_ps.rc == 1 + failed_when: docker_ps.rc not in [0, 1] + notify: recreate discourse + +- name: flush, to recreate discourse app + meta: flush_handlers + +- name: Set error string for network already exists + set_fact: + docker_discourse_already_in_net: "Error response from daemon: endpoint with name {{ discourse_container }} already exists in network {{ discourse_pg_network }}" + +- name: "Connect {{ discourse_container }} to network {{ discourse_pg_network }}" + command: > + docker network connect {{ discourse_pg_network }} {{ discourse_container }} + register: network_connect + failed_when: > + network_connect.rc != 0 and + docker_discourse_already_in_net not in network_connect.stderr + changed_when: network_connect.rc == 0 + when: + - applications | get_app_conf(application_id, 'features.central_database', False) + +- name: Set error string for network not connected + set_fact: + docker_discourse_not_connected: 'is not connected to network {{ discourse_network }}' + +- name: "Remove {{ discourse_network }} from {{ database_host }}" + command: > + docker network disconnect {{ discourse_network }} {{ database_host }} + register: network_disconnect + failed_when: > + network_disconnect.rc != 0 and + docker_discourse_not_connected not in network_disconnect.stderr + changed_when: network_disconnect.rc == 0 + when: + - applications | get_app_conf(application_id, 'features.central_database', False) \ No newline at end of file diff --git a/roles/web-app-discourse/tasks/reset.yml b/roles/web-app-discourse/tasks/02_reset.yml similarity index 100% rename from roles/web-app-discourse/tasks/reset.yml rename to roles/web-app-discourse/tasks/02_reset.yml diff --git a/roles/web-app-discourse/tasks/main.yml b/roles/web-app-discourse/tasks/main.yml index 66f31643..ac0809a0 100644 --- a/roles/web-app-discourse/tasks/main.yml +++ b/roles/web-app-discourse/tasks/main.yml @@ -2,80 +2,5 @@ - name: "Setup {{ application_id }}" when: run_once_web_app_discourse is not defined block: - - name: "reset (if enabled)" - include_tasks: reset.yml - when: mode_reset | bool - - # Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838 - - name: install which - pacman: - name: which - state: present - - - name: "load docker, db and proxy for {{application_id}}" - include_role: - name: cmp-db-docker-proxy - - - name: pull docker repository - git: - repo: "https://github.com/discourse/discourse_docker.git" - dest: "{{docker_repository_directory }}" - update: yes - notify: recreate discourse - become: true - ignore_errors: true - - - name: set chmod 700 for {{docker_repository_directory }}containers - ansible.builtin.file: - path: "{{docker_repository_directory }}/containers" - mode: '700' - state: directory - - - name: "copy configuration to {{discourse_application_yml_destination}}" - template: - src: config.yml.j2 - dest: "{{ discourse_application_yml_destination }}" - mode: '0640' - notify: recreate discourse - - - name: "Verify that '{{ discourse_container }}' is running" - command: docker compose ps --filter status=running --format '{{"{{"}}.Name{{"}}"}}' | grep -x {{ discourse_container }} - register: docker_ps - changed_when: docker_ps.rc == 1 - failed_when: docker_ps.rc not in [0, 1] - notify: recreate discourse - - - name: flush, to recreate discourse app - meta: flush_handlers - - - name: Set error string for network already exists - set_fact: - docker_discourse_already_in_net: "Error response from daemon: endpoint with name {{ discourse_container }} already exists in network {{ discourse_pg_network }}" - - - name: "Connect {{ discourse_container }} to network {{ discourse_pg_network }}" - command: > - docker network connect {{ discourse_pg_network }} {{ discourse_container }} - register: network_connect - failed_when: > - network_connect.rc != 0 and - docker_discourse_already_in_net not in network_connect.stderr - changed_when: network_connect.rc == 0 - when: - - applications | get_app_conf(application_id, 'features.central_database', False) - - - name: Set error string for network not connected - set_fact: - docker_discourse_not_connected: 'is not connected to network {{ discourse_network }}' - - - name: "Remove {{ discourse_network }} from {{ database_host }}" - command: > - docker network disconnect {{ discourse_network }} {{ database_host }} - register: network_disconnect - failed_when: > - network_disconnect.rc != 0 and - docker_discourse_not_connected not in network_disconnect.stderr - changed_when: network_disconnect.rc == 0 - when: - - applications | get_app_conf(application_id, 'features.central_database', False) - + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/web-app-espocrm/tasks/01_patch_config.yml b/roles/web-app-espocrm/tasks/01_patch_config.yml new file mode 100644 index 00000000..20ef32b9 --- /dev/null +++ b/roles/web-app-espocrm/tasks/01_patch_config.yml @@ -0,0 +1,23 @@ +- name: Update DB host + command: > + docker exec --user root {{ espocrm_name }} + sed -i "s/'host' => .*/'host' => '{{ database_host }}',/" {{ espocrm_config_file }} + notify: docker compose up + +- name: Update DB name + command: > + docker exec --user root {{ espocrm_name }} + sed -i "s/'dbname' => .*/'dbname' => '{{ database_name }}',/" {{ espocrm_config_file }} + notify: docker compose up + +- name: Update DB user + command: > + docker exec --user root {{ espocrm_name }} + sed -i "s/'user' => .*/'user' => '{{ database_username }}',/" {{ espocrm_config_file }} + notify: docker compose up + +- name: Update DB password + command: > + docker exec --user root {{ espocrm_name }} + sed -i "s/'password' => .*/'password' => '{{ database_password }}',/" {{ espocrm_config_file }} + notify: docker compose up diff --git a/roles/web-app-espocrm/tasks/database.yml b/roles/web-app-espocrm/tasks/database.yml deleted file mode 100644 index 49f940c0..00000000 --- a/roles/web-app-espocrm/tasks/database.yml +++ /dev/null @@ -1,32 +0,0 @@ -- name: Check if config.php exists in EspoCRM - command: docker exec --user root {{ espocrm_name }} test -f {{ espocrm_config_file }} - register: config_file_exists - changed_when: false - failed_when: false - -- name: Patch EspoCRM config.php with updated DB credentials - when: config_file_exists.rc == 0 - block: - - name: Update DB host - command: > - docker exec --user root {{ espocrm_name }} - sed -i "s/'host' => .*/'host' => '{{ database_host }}',/" {{ espocrm_config_file }} - notify: docker compose up - - - name: Update DB name - command: > - docker exec --user root {{ espocrm_name }} - sed -i "s/'dbname' => .*/'dbname' => '{{ database_name }}',/" {{ espocrm_config_file }} - notify: docker compose up - - - name: Update DB user - command: > - docker exec --user root {{ espocrm_name }} - sed -i "s/'user' => .*/'user' => '{{ database_username }}',/" {{ espocrm_config_file }} - notify: docker compose up - - - name: Update DB password - command: > - docker exec --user root {{ espocrm_name }} - sed -i "s/'password' => .*/'password' => '{{ database_password }}',/" {{ espocrm_config_file }} - notify: docker compose up diff --git a/roles/web-app-espocrm/tasks/main.yml b/roles/web-app-espocrm/tasks/main.yml index 05fea694..cfdc15c1 100644 --- a/roles/web-app-espocrm/tasks/main.yml +++ b/roles/web-app-espocrm/tasks/main.yml @@ -3,8 +3,15 @@ include_role: name: cmp-db-docker-proxy -- name: Update database credentials - include_tasks: database.yml +- name: Check if config.php exists in EspoCRM + command: docker exec --user root {{ espocrm_name }} test -f {{ espocrm_config_file }} + register: config_file_exists + changed_when: false + failed_when: false + +- name: Patch EspoCRM config.php with updated DB credentials + include_tasks: 01_patch_config.yml + when: config_file_exists.rc == 0 - name: Flush handlers to make DB available before password reset meta: flush_handlers diff --git a/roles/web-app-friendica/tasks/02_database.yml b/roles/web-app-friendica/tasks/02_database.yml deleted file mode 100644 index 3932cf0e..00000000 --- a/roles/web-app-friendica/tasks/02_database.yml +++ /dev/null @@ -1,35 +0,0 @@ -- name: flush handlers to ensure that friendica is up before friendica addon configuration - meta: flush_handlers - -- name: Check if Friendica local.config.php exists - command: docker exec --user {{ friendica_user }} {{ friendica_container }} test -f {{ friendica_config_file }} - register: friendica_config_exists - changed_when: false - failed_when: false - -- name: Patch Friendica local.config.php with updated DB credentials - when: friendica_config_exists.rc == 0 - block: - - name: Update DB host - command: > - docker exec --user {{ friendica_user }} {{ friendica_container }} - sed -ri "s/('hostname'\s*=>\s*')[^']*(',)/\1{{ database_host }}:{{ database_port }}\2/" {{ friendica_config_file }} - notify: docker compose up - - - name: Update DB name - command: > - docker exec --user {{ friendica_user }} {{ friendica_container }} - sed -ri "s/('database'\s*=>\s*')[^']*(',)/\1{{ database_name }}\2/" {{ friendica_config_file }} - notify: docker compose up - - - name: Update DB user - command: > - docker exec --user {{ friendica_user }} {{ friendica_container }} - sed -ri "s/('username'\s*=>\s*')[^']*(',)/\1{{ database_username }}\2/" {{ friendica_config_file }} - notify: docker compose up - - - name: Update DB password - command: > - docker exec --user {{ friendica_user }} {{ friendica_container }} - sed -ri "s/('password'\s*=>\s*')[^']*(',)/\1{{ database_password }}\2/" {{ friendica_config_file }} - notify: docker compose up diff --git a/roles/web-app-friendica/tasks/02_patch_config.yml b/roles/web-app-friendica/tasks/02_patch_config.yml new file mode 100644 index 00000000..07418216 --- /dev/null +++ b/roles/web-app-friendica/tasks/02_patch_config.yml @@ -0,0 +1,23 @@ +- name: Update DB host + command: > + docker exec --user {{ friendica_user }} {{ friendica_container }} + sed -ri "s/('hostname'\s*=>\s*')[^']*(',)/\1{{ database_host }}:{{ database_port }}\2/" {{ friendica_config_file }} + notify: docker compose up + +- name: Update DB name + command: > + docker exec --user {{ friendica_user }} {{ friendica_container }} + sed -ri "s/('database'\s*=>\s*')[^']*(',)/\1{{ database_name }}\2/" {{ friendica_config_file }} + notify: docker compose up + +- name: Update DB user + command: > + docker exec --user {{ friendica_user }} {{ friendica_container }} + sed -ri "s/('username'\s*=>\s*')[^']*(',)/\1{{ database_username }}\2/" {{ friendica_config_file }} + notify: docker compose up + +- name: Update DB password + command: > + docker exec --user {{ friendica_user }} {{ friendica_container }} + sed -ri "s/('password'\s*=>\s*')[^']*(',)/\1{{ database_password }}\2/" {{ friendica_config_file }} + notify: docker compose up diff --git a/roles/web-app-friendica/tasks/main.yml b/roles/web-app-friendica/tasks/main.yml index cea1f3f4..309ea18c 100644 --- a/roles/web-app-friendica/tasks/main.yml +++ b/roles/web-app-friendica/tasks/main.yml @@ -7,8 +7,19 @@ include_tasks: 01_ldap.yml when: applications | get_app_conf(application_id, 'features.ldap', False) -- name: Update Friendica DB credentials - include_tasks: 02_database.yml +# General +- name: "flush handlers to ensure that '{{ friendica_container }}' is up before executing container tasks" + meta: flush_handlers + +- name: Check if Friendica local.config.php exists + command: docker exec --user {{ friendica_user }} {{ friendica_container }} test -f {{ friendica_config_file }} + register: friendica_config_exists + changed_when: false + failed_when: false + +- name: Patch Friendica local.config.php with updated DB credentials + include_tasks: 02_patch_config.yml + when: friendica_config_exists.rc == 0 - name: Add Friendica Add Ons include_tasks: 03_addons.yml \ No newline at end of file diff --git a/roles/web-app-mailu/tasks/01_core.yml b/roles/web-app-mailu/tasks/01_core.yml new file mode 100644 index 00000000..4894486f --- /dev/null +++ b/roles/web-app-mailu/tasks/01_core.yml @@ -0,0 +1,36 @@ +- name: "load docker, db and proxy for {{application_id}}" + include_role: + name: cmp-db-docker-proxy + +- name: "Include the srv-proxy-6-6-tls-deploy role" + include_role: + name: srv-proxy-6-6-tls-deploy + +- name: Flush docker service handlers + meta: flush_handlers + +- name: "Create Mailu accounts" + include_tasks: 02_create-mailu-user.yml + vars: + mailu_compose_dir: "{{ docker_compose.directories.instance }}" + mailu_domain: "{{ primary_domain }}" + mailu_api_base_url: "http://127.0.0.1:8080/api/v1" + mailu_global_api_token: "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}" + mailu_action: >- + {{ + ( + 'administrator' in (item.value.get('roles', [])) + ) + | ternary('admin','user') + }} + mailu_user_key: "{{ item.key }}" + mailu_user_name: "{{ item.value.username }}" + mailu_password: "{{ item.value.password }}" + mailu_token_ip: "{{ item.value.ip | default('') }}" + loop: "{{ users | dict2items }}" + loop_control: + loop_var: item + +- name: Set Mailu DNS records + include_tasks: 04_set-mailu-dns-records.yml + when: dns_provider == 'cloudflare' \ No newline at end of file diff --git a/roles/web-app-mailu/tasks/01_00_create-mailu-user.yml b/roles/web-app-mailu/tasks/02_create-mailu-user.yml similarity index 95% rename from roles/web-app-mailu/tasks/01_00_create-mailu-user.yml rename to roles/web-app-mailu/tasks/02_create-mailu-user.yml index 5646bea9..375b4a08 100644 --- a/roles/web-app-mailu/tasks/01_00_create-mailu-user.yml +++ b/roles/web-app-mailu/tasks/02_create-mailu-user.yml @@ -23,5 +23,5 @@ when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles" - name: "Create Mailu API Token for {{ mailu_user_name }}" - include_tasks: 01_0A_create-mailu-token.yml + include_tasks: 03_create-mailu-token.yml when: "{{ 'mail-bot' in item.value.roles }}" \ No newline at end of file diff --git a/roles/web-app-mailu/tasks/01_0A_create-mailu-token.yml b/roles/web-app-mailu/tasks/03_create-mailu-token.yml similarity index 100% rename from roles/web-app-mailu/tasks/01_0A_create-mailu-token.yml rename to roles/web-app-mailu/tasks/03_create-mailu-token.yml diff --git a/roles/web-app-mailu/tasks/02_00_set-mailu-dns-records.yml b/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml similarity index 98% rename from roles/web-app-mailu/tasks/02_00_set-mailu-dns-records.yml rename to roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml index b865a6db..2c720b39 100644 --- a/roles/web-app-mailu/tasks/02_00_set-mailu-dns-records.yml +++ b/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml @@ -2,7 +2,7 @@ include_vars: vars/mailu-dns.yml - name: Generate DKIM public key - include_tasks: 02_0A_generate-and-read-dkim.yml + include_tasks: 05_generate-and-read-dkim.yml - name: "Set A record for mail server" community.general.cloudflare_dns: diff --git a/roles/web-app-mailu/tasks/02_0A_generate-and-read-dkim.yml b/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml similarity index 100% rename from roles/web-app-mailu/tasks/02_0A_generate-and-read-dkim.yml rename to roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml diff --git a/roles/web-app-mailu/tasks/main.yml b/roles/web-app-mailu/tasks/main.yml index 6dc537cf..95d60db0 100644 --- a/roles/web-app-mailu/tasks/main.yml +++ b/roles/web-app-mailu/tasks/main.yml @@ -1,41 +1,5 @@ --- - block: - - name: "load docker, db and proxy for {{application_id}}" - include_role: - name: cmp-db-docker-proxy - - - name: "Include the srv-proxy-6-6-tls-deploy role" - include_role: - name: srv-proxy-6-6-tls-deploy - - - name: Flush docker service handlers - meta: flush_handlers - - - name: "Create Mailu accounts" - include_tasks: 01_00_create-mailu-user.yml - vars: - mailu_compose_dir: "{{ docker_compose.directories.instance }}" - mailu_domain: "{{ primary_domain }}" - mailu_api_base_url: "http://127.0.0.1:8080/api/v1" - mailu_global_api_token: "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}" - mailu_action: >- - {{ - ( - 'administrator' in (item.value.get('roles', [])) - ) - | ternary('admin','user') - }} - mailu_user_key: "{{ item.key }}" - mailu_user_name: "{{ item.value.username }}" - mailu_password: "{{ item.value.password }}" - mailu_token_ip: "{{ item.value.ip | default('') }}" - loop: "{{ users | dict2items }}" - loop_control: - loop_var: item - - - name: Set Mailu DNS records - include_tasks: 02_00_set-mailu-dns-records.yml - when: dns_provider == 'cloudflare' - + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml when: run_once_web_app_mailu is not defined \ No newline at end of file diff --git a/roles/web-app-matrix/tasks/create-and-seed-database.yml b/roles/web-app-matrix/tasks/create-and-seed-database.yml index 983677f9..8004e262 100644 --- a/roles/web-app-matrix/tasks/create-and-seed-database.yml +++ b/roles/web-app-matrix/tasks/create-and-seed-database.yml @@ -9,5 +9,5 @@ name: svc-db-postgres when: applications | get_app_conf(application_id, 'features.central_database', False) -- name: "include 03_seed-database-to-backup.yml" - include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml" \ No newline at end of file +- name: "include 04_seed-database-to-backup.yml" + include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" \ No newline at end of file diff --git a/roles/web-app-mig/tasks/01_core.yml b/roles/web-app-mig/tasks/01_core.yml new file mode 100644 index 00000000..0f9b02a9 --- /dev/null +++ b/roles/web-app-mig/tasks/01_core.yml @@ -0,0 +1,26 @@ +- name: Load docker compose vars + include_vars: + file: roles/docker-compose/vars/docker-compose.yml + name: mig_docker_compose + +- name: Set roles volume variable + set_fact: + mig_roles_meta_volume: "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/" + +- name: Set roles list variable + set_fact: + mig_roles_meta_list: "{{ mig_roles_meta_volume }}list.json" + +- name: "load docker, proxy for '{{application_id}}'" + include_role: + name: cmp-docker-proxy + +- name: Create tree + command: "infinito build tree --no-signal --alarm-timeout 0 -s {{ mig_roles_meta_volume }}" + when: + - mig_build_data + +- name: Create roles list + command: "infinito build roles_list --no-signal --alarm-timeout 0 -o {{ mig_roles_meta_list }}" + when: + - mig_build_data \ No newline at end of file diff --git a/roles/web-app-mig/tasks/main.yml b/roles/web-app-mig/tasks/main.yml index 68427ed2..4dfdae39 100644 --- a/roles/web-app-mig/tasks/main.yml +++ b/roles/web-app-mig/tasks/main.yml @@ -1,31 +1,6 @@ --- - block: - - name: Load docker compose vars - include_vars: - file: roles/docker-compose/vars/docker-compose.yml - name: mig_docker_compose - - - name: Set roles volume variable - set_fact: - mig_roles_meta_volume: "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/" - - - name: Set roles list variable - set_fact: - mig_roles_meta_list: "{{ mig_roles_meta_volume }}list.json" - - - name: "load docker, proxy for '{{application_id}}'" - include_role: - name: cmp-docker-proxy - - - name: Create tree - command: "infinito build tree --no-signal --alarm-timeout 0 -s {{ mig_roles_meta_volume }}" - when: - - mig_build_data - - - name: Create roles list - command: "infinito build roles_list --no-signal --alarm-timeout 0 -o {{ mig_roles_meta_list }}" - when: - - mig_build_data + - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml name: "Setup Meta Infinite Graph" when: run_once_web_app_mig is not defined diff --git a/roles/web-app-moodle/tasks/01_patch_config.yml b/roles/web-app-moodle/tasks/01_patch_config.yml index 10cc4155..1abbd218 100644 --- a/roles/web-app-moodle/tasks/01_patch_config.yml +++ b/roles/web-app-moodle/tasks/01_patch_config.yml @@ -1,48 +1,24 @@ -- name: Check if config.php exists - command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} - register: config_file_exists - changed_when: false - failed_when: false +- name: Update DB host + command: > + docker exec --user root {{ moodle_container }} + sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }} -- name: Backup config.php to host - when: config_file_exists.rc == 0 - block: - - name: Create backup directory on host - ansible.builtin.file: - path: "/opt/docker/moodle/_backup" - state: directory - mode: "0755" +- name: Update DB name + command: > + docker exec --user root {{ moodle_container }} + sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }} -- name: Check if config.php exists - command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} - register: config_file_exists - changed_when: false - failed_when: false +- name: Update DB user + command: > + docker exec --user root {{ moodle_container }} + sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }} -- name: Patch Moodle config.php with updated DB and wwwroot credentials - when: config_file_exists.rc == 0 - block: - - name: Update DB host - command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }} +- name: Update DB password + command: > + docker exec --user root {{ moodle_container }} + sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }} - - name: Update DB name - command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }} - - - name: Update DB user - command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }} - - - name: Update DB password - command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }} - - - name: Update CFG->wwwroot via sed in container - command: > - docker exec --user root {{ moodle_container }} - sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }} +- name: Update CFG->wwwroot via sed in container + command: > + docker exec --user root {{ moodle_container }} + sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }} diff --git a/roles/web-app-moodle/tasks/main.yml b/roles/web-app-moodle/tasks/main.yml index bb999496..f6c30be3 100644 --- a/roles/web-app-moodle/tasks/main.yml +++ b/roles/web-app-moodle/tasks/main.yml @@ -3,8 +3,21 @@ include_role: name: cmp-db-docker-proxy +- name: Check if config.php exists + command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} + register: config_file_exists + changed_when: false + failed_when: false + +- name: Check if config.php exists + command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} + register: config_file_exists + changed_when: false + failed_when: false + - name: "Update database credentials" include_tasks: 01_patch_config.yml + when: config_file_exists.rc == 0 - name: flush docker service meta: flush_handlers diff --git a/roles/web-app-nextcloud/tasks/02_plugin.yml b/roles/web-app-nextcloud/tasks/02_plugin.yml index 9abf7e27..80e1626e 100644 --- a/roles/web-app-nextcloud/tasks/02_plugin.yml +++ b/roles/web-app-nextcloud/tasks/02_plugin.yml @@ -1,74 +1,9 @@ -- name: "Disable incompatible plugins for {{plugin_key}}." - command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}" - loop: "{{plugin_value.incompatible_plugins}}" - loop_control: - loop_var: incompatible_plugin - register: disable_incompatible_plugin_result - changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout) - when: - - plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0 - - plugin_value.enabled | bool +- block: + - include_tasks: 03_plugin_routines.yml + when: plugin_value.enabled | bool - name: disable {{ plugin_key }} nextcloud plugin command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}" register: disable_result changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout) - when: not (plugin_value.enabled | bool) - -- name: install {{ plugin_key }} nextcloud plugin - command: "{{ nextcloud_docker_exec_occ }} app:install {{ plugin_key }}" - register: install_result - failed_when: > - install_result.rc != 0 - and - ("already installed" not in install_result.stdout) - and - ("not compatible with this version of the server" not in install_result.stdout) - changed_when: > - install_result.rc == 0 - and - ("already installed" not in install_result.stdout) - when: plugin_value.enabled | bool - -- block: - - name: enable {{plugin_key}} nextcloud plugin - command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}" - register: enable_result - changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout) - - - name: Check if {{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml exists - stat: - path: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml" - delegate_to: localhost - become: false - register: plugin_vars_file - - - name: "Load {{ plugin_key }} configuration variables" - include_vars: - file: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml" - when: plugin_vars_file.stat.exists - - - name: "Set {{ item.configkey }} for {{ item.appid }}" - loop: "{{ plugin_configuration }}" - command: > - {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}' - register: config_set_result - changed_when: (config_set_result.stdout is defined) and ("Config value were not updated" not in config_set_result.stdout) - when: plugin_vars_file.stat.exists - - - name: Check if {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml exists - stat: - path: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" - delegate_to: localhost - become: false - register: plugin_tasks_file - - - name: "include {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" - include_tasks: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" - when: plugin_tasks_file.stat.exists - when: - - plugin_value.enabled | bool - - install_result is defined - - > - install_result.rc == 0 - or "already installed" in install_result.stdout \ No newline at end of file + when: not (plugin_value.enabled | bool) \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/03_plugin_routines.yml b/roles/web-app-nextcloud/tasks/03_plugin_routines.yml new file mode 100644 index 00000000..6f3119a3 --- /dev/null +++ b/roles/web-app-nextcloud/tasks/03_plugin_routines.yml @@ -0,0 +1,31 @@ +- name: "Disable incompatible plugins for {{plugin_key}}." + command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}" + loop: "{{plugin_value.incompatible_plugins}}" + loop_control: + loop_var: incompatible_plugin + register: disable_incompatible_plugin_result + changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout) + when: + - plugin_value.incompatible_plugins is defined + - plugin_value.incompatible_plugins | length > 0 + +- name: install {{ plugin_key }} nextcloud plugin + command: "{{ nextcloud_docker_exec_occ }} app:install {{ plugin_key }}" + register: install_result + failed_when: > + install_result.rc != 0 + and + ("already installed" not in install_result.stdout) + and + ("not compatible with this version of the server" not in install_result.stdout) + changed_when: > + install_result.rc == 0 + and + ("already installed" not in install_result.stdout) + +- include_tasks: 04_plugin_enable_and_configure.yml + when: + - install_result is defined + - > + install_result.rc == 0 + or "already installed" in install_result.stdout \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/04_plugin_enable_and_configure.yml b/roles/web-app-nextcloud/tasks/04_plugin_enable_and_configure.yml new file mode 100644 index 00000000..93024893 --- /dev/null +++ b/roles/web-app-nextcloud/tasks/04_plugin_enable_and_configure.yml @@ -0,0 +1,35 @@ +- name: enable {{plugin_key}} nextcloud plugin + command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}" + register: enable_result + changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout) + +- name: Check if {{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml exists + stat: + path: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml" + delegate_to: localhost + become: false + register: plugin_vars_file + +- name: "Load {{ plugin_key }} configuration variables" + include_vars: + file: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml" + when: plugin_vars_file.stat.exists + +- name: "Set {{ item.configkey }} for {{ item.appid }}" + loop: "{{ plugin_configuration }}" + command: > + {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}' + register: config_set_result + changed_when: (config_set_result.stdout is defined) and ("Config value were not updated" not in config_set_result.stdout) + when: plugin_vars_file.stat.exists + +- name: Check if {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml exists + stat: + path: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" + delegate_to: localhost + become: false + register: plugin_tasks_file + +- name: "include {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" + include_tasks: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml" + when: plugin_tasks_file.stat.exists \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/03_system.yml b/roles/web-app-nextcloud/tasks/05_system.yml similarity index 100% rename from roles/web-app-nextcloud/tasks/03_system.yml rename to roles/web-app-nextcloud/tasks/05_system.yml diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index 8313134c..1a816ae1 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -52,7 +52,7 @@ when: nextcloud_plugins_enabled - name: Load system configuration - include_tasks: 03_system.yml + include_tasks: 05_system.yml - name: Add missing database indices in Nextcloud command: > diff --git a/roles/web-app-port-ui/tasks/01_core.yml b/roles/web-app-port-ui/tasks/01_core.yml new file mode 100644 index 00000000..260230dc --- /dev/null +++ b/roles/web-app-port-ui/tasks/01_core.yml @@ -0,0 +1,60 @@ +- name: "Validate configuration" + include_tasks: "02_validate.yml" + +- name: "load docker, proxy for '{{application_id}}'" + include_role: + name: cmp-docker-proxy + +- name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}" + stat: + path: "{{ config_inventory_path }}" + delegate_to: localhost + become: false + register: config_file + +- name: Load menu categories + include_vars: + file: "menu_categories.yml" + +- name: Load docker cards + set_fact: + portfolio_cards: "{{ lookup('docker_cards', 'roles') }}" + +- name: "Load images for applications feature simpleicons is enabled " + set_fact: + portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}" + when: + - (applications | get_app_conf(application_id, 'features.simpleicons', False)) + +- name: Group docker cards + set_fact: + portfolio_menu_data: "{{ lookup('docker_cards_grouped', portfolio_cards, portfolio_menu_categories) }}" + +- name: Debug portfolio data + debug: + msg: + portfolio_cards: "{{ portfolio_cards }}" + portfolio_menu_categories: "{{ portfolio_menu_categories}}" + portfolio_menu_data: "{{ portfolio_menu_data }}" + service_provider: "{{ service_provider }}" + when: enable_debug | bool + +- name: Copy host-specific config.yaml if it exists + template: + src: "{{ config_inventory_path }}" + dest: "{{docker_repository_path}}/app/config.yaml" + notify: docker compose up + when: config_file.stat.exists + +- name: Copy default config.yaml from the role template if host-specific file does not exist + template: + src: "config.yaml.j2" + dest: "{{docker_repository_path}}/app/config.yaml" + notify: docker compose up + when: not config_file.stat.exists + +- name: add docker-compose.yml + template: + src: docker-compose.yml.j2 + dest: "{docker_compose.directories.instance}}docker-compose.yml" + notify: docker compose up \ No newline at end of file diff --git a/roles/web-app-port-ui/tasks/validate.yml b/roles/web-app-port-ui/tasks/02_validate.yml similarity index 100% rename from roles/web-app-port-ui/tasks/validate.yml rename to roles/web-app-port-ui/tasks/02_validate.yml diff --git a/roles/web-app-port-ui/tasks/main.yml b/roles/web-app-port-ui/tasks/main.yml index 7b1b0057..be22f98c 100644 --- a/roles/web-app-port-ui/tasks/main.yml +++ b/roles/web-app-port-ui/tasks/main.yml @@ -1,65 +1,5 @@ --- - block: - - name: "Validate configuration" - include_tasks: "validate.yml" - - - name: "load docker, proxy for '{{application_id}}'" - include_role: - name: cmp-docker-proxy - - - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}" - stat: - path: "{{ config_inventory_path }}" - delegate_to: localhost - become: false - register: config_file - - - name: Load menu categories - include_vars: - file: "menu_categories.yml" - - - name: Load docker cards - set_fact: - portfolio_cards: "{{ lookup('docker_cards', 'roles') }}" - - - name: "Load images for applications feature simpleicons is enabled " - set_fact: - portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}" - when: - - (applications | get_app_conf(application_id, 'features.simpleicons', False)) - - - name: Group docker cards - set_fact: - portfolio_menu_data: "{{ lookup('docker_cards_grouped', portfolio_cards, portfolio_menu_categories) }}" - - - name: Debug portfolio data - debug: - msg: - portfolio_cards: "{{ portfolio_cards }}" - portfolio_menu_categories: "{{ portfolio_menu_categories}}" - portfolio_menu_data: "{{ portfolio_menu_data }}" - service_provider: "{{ service_provider }}" - when: enable_debug | bool - - - name: Copy host-specific config.yaml if it exists - template: - src: "{{ config_inventory_path }}" - dest: "{{docker_repository_path}}/app/config.yaml" - notify: docker compose up - when: config_file.stat.exists - - - name: Copy default config.yaml from the role template if host-specific file does not exist - template: - src: "config.yaml.j2" - dest: "{{docker_repository_path}}/app/config.yaml" - notify: docker compose up - when: not config_file.stat.exists - - - name: add docker-compose.yml - template: - src: docker-compose.yml.j2 - dest: "{docker_compose.directories.instance}}docker-compose.yml" - notify: docker compose up - - - include_tasks: utils/run_once.yml + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_web_app_port_ui is not defined \ No newline at end of file