diff --git a/.ansible-lint b/.ansible-lint
index ae6a780c559580686511a90a0208b62f1b9e8d5c..5fbaf4e3b3fd966af6b94a5e04f9495888455504 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -7,4 +7,7 @@ exclude_paths:
- playbooks/upgrade.yml
- roles/_*/
+skip_list:
+ - '701'
+
...
diff --git a/.gitattributes b/.gitattributes
index d80a9fe1c965ccd89af153f62a97ca93fd051fad..89e09d2f2f1b9c67ff541521c5c429402aec817d 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1 @@
-roles/import/files/on-upload filter=lfs diff=lfs merge=lfs -text
+roles/mediaimport/files/on-upload filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
index 94b749e0e5dbcad7215ad28f0798d2a4589212e9..9858f9b9f4dd7a5ec41a66526625ed73e0ecdcfb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,7 @@ inventories/*
inventories/local*/host_vars/localhost.yml
playbooks/_*
roles/_*
-logs/
+./logs/
log/
# packer
diff --git a/Makefile b/Makefile
index a76884794a15acd44c5df5022e7d40d216fd9dc8..7c24eabf990cce8f1e3497086c7b115280620c87 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,5 @@
SHELL := /bin/bash
DOCKER_IMAGE_NAME := registry.ubicast.net/mediaserver/envsetup
-ifdef debug
- MOLECULE_FLAGS += --debug
-endif
-ifdef keep
- MOLECULE_TEST_FLAGS += --destroy=never
-endif
VENV := /tmp/pyvensetup
PIP_BIN = $(shell command -v $(VENV)/bin/pip3 || command -v pip3 || echo pip3)
PIP_COMPILE_BIN = $(shell command -v $(VENV)/bin/pip-compile || command -v pip-compile)
@@ -15,6 +9,14 @@ ANSIBLE_LINT_BIN = $(shell command -v ansible-lint || command -v $(VENV)/bin/ans
YAMLLINT_BIN = $(shell command -v yamllint || command -v $(VENV)/bin/yamllint)
FLAKE8_BIN = $(shell command -v flake8 || command -v $(VENV)/bin/flake8)
+# molecule tests flags
+ifdef debug
+ MOLECULE_FLAGS += --debug
+endif
+ifdef keep
+ MOLECULE_TEST_FLAGS += --destroy=never
+endif
+
.PHONY: all
## TARGET: DESCRIPTION: ARGS
all: help
@@ -50,7 +52,7 @@ lint:
$(ANSIBLE_LINT_BIN) site.yml
.PHONY: test
-## test: Run development tests on the project : debug=1, keep=1
+## test: Run development tests on the project : debug=1, keep=1, SKYREACH_SYSTEM_KEY=<xxx>
test:
ifndef SKYREACH_SYSTEM_KEY
$(error SKYREACH_SYSTEM_KEY is undefined)
diff --git a/doc/config.md b/doc/config.md
index 32a0e2b3281bcd8616dec2f57c9a72121c6f71e4..899082935eaefb6b96359baf4fea4ae966c754d3 100644
--- a/doc/config.md
+++ b/doc/config.md
@@ -62,16 +62,16 @@ mymediaserver
mymediaworker
mymediavault
-[monitor]
+[msmonitor]
mymediaserver
[postgres]
mymediaserver
-[manager]
+[mirismanager]
mymediaserver
-[server]
+[mediaserver]
mymediaserver
[wowza]
@@ -80,10 +80,10 @@ mymediaserver
[celerity]
mymediaserver
-[worker]
+[mediaworker]
mymediaworker
-[vault]
+[mediavault]
mymediavault
```
diff --git a/doc/deploy.md b/doc/deploy.md
index f8f1939752fe228163463924157a760dc9287e22..92bb3bcc1a37ee0583762d3a8862fb4392ab6a29 100644
--- a/doc/deploy.md
+++ b/doc/deploy.md
@@ -11,37 +11,37 @@ make deploy i=inventories/my-customer
### MediaWorker
```sh
-make deploy i=inventories/my-customer l=worker
+make deploy i=inventories/my-customer l=mediaworker
```
### Monitor
```sh
-make deploy i=inventories/my-customer l=monitor
+make deploy i=inventories/my-customer l=msmonitor
```
### MirisManager
```sh
-make deploy i=inventories/my-customer l=manager
+make deploy i=inventories/my-customer l=mirismanager
```
### MediaServer
```sh
-make deploy i=inventories/my-customer l=server
+make deploy i=inventories/my-customer l=mediaserver
```
### MediaImport
```sh
-make deploy i=inventories/my-customer l=import
+make deploy i=inventories/my-customer l=mediaimport
```
### MediaVault
```sh
-make deploy i=inventories/my-customer l=vault
+make deploy i=inventories/my-customer l=mediavault
```
### Celerity
@@ -73,9 +73,9 @@ make deploy i=inventories/my-customer l=netcapture
Instead of deploying all host remotely through SSH, you can also clone the envsetup repository on the server as `root` in `~/envsetup`, then enter in the directory, configure the activation or system key and run one of those commands:
```sh
-make deploy i=inventories/local-server
-make deploy i=inventories/local-worker
-make deploy i=inventories/local-vault
+make deploy i=inventories/local-mediaserver
+make deploy i=inventories/local-mediaworker
+make deploy i=inventories/local-mediavault
```
## Known issues
diff --git a/doc/image.md b/doc/image.md
index 967c86d9ed9a18b2ebbf078930125ea507593f2a..7ee677bcbb0cc1544ba4b094959a336ab7337659 100644
--- a/doc/image.md
+++ b/doc/image.md
@@ -28,13 +28,13 @@ Then you need the groups that will be applied to the machine, for example for a
"type": "ansible",
[...]
"groups": [
- "monitor",
+ "msmonitor",
"postgres",
- "manager",
+ "mirismanager",
"wowza",
"celerity",
- "server",
- "import"
+ "mediaserver",
+ "mediaimport"
]
}
]
@@ -52,7 +52,7 @@ For a worker:
"type": "ansible",
[...]
"groups": [
- "worker"
+ "mediaworker"
]
}
]
diff --git a/inventories/example/hosts b/inventories/example/hosts
index 1acf9be5a377e816c4dd7f026db8229372da937b..495e6bfe6267f251ace55aa936359d672385e80d 100644
--- a/inventories/example/hosts
+++ b/inventories/example/hosts
@@ -8,16 +8,16 @@ mymediaworker ansible_host=10.0.0.2
; groups list and their members
-[monitor]
+[msmonitor]
mymediaserver
[postgres]
mymediaserver
-[manager]
+[mirismanager]
mymediaserver
-[server]
+[mediaserver]
mymediaserver
[wowza]
@@ -26,13 +26,13 @@ mymediaserver
[celerity]
mymediaserver
-[worker]
+[mediaworker]
mymediaworker
-[import]
+[mediaimport]
mymediaserver
-[vault]
+[mediavault]
[netcapture]
diff --git a/inventories/local-full/hosts b/inventories/local-full/hosts
index 5047b2e4f64257cad668dccbcdfad75790ea7fed..7ac5fbd767e7c38987dc8bc17f5aaadb8ff0dac0 100644
--- a/inventories/local-full/hosts
+++ b/inventories/local-full/hosts
@@ -1,15 +1,15 @@
localhost ansible_connection=local
-[monitor]
+[msmonitor]
localhost
[postgres]
localhost
-[manager]
+[mirismanager]
localhost
-[server]
+[mediaserver]
localhost
[wowza]
@@ -18,8 +18,10 @@ localhost
[celerity]
localhost
-[worker]
+[mediaworker]
localhost
-[import]
+[mediaimport]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-server/host_vars/localhost.dist.yml b/inventories/local-mediaserver/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-server/host_vars/localhost.dist.yml
rename to inventories/local-mediaserver/host_vars/localhost.dist.yml
diff --git a/inventories/local-server/hosts b/inventories/local-mediaserver/hosts
similarity index 66%
rename from inventories/local-server/hosts
rename to inventories/local-mediaserver/hosts
index ec3c7bcc7e3b15aa926410413247297bbca3529c..95b51cf5ae0b1a702c29986a6a794bd462245eec 100644
--- a/inventories/local-server/hosts
+++ b/inventories/local-mediaserver/hosts
@@ -1,15 +1,15 @@
localhost ansible_connection=local
-[monitor]
+[msmonitor]
localhost
[postgres]
localhost
-[manager]
+[mirismanager]
localhost
-[server]
+[mediaserver]
localhost
[wowza]
@@ -18,5 +18,7 @@ localhost
[celerity]
localhost
-[import]
+[mediaimport]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-vault/host_vars/localhost.dist.yml b/inventories/local-mediavault/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-vault/host_vars/localhost.dist.yml
rename to inventories/local-mediavault/host_vars/localhost.dist.yml
diff --git a/inventories/local-vault/hosts b/inventories/local-mediavault/hosts
similarity index 60%
rename from inventories/local-vault/hosts
rename to inventories/local-mediavault/hosts
index 8acb6f25ef6c0bf32aaccc19d9b7e02a066e08c7..6dfe3095fa42adfea48681a0ff68a008aeba0bad 100644
--- a/inventories/local-vault/hosts
+++ b/inventories/local-mediavault/hosts
@@ -1,4 +1,6 @@
localhost ansible_connection=local
-[vault]
+[mediavault]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-worker/host_vars/localhost.dist.yml b/inventories/local-mediaworker/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-worker/host_vars/localhost.dist.yml
rename to inventories/local-mediaworker/host_vars/localhost.dist.yml
diff --git a/inventories/local-worker/hosts b/inventories/local-mediaworker/hosts
similarity index 59%
rename from inventories/local-worker/hosts
rename to inventories/local-mediaworker/hosts
index f3870ec486a8421ef6cb8d9bc55c9f4d57a18464..4b3a22ad384791913472451b37df48fcacba6d7b 100644
--- a/inventories/local-worker/hosts
+++ b/inventories/local-mediaworker/hosts
@@ -1,4 +1,6 @@
localhost ansible_connection=local
-[worker]
+[mediaworker]
localhost
+
+; vim:ft=dosini
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0f6ee7c70906ef0485d187ba5229901c60cf3aaf
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,49 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: PYTHON
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: ensure python3 is installed
+ register: python_install
+ changed_when: "'es_pyinstall' in python_install.stdout_lines"
+ raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
+
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - base
+ - postgres
+ - msmonitor
+ - mirismanager
+ - wowza
+ - celerity
+ - mediaworker
+ - mediaserver
+ - mediaimport
+ - mediavault
+ - netcapture
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 4d9fe5f066ac240fc8342937e96ef6ea55aa0989..97d2cd3968781fdcfb75965dbc11c8cb63ce69d4 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,11 +1,7 @@
---
-dependency:
- name: galaxy
driver:
name: docker
-lint:
- name: yamllint
platforms:
- name: debian-buster-${CI_PIPELINE_ID:-default}
image: registry.ubicast.net/docker/debian-systemd:buster
@@ -16,15 +12,15 @@ platforms:
tmpfs:
- /tmp
- /run
- - /run/lock
groups:
- celerity
- - manager
- - monitor
+ - mirismanager
+ - msmonitor
+ - wowza
- postgres
- - server
- - worker
- - import
+ - mediaserver
+ - mediaworker
+ - mediaimport
- netcapture
provisioner:
name: ansible
@@ -33,22 +29,5 @@ provisioner:
ANSIBLE_LIBRARY: ../../library
ANSIBLE_ACTION_PLUGINS: ../../plugins/action
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
- lint:
- name: ansible-lint
- env:
- ANSIBLE_ROLES_PATH: ../../roles
- ANSIBLE_LIBRARY: ../../library
- ANSIBLE_ACTION_PLUGINS: ../../plugins/action
- ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
- inventory:
- group_vars:
- all:
- ansible_python_interpreter: /usr/bin/python3
- playbooks:
- converge: ../../site.yml
verifier:
name: testinfra
- lint:
- name: flake8
- options:
- max-line-length: 90
diff --git a/molecule/default/tests/test_040_celerity.py b/molecule/default/tests/test_celerity.py
similarity index 100%
rename from molecule/default/tests/test_040_celerity.py
rename to molecule/default/tests/test_celerity.py
diff --git a/molecule/default/tests/test_010_conf.py b/molecule/default/tests/test_conf.py
similarity index 100%
rename from molecule/default/tests/test_010_conf.py
rename to molecule/default/tests/test_conf.py
diff --git a/molecule/default/tests/test_011_init.py b/molecule/default/tests/test_init.py
similarity index 100%
rename from molecule/default/tests/test_011_init.py
rename to molecule/default/tests/test_init.py
diff --git a/molecule/default/tests/test_060_import.py b/molecule/default/tests/test_mediaimport.py
similarity index 96%
rename from molecule/default/tests/test_060_import.py
rename to molecule/default/tests/test_mediaimport.py
index 72ecace9adf7872fbf863f847bf550264cac3c2c..0328895d4158c71169ebc7d77bc4f026c537f4d8 100644
--- a/molecule/default/tests/test_060_import.py
+++ b/molecule/default/tests/test_mediaimport.py
@@ -10,7 +10,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
# TODO: ubicast-mediaimport when released
def test_import_is_installed(host):
- p = host.package("python3-mediaserver-mediaimport")
+ p = host.package("ubicast-mediaimport")
assert p.is_installed
diff --git a/molecule/default/tests/test_050_server.py b/molecule/default/tests/test_mediaserver.py
similarity index 100%
rename from molecule/default/tests/test_050_server.py
rename to molecule/default/tests/test_mediaserver.py
diff --git a/molecule/default/tests/test_mediavault.py b/molecule/default/tests/test_mediavault.py
new file mode 100644
index 0000000000000000000000000000000000000000..fc9ff9fa54dbb6251cb645f7daa805ea2ba54485
--- /dev/null
+++ b/molecule/default/tests/test_mediavault.py
@@ -0,0 +1,35 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ["MOLECULE_INVENTORY_FILE"]
+).get_hosts("all")
+
+
+def test_rsync_is_installed(host):
+ p = host.package("rsync")
+
+ assert p.is_installed
+
+
+def test_rsync_time_backup_repo(host):
+ d = host.file("/usr/local/share/rsync-time-backup")
+
+ assert d.exists
+ assert d.is_directory
+
+
+def test_rsync_time_backup_link(host):
+ s = host.file("/usr/local/sbin/rsync_tmbackup")
+
+ assert s.exists
+ assert s.is_symlink
+
+
+def test_backup_dir(host):
+ d = host.file("/backup")
+
+ assert d.exists
+ assert d.is_directory
diff --git a/molecule/default/tests/test_041_worker.py b/molecule/default/tests/test_mediaworker.py
similarity index 100%
rename from molecule/default/tests/test_041_worker.py
rename to molecule/default/tests/test_mediaworker.py
diff --git a/molecule/default/tests/test_030_manager.py b/molecule/default/tests/test_mirismanager.py
similarity index 100%
rename from molecule/default/tests/test_030_manager.py
rename to molecule/default/tests/test_mirismanager.py
diff --git a/molecule/default/tests/test_021_monitor.py b/molecule/default/tests/test_msmonitor.py
similarity index 100%
rename from molecule/default/tests/test_021_monitor.py
rename to molecule/default/tests/test_msmonitor.py
diff --git a/molecule/default/tests/test_070_netcapture.py b/molecule/default/tests/test_netcapture.py
similarity index 100%
rename from molecule/default/tests/test_070_netcapture.py
rename to molecule/default/tests/test_netcapture.py
diff --git a/molecule/default/tests/test_020_nginx.py b/molecule/default/tests/test_nginx.py
similarity index 100%
rename from molecule/default/tests/test_020_nginx.py
rename to molecule/default/tests/test_nginx.py
diff --git a/molecule/default/tests/test_013_ntp.py b/molecule/default/tests/test_ntp.py
similarity index 100%
rename from molecule/default/tests/test_013_ntp.py
rename to molecule/default/tests/test_ntp.py
diff --git a/molecule/default/tests/test_012_postfix.py b/molecule/default/tests/test_postfix.py
similarity index 100%
rename from molecule/default/tests/test_012_postfix.py
rename to molecule/default/tests/test_postfix.py
diff --git a/molecule/default/tests/test_022_postgres.py b/molecule/default/tests/test_postgres.py
similarity index 100%
rename from molecule/default/tests/test_022_postgres.py
rename to molecule/default/tests/test_postgres.py
diff --git a/molecule/default/tests/test_000_python3.py b/molecule/default/tests/test_python3.py
similarity index 100%
rename from molecule/default/tests/test_000_python3.py
rename to molecule/default/tests/test_python3.py
diff --git a/packer/example.json b/packer/example.json
index ed316d9dfaae7ee3ea2403ebaa25b842896bf4b2..fd1539a1a2f056c92c9d22472cad52f9a40f2347 100644
--- a/packer/example.json
+++ b/packer/example.json
@@ -79,14 +79,14 @@
],
"playbook_file": "site.yml",
"groups": [
- "monitor",
+ "msmonitor",
"postgres",
- "manager",
+ "mirismanager",
"wowza",
"celerity",
- "server",
- "worker",
- "import"
+ "mediaserver",
+ "mediaworker",
+ "mediaimport"
]
}
]
diff --git a/playbooks/bench-server.yml b/playbooks/bench-server.yml
index 0ef8cecbad2c5f5b93344362f8cef90767d01ecc..1754ee6527efba411cd639a89f9262773281040d 100755
--- a/playbooks/bench-server.yml
+++ b/playbooks/bench-server.yml
@@ -1,10 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-
- name: DEPLOY BENCHMARK SERVER
hosts:
- bench_server
diff --git a/playbooks/bench-worker.yml b/playbooks/bench-worker.yml
index 6cb6031f0cc47eb9f6243b2967ee734f576c90fe..1f86b3713acf9c09684f7f6c8b6a66f119aaa5cc 100755
--- a/playbooks/bench-worker.yml
+++ b/playbooks/bench-worker.yml
@@ -1,10 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-
- name: DEPLOY BENCHMARK WORKERS
hosts:
- bench_worker
diff --git a/playbooks/celerity.yml b/playbooks/celerity.yml
index 7777414e3023f862c6b620b26d759d730177a59c..69751262ef76f16880879502fd0117b173578f73 100755
--- a/playbooks/celerity.yml
+++ b/playbooks/celerity.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/celerity.yml
-
-- import_playbook: includes/network.yml
+- name: CELERITY SERVER
+ hosts: celerity
+ tags: celerity
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - celerity
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/cluster.yml b/playbooks/cluster.yml
index 432b1462279d5b6e34b654b09cdcd3f232d56de7..dcb1ab8de92234d7c9ba0cc88bfe6fbcc252a18a 100755
--- a/playbooks/cluster.yml
+++ b/playbooks/cluster.yml
@@ -1,16 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-- when: firewall_enabled | default(false) | bool
- import_playbook: includes/firewall.yml
-
-- import_playbook: includes/cluster.yml
-
-- import_playbook: includes/network.yml
+- name: CLUSTER
+ hosts: cluster
+ tags: cluster
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - cluster
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/import.yml b/playbooks/import.yml
deleted file mode 100755
index 10fe65e66a8f377e0be34334654aece0fc183ec0..0000000000000000000000000000000000000000
--- a/playbooks/import.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/import.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/includes/base.yml b/playbooks/includes/base.yml
deleted file mode 100755
index 890d6ec11b8cec58c999dda4c2edd9245ce788ba..0000000000000000000000000000000000000000
--- a/playbooks/includes/base.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: BASE
- hosts:
- - all
- tags:
- - always
- - base
- roles:
- - postfix
- - ntp
- - fail2ban
-
-...
diff --git a/playbooks/includes/celerity.yml b/playbooks/includes/celerity.yml
deleted file mode 100755
index b4d9f597dd9db990ffac84de1c981e3c6442f41e..0000000000000000000000000000000000000000
--- a/playbooks/includes/celerity.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CELERITY
- hosts:
- - celerity
- tags:
- - celerity
- roles:
- - celerity
-
-...
diff --git a/playbooks/includes/certificates.yml b/playbooks/includes/certificates.yml
deleted file mode 100755
index 5f059109be197dbde1b7c0c297f52d637efddbe3..0000000000000000000000000000000000000000
--- a/playbooks/includes/certificates.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CERTIFICATES
- hosts:
- - monitor
- - manager
- - server
- tags:
- - monitor
- - manager
- - server
- - letsencrypt
- roles:
- - role: letsencrypt
- when:
- - letsencrypt_enabled is defined
- - letsencrypt_enabled
-
-...
diff --git a/playbooks/includes/check_docker.yml b/playbooks/includes/check_docker.yml
deleted file mode 100755
index 026e58ad2dd539f1db1486bdbb4e8537edfa74d6..0000000000000000000000000000000000000000
--- a/playbooks/includes/check_docker.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CHECK IF RUNNING IN DOCKER
- hosts:
- - all
- tags:
- - always
- - check
- tasks:
- - name: check .dockerenv presence
- register: check_if_docker
- stat:
- path: /.dockerenv
- - name: set docker flag variable
- set_fact:
- in_docker: "{{ check_if_docker.stat.isreg is defined and check_if_docker.stat.isreg }}"
-
-...
diff --git a/playbooks/includes/cluster.yml b/playbooks/includes/cluster.yml
deleted file mode 100755
index a7b072f19f589f546fd22357f07bc3820f7c0bf4..0000000000000000000000000000000000000000
--- a/playbooks/includes/cluster.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CLUSTER
- hosts:
- - cluster
- tags:
- - cluster
- roles:
- - cluster
-
-...
diff --git a/playbooks/includes/conf.yml b/playbooks/includes/conf.yml
deleted file mode 100755
index e9ce9e780c73005ec41469fe0cffda97129992d4..0000000000000000000000000000000000000000
--- a/playbooks/includes/conf.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: LOAD CONF
- hosts:
- - all
- tags:
- - always
- - conf
- roles:
- - conf
-
-...
diff --git a/playbooks/includes/firewall.yml b/playbooks/includes/firewall.yml
deleted file mode 100755
index b37ad0f853a7dd1f23b75b63ac9523fb68e6b5ad..0000000000000000000000000000000000000000
--- a/playbooks/includes/firewall.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: FIREWALL
- hosts:
- - all
- tags:
- - always
- - firewall
- roles:
- - ferm
-
-...
diff --git a/playbooks/includes/import.yml b/playbooks/includes/import.yml
deleted file mode 100755
index 944c9ba70f762b805703ec7ad2c13ece30de09cf..0000000000000000000000000000000000000000
--- a/playbooks/includes/import.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAIMPORT
- hosts:
- - import
- tags:
- - import
- roles:
- - import
-
-...
diff --git a/playbooks/includes/init.yml b/playbooks/includes/init.yml
deleted file mode 100755
index 06ba396e80bf84b23a7b098263ddd068d601d9d8..0000000000000000000000000000000000000000
--- a/playbooks/includes/init.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: INIT
- hosts:
- - all
- tags:
- - always
- - init
- roles:
- - init
- - repos
- - sysutils
- - locale
- - users
-
-...
diff --git a/playbooks/includes/manager.yml b/playbooks/includes/manager.yml
deleted file mode 100755
index ff6cfc37d92862d95a319dc9bfe968df56ae0760..0000000000000000000000000000000000000000
--- a/playbooks/includes/manager.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MIRISMANAGER
- hosts:
- - manager
- tags:
- - manager
- vars:
- nginx_server_name: "{{ manager_hostname | default(envsetup_cm_server_name, true) }}"
- roles:
- - nginx
- - manager
-
-...
diff --git a/playbooks/includes/monitor.yml b/playbooks/includes/monitor.yml
deleted file mode 100755
index 358de25f5f5cf591ab6e3f15bd6239098a5b584a..0000000000000000000000000000000000000000
--- a/playbooks/includes/monitor.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MSMONITOR
- hosts:
- - monitor
- tags:
- - monitor
- vars:
- nginx_server_name: "{{ monitor_hostname | default(envsetup_monitor_server_name, true) }}"
- roles:
- - nginx
- - monitor
-
-...
diff --git a/playbooks/includes/netcapture.yml b/playbooks/includes/netcapture.yml
deleted file mode 100755
index fae8ca2ccf51e76e55f03ee4a8f13c3f35f35c58..0000000000000000000000000000000000000000
--- a/playbooks/includes/netcapture.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: NETCAPTURE
- hosts:
- - netcapture
- tags:
- - netcapture
- roles:
- - netcapture
-
-...
diff --git a/playbooks/includes/network.yml b/playbooks/includes/network.yml
deleted file mode 100755
index 92f4d62b0520df4c4968343832583aae06b1d235..0000000000000000000000000000000000000000
--- a/playbooks/includes/network.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CUSTOMIZE NETWORK SETTINGS
- hosts:
- - all
- tags:
- - always
- - network
- roles:
- - network
- - proxy
-
-...
diff --git a/playbooks/includes/postgres.yml b/playbooks/includes/postgres.yml
deleted file mode 100755
index dafae998757274aeacafad11935fe289eb162959..0000000000000000000000000000000000000000
--- a/playbooks/includes/postgres.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POSTGRESQL
- hosts:
- - postgres
- tags:
- - postgres
- roles:
- - postgres
-
-...
diff --git a/playbooks/includes/python.yml b/playbooks/includes/python.yml
deleted file mode 100755
index b19c8a3b8a92e8e1ba99f5f6fd6ea506aba06c0f..0000000000000000000000000000000000000000
--- a/playbooks/includes/python.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: ENSURE PYTHON
- hosts:
- - all
- tags:
- - always
- - python
- gather_facts: false
- roles:
- - python
-
-...
diff --git a/playbooks/includes/server.yml b/playbooks/includes/server.yml
deleted file mode 100755
index e35f0830bf0ba4ceb3a457cbbad5b200b4bd39bd..0000000000000000000000000000000000000000
--- a/playbooks/includes/server.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIASERVER
- hosts:
- - server
- tags:
- - server
- vars:
- nginx_server_name: "{{ server_hostname | default(envsetup_ms_server_name, true) }}"
- roles:
- - nginx
- - server
-
-...
diff --git a/playbooks/includes/vault.yml b/playbooks/includes/vault.yml
deleted file mode 100755
index 89a7f49a15510046f3643b720c2df2b1a5c8c053..0000000000000000000000000000000000000000
--- a/playbooks/includes/vault.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAVAULT
- hosts:
- - vault
- tags:
- - vault
- roles:
- - vault
-
-...
diff --git a/playbooks/includes/worker.yml b/playbooks/includes/worker.yml
deleted file mode 100755
index 7786fda4c618fc926bd88d85151a31313ef0c3f3..0000000000000000000000000000000000000000
--- a/playbooks/includes/worker.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAWORKER
- hosts:
- - worker
- tags:
- - worker
- roles:
- - worker
-
-...
diff --git a/playbooks/includes/wowza.yml b/playbooks/includes/wowza.yml
deleted file mode 100755
index 753f16719f389a8fa5de3f2a4799ff0841c284ed..0000000000000000000000000000000000000000
--- a/playbooks/includes/wowza.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: WOWZA
- hosts:
- - wowza
- tags:
- - wowza
- roles:
- - wowza
-
-...
diff --git a/playbooks/manager.yml b/playbooks/manager.yml
deleted file mode 100755
index ea5f4af61ee625518a84d39092697948ef6f1bac..0000000000000000000000000000000000000000
--- a/playbooks/manager.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/postgres.yml
-- import_playbook: includes/manager.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/mediaimport.yml b/playbooks/mediaimport.yml
new file mode 100755
index 0000000000000000000000000000000000000000..637c84740f61af83600974398b1eff9095f5c800
--- /dev/null
+++ b/playbooks/mediaimport.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAIMPORT
+ hosts: mediaimport
+ tags: mediaimport
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaimport
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediaserver.yml b/playbooks/mediaserver.yml
new file mode 100755
index 0000000000000000000000000000000000000000..052ed623a563b8e2a4c4e33b692b1798f2238272
--- /dev/null
+++ b/playbooks/mediaserver.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIASERVER
+ hosts: mediaserver
+ tags: mediaserver
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaserver
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediavault.yml b/playbooks/mediavault.yml
new file mode 100755
index 0000000000000000000000000000000000000000..a45939fa684fc80f98a1577e43f043585a10358d
--- /dev/null
+++ b/playbooks/mediavault.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAVAULT
+ hosts: mediavault
+ tags: mediavault
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediavault
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediaworker.yml b/playbooks/mediaworker.yml
new file mode 100755
index 0000000000000000000000000000000000000000..1f0464c3bccdb8bff3a0c0bedd30c4d63788c4ee
--- /dev/null
+++ b/playbooks/mediaworker.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAWORKER
+ hosts: mediaworker
+ tags: mediaworker
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaworker
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mirismanager.yml b/playbooks/mirismanager.yml
new file mode 100755
index 0000000000000000000000000000000000000000..a67d22104d707dd443e623ffd33cef0baca6b44e
--- /dev/null
+++ b/playbooks/mirismanager.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MIRIS MANAGER
+ hosts: mirismanager
+ tags: mirismanager
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mirismanager
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/monitor.yml b/playbooks/monitor.yml
deleted file mode 100755
index fc8b49174e4f12bbe847e77d9b71036bc45e117e..0000000000000000000000000000000000000000
--- a/playbooks/monitor.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/monitor.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/msmonitor.yml b/playbooks/msmonitor.yml
new file mode 100755
index 0000000000000000000000000000000000000000..fe3e96c0666d67f5d0158de4bec594b67d24a7b6
--- /dev/null
+++ b/playbooks/msmonitor.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MSMONITOR
+ hosts: msmonitor
+ tags: msmonitor
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - msmonitor
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/netcapture.yml b/playbooks/netcapture.yml
index 7513cf46372d724fd8515512b9af36e5b2735055..aa1b337227ba3238687bb3f7e42e5ed25a947ffc 100755
--- a/playbooks/netcapture.yml
+++ b/playbooks/netcapture.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/netcapture.yml
-
-- import_playbook: includes/network.yml
+- name: NETCAPTURE
+ hosts: netcapture
+ tags: netcapture
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - netcapture
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/pod.yml b/playbooks/pod.yml
deleted file mode 100755
index 2ae27f6d5316106c85caf4fcccd81c610664a567..0000000000000000000000000000000000000000
--- a/playbooks/pod.yml
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POD INSTALLATION
- hosts:
- - pod
-
- vars:
-
- pod_elastic_version: 6
- pod_version: 2.2.2
- pod_project_path: /usr/local/pod
- pod_application_path: "{{ pod_project_path }}/app"
- pod_virtualenv_path: "{{ pod_project_path }}/venv"
- pod_superuser_name: admin
- pod_superuser_email: sysadmin+pod@ubicast.eu
- pod_superuser_password: pLafk0tt
- pod_site_name: pod.ubicast.net
- pod_site_domain: pod.ubicast.net
- pod_settings: |
- SECRET_KEY = 'T4b4B8BEP7kfHoSx7s49aUCR7NiY8zeZNcmJpQzZYYCDNCTv284rjSB262JAB8nQ'
- ALLOWED_HOSTS = ['{{ pod_site_domain }}', 'localhost', '127.0.0.1', '::1']
-
- handlers:
-
- - name: restart elastic
- systemd:
- name: elasticsearch
- state: restarted
-
- - name: flag create_pod_index
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.create_pod_index"
- state: touch
-
- - name: flag initialize_database
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.initialize_database"
- state: touch
-
- - name: flag create_superuser
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.create_superuser"
- state: touch
-
- - name: flag config_site
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.config_site"
- state: touch
-
- tasks:
-
- - name: os requirements
- apt:
- force_apt_get: true
- name:
- - build-essential
- - ffmpeg
- - ffmpegthumbnailer
- - git
- - imagemagick
- - libjpeg-dev
- - openjdk-11-jre
- - policykit-1
- - python3-dev
- - python3-venv
- - python3-wheel
- - zlib1g-dev
- state: present
-
- - name: elastic key
- apt_key:
- keyserver: pgp.mit.edu
- id: D88E42B4
- state: present
-
- - name: elastic repo
- apt_repository:
- repo: deb https://artifacts.elastic.co/packages/{{ pod_elastic_version }}.x/apt stable main
- filename: elastic-{{ pod_elastic_version }}.x
- state: present
-
- - name: elastic package
- apt:
- force_apt_get: true
- name:
- - elasticsearch
- state: present
-
- - name: elastic cluster name
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- regexp: '^#?cluster.name: '
- line: 'cluster.name: pod-application'
- state: present
-
- - name: elastic node name
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- regexp: '^#?node.name: '
- line: 'node.name: pod-1'
- state: present
-
- - name: elastic discovery host
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- line: 'discovery.zen.ping.unicast.hosts: ["127.0.0.1"]'
- state: present
-
- - name: elastic plugin analysis-icu
- notify: restart elastic
- command: /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu
- args:
- creates: /usr/share/elasticsearch/plugins/analysis-icu
-
- - meta: flush_handlers
-
- - name: elastic service
- systemd:
- name: elasticsearch
- enabled: true
- state: started
-
- - name: pod group
- group:
- name: pod
- system: true
- state: present
-
- - name: pod user
- user:
- name: pod
- group: pod
- system: true
- password_lock: true
- state: present
-
- - name: pod project directory
- file:
- path: "{{ pod_project_path }}"
- owner: pod
- group: pod
- state: directory
-
- - name: pod repo
- become: true
- become_user: pod
- git:
- accept_hostkey: true
- repo: https://github.com/esupportail/podv2.git
- version: "{{ pod_version }}"
- dest: "{{ pod_application_path }}"
-
- - name: pod pip install
- become: true
- become_user: pod
- pip:
- virtualenv_command: /usr/bin/python3 -m venv
- virtualenv_site_packages: true
- virtualenv: "{{ pod_virtualenv_path }}"
- requirements: "{{ pod_application_path }}/requirements.txt"
- state: present
-
- - name: pod settings
- become: true
- become_user: pod
- copy:
- dest: "{{ pod_application_path }}/pod/custom/settings_local.py"
- content: "{{ pod_settings }}"
-
- - name: pod elastic index video
- become: true
- become_user: pod
- notify: flag create_pod_index
- command: "python {{ pod_application_path }}/manage.py create_pod_index"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.create_pod_index"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod initialize database
- become: true
- become_user: pod
- notify: flag initialize_database
- command: /usr/bin/sh {{ pod_application_path }}/create_data_base.sh
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.initialize_database"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod create superuser
- become: true
- become_user: pod
- notify: flag create_superuser
- shell: python manage.py shell -c "from django.contrib.auth.models import User; User.objects.create_superuser('{{ pod_superuser_name }}', '{{ pod_superuser_email }}', '{{ pod_superuser_password }}')"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.create_superuser"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod configure site
- become: true
- become_user: pod
- notify: flag config_site
- shell: python manage.py shell -c "from django.contrib.sites.models import Site; Site.objects.filter(pk=1).update(name='{{ pod_site_name }}', domain='{{ pod_site_domain }}')"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.config_site"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
-...
diff --git a/playbooks/postgres.yml b/playbooks/postgres.yml
new file mode 100755
index 0000000000000000000000000000000000000000..85b3916fe37a32fb822d6ef6dfc74a850aece751
--- /dev/null
+++ b/playbooks/postgres.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: POSTGRESQL
+ hosts: postgres
+ tags: postgres
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - postgres
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/server.yml b/playbooks/server.yml
deleted file mode 100755
index 3bd481875f496fc2549d98a096f306f85ed98351..0000000000000000000000000000000000000000
--- a/playbooks/server.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/postgres.yml
-- import_playbook: includes/server.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/tests.yml b/playbooks/tests.yml
index df7fbc2a274e86a0baa8e3c4bf1e804ca7ace410..d5b0f2e4196ad893f65f376287ce1b85aef1cac4 100755
--- a/playbooks/tests.yml
+++ b/playbooks/tests.yml
@@ -11,14 +11,14 @@
- name: remove envsetup tester log
when: tester_reset_log
file:
- path: /root/envsetup/log_tester.txt
+ path: /root/envsetup/logs/tester.txt
state: absent
- name: envsetup tester
- shell: |
- set -o pipefail
- python3 /root/envsetup/tester.py 2>&1 | tee /root/envsetup/log_tester.txt
- args:
- creates: /root/envsetup/log_tester.txt
+ shell:
+ cmd: |
+ set -o pipefail
+ python3 /root/envsetup/tester.py 2>&1 | tee /root/envsetup/logs/tester.txt
+ creates: /root/envsetup/logs/tester.txt
executable: /bin/bash
...
diff --git a/playbooks/vault.yml b/playbooks/vault.yml
deleted file mode 100755
index bf884c8efb7fd1d79d1b321458bfe6b8549258ca..0000000000000000000000000000000000000000
--- a/playbooks/vault.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/vault.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/worker.yml b/playbooks/worker.yml
deleted file mode 100755
index f02c144291ed5cbb41c9c56b46a85848660c3a1e..0000000000000000000000000000000000000000
--- a/playbooks/worker.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/worker.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/wowza.yml b/playbooks/wowza.yml
index f0882a1192f65f933c10f368a8bada36c005f6a9..881eefeb8d54b953d0301fbe5d2dd8fc1660cff3 100755
--- a/playbooks/wowza.yml
+++ b/playbooks/wowza.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/wowza.yml
-
-- import_playbook: includes/network.yml
+- name: WOWZA
+ hosts: wowza
+ tags: wowza
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - wowza
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/requirements.dev.in b/requirements.dev.in
index f453c2feccba937ed4664f13a5c0f88abfaf497c..a5e18ddbce783e11e723c9821e1a20695325550d 100644
--- a/requirements.dev.in
+++ b/requirements.dev.in
@@ -1,7 +1,7 @@
-r requirements.in
ansible-lint
-molecule[docker] ~= 2.22
+flake8
+molecule[docker]
pip-tools
-pre-commit
-pylint
+testinfra
yamllint
diff --git a/requirements.dev.txt b/requirements.dev.txt
index 22a25e9bbc308dc6e8958527fc63b1eee7a7b674..8b7d8ba0eaec38d44f3e2b7b5c5d7ba3edaaae20 100644
--- a/requirements.dev.txt
+++ b/requirements.dev.txt
@@ -4,43 +4,40 @@
#
# pip-compile --output-file=requirements.dev.txt requirements.dev.in
#
-ansible-lint==4.2.0 # via -r requirements.dev.in, molecule
+ansible-lint==4.2.0 # via -r requirements.dev.in
ansible==2.9.6 # via -r requirements.in, ansible-lint, molecule
-anyconfig==0.9.7 # via molecule
appdirs==1.4.3 # via virtualenv
arrow==0.15.5 # via jinja2-time
aspy.yaml==1.3.0 # via pre-commit
-astroid==2.3.3 # via pylint
attrs==19.3.0 # via pytest
bcrypt==3.1.7 # via paramiko
binaryornot==0.4.4 # via cookiecutter
cerberus==1.3.2 # via molecule
-certifi==2019.11.28 # via requests
+certifi==2020.4.5.1 # via requests
cffi==1.14.0 # via bcrypt, cryptography, pynacl
cfgv==3.1.0 # via pre-commit
chardet==3.0.4 # via binaryornot, requests
click-completion==0.5.2 # via molecule
-click==7.1.1 # via click-completion, cookiecutter, molecule, pip-tools, python-gilt
+click-help-colors==0.8 # via molecule
+click==7.1.1 # via click-completion, click-help-colors, cookiecutter, molecule, pip-tools, python-gilt
colorama==0.4.3 # via molecule, python-gilt
cookiecutter==1.7.0 # via molecule
-cryptography==2.8 # via ansible, paramiko
+cryptography==2.9 # via ansible, paramiko
distlib==0.3.0 # via virtualenv
docker==4.2.0 # via molecule
entrypoints==0.3 # via flake8
fasteners==0.15 # via python-gilt
filelock==3.0.12 # via virtualenv
-flake8==3.7.9 # via molecule
+flake8==3.7.9 # via -r requirements.dev.in
future==0.18.2 # via cookiecutter
-identify==1.4.13 # via pre-commit
+identify==1.4.14 # via pre-commit
idna==2.9 # via requests
-importlib-metadata==1.5.2 # via pluggy, pre-commit, pytest, virtualenv
-isort==4.3.21 # via pylint
+importlib-metadata==1.6.0 # via pluggy, pre-commit, pytest, virtualenv
jinja2-time==0.2.0 # via cookiecutter
jinja2==2.11.1 # via ansible, click-completion, cookiecutter, jinja2-time, molecule
-lazy-object-proxy==1.4.3 # via astroid
markupsafe==1.1.1 # via jinja2
-mccabe==0.6.1 # via flake8, pylint
-molecule[docker]==2.22 # via -r requirements.dev.in
+mccabe==0.6.1 # via flake8
+molecule[docker]==3.0.2 # via -r requirements.dev.in
monotonic==1.5 # via fasteners
more-itertools==8.2.0 # via pytest
netaddr==0.7.19 # via -r requirements.in
@@ -50,18 +47,16 @@ paramiko==2.7.1 # via molecule
pathspec==0.7.0 # via yamllint
pexpect==4.8.0 # via molecule
pip-tools==4.5.1 # via -r requirements.dev.in
-pluggy==0.13.1 # via pytest
+pluggy==0.13.1 # via molecule, pytest
poyo==0.5.0 # via cookiecutter
-pre-commit==1.21.0 # via -r requirements.dev.in, molecule
-psutil==5.7.0 # via molecule
+pre-commit==1.21.0 # via molecule
ptyprocess==0.6.0 # via pexpect
py==1.8.1 # via pytest
pycodestyle==2.5.0 # via flake8
pycparser==2.20 # via cffi
pyflakes==2.1.1 # via flake8
-pylint==2.4.4 # via -r requirements.dev.in
pynacl==1.3.0 # via paramiko
-pyparsing==2.4.6 # via packaging
+pyparsing==2.4.7 # via packaging
pytest==5.4.1 # via testinfra
python-dateutil==2.8.1 # via arrow
python-gilt==1.2.3 # via molecule
@@ -71,18 +66,16 @@ ruamel.yaml.clib==0.2.0 # via ruamel.yaml
ruamel.yaml==0.16.10 # via ansible-lint
sh==1.12.14 # via molecule, python-gilt
shellingham==1.3.2 # via click-completion
-six==1.14.0 # via ansible-lint, astroid, bcrypt, click-completion, cryptography, docker, fasteners, molecule, packaging, pip-tools, pre-commit, pynacl, python-dateutil, testinfra, virtualenv, websocket-client
+six==1.14.0 # via ansible-lint, bcrypt, click-completion, cryptography, docker, fasteners, molecule, packaging, pip-tools, pre-commit, pynacl, python-dateutil, virtualenv, websocket-client
tabulate==0.8.7 # via molecule
-testinfra==3.4.0 # via molecule
+testinfra==5.0.0 # via -r requirements.dev.in
toml==0.10.0 # via pre-commit
tree-format==0.1.2 # via molecule
-typed-ast==1.4.1 # via astroid
urllib3==1.25.8 # via requests
-virtualenv==20.0.14 # via pre-commit
+virtualenv==20.0.16 # via pre-commit
wcwidth==0.1.9 # via pytest
websocket-client==0.57.0 # via docker
whichcraft==0.6.1 # via cookiecutter
-wrapt==1.11.2 # via astroid
yamllint==1.21.0 # via -r requirements.dev.in, molecule
zipp==3.1.0 # via importlib-metadata
diff --git a/requirements.txt b/requirements.txt
index 8e2caf9216c1712ea682595e8d6f2b0608e5fa1c..a66b3f779402cc8b7f12c2c438320774ac9ee842 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
#
ansible==2.9.6 # via -r requirements.in
cffi==1.14.0 # via cryptography
-cryptography==2.8 # via ansible
+cryptography==2.9 # via ansible
jinja2==2.11.1 # via ansible
markupsafe==1.1.1 # via jinja2
netaddr==0.7.19 # via -r requirements.in
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bddea6df6ecccfa3b23a4863d124ac735c56ea5a
--- /dev/null
+++ b/roles/base/meta/main.yml
@@ -0,0 +1,16 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+ - role: sysutils
+ - role: logs
+ - role: locale
+ - role: users
+ - role: postfix
+ - role: ntp
+ - role: ferm
+ - role: fail2ban
+
+...
diff --git a/roles/bench-server/meta/main.yml b/roles/bench-server/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c76bb2fd1778ab5fab891c882c9614f1ad6e16ae
--- /dev/null
+++ b/roles/bench-server/meta/main.yml
@@ -0,0 +1,8 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+
+...
diff --git a/roles/bench-worker/meta/main.yml b/roles/bench-worker/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c76bb2fd1778ab5fab891c882c9614f1ad6e16ae
--- /dev/null
+++ b/roles/bench-worker/meta/main.yml
@@ -0,0 +1,8 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+
+...
diff --git a/roles/celerity/meta/main.yml b/roles/celerity/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e45d692ae3567f856967cd6f66c91d13e2e94e4e
--- /dev/null
+++ b/roles/celerity/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/celerity/tasks/main.yml b/roles/celerity/tasks/main.yml
index 995d95f9bb8075d3b95062a737e853ba91f60a17..fdc66eb520d1bc45c835441f1c5d9ea38df3bf09 100644
--- a/roles/celerity/tasks/main.yml
+++ b/roles/celerity/tasks/main.yml
@@ -40,4 +40,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/conf/defaults/main.yml b/roles/conf/defaults/main.yml
index f2494667b9efe88b77d9aba2c399eb9a7b8f905d..aa9610a5bca4e7823ee5993db0455bd7d645ae28 100644
--- a/roles/conf/defaults/main.yml
+++ b/roles/conf/defaults/main.yml
@@ -10,7 +10,7 @@ conf_repo_url: https://mirismanager.ubicast.eu/git/mediaserver/envsetup.git
conf_repo_version: stable
conf_repo_dest: /root/envsetup
-conf_host: "{{ skyreach_host | default('panel.ubicast.eu', true) }}"
+conf_host: "{{ skyreach_host | default('mirismanager.ubicast.eu', true) }}"
conf_valid_cert: "{{ skyreach_valid_cert | default(true, true) }}"
skyreach_activation_key: "{{ lookup('env', 'SKYREACH_ACTIVATION_KEY') }}"
diff --git a/roles/conf/tasks/main.yml b/roles/conf/tasks/main.yml
index 89d429ee5aca8db8b590f344278991ac3b615c40..f48c0c8deecffe00071d05b533902566425f1a98 100644
--- a/roles/conf/tasks/main.yml
+++ b/roles/conf/tasks/main.yml
@@ -1,6 +1,9 @@
---
- name: proxy
+ when:
+ - proxy_http | d()
+ - proxy_https | d()
include_role:
name: proxy
diff --git a/roles/init/defaults/main.yml b/roles/init/defaults/main.yml
index 784cc1cc3c8568f339ef298d117f668cfacf306d..d140d408264d82ff19e5703844a0e95a76e715db 100644
--- a/roles/init/defaults/main.yml
+++ b/roles/init/defaults/main.yml
@@ -4,5 +4,6 @@ init_packages:
- apt-utils
- gnupg
- ssh-client
+ - sudo
...
diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml
index e40deb530693f0fa5eea577c27522bb393bf2657..fe3dbed7ebfe4e3e676c7ae416b82ee085202c1c 100644
--- a/roles/locale/tasks/main.yml
+++ b/roles/locale/tasks/main.yml
@@ -3,6 +3,7 @@
- name: install locale packages
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ locale_packages }}"
- name: generate locale
@@ -14,9 +15,9 @@
copy:
dest: /etc/default/locale
content: |
- LANG="{{ init_locale }}"
- LANGUAGE="{{ init_locale }}"
- LC_ALL="{{ init_locale }}"
+ LANG={{ init_locale }}
+ LANGUAGE={{ init_locale }}
+ LC_ALL={{ init_locale }}
- name: set locale.gen
notify: update locale
diff --git a/roles/logs/defaults/main.yml b/roles/logs/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cc884aefcef6fbbc33b5d9c387cbb49a540efa0f
--- /dev/null
+++ b/roles/logs/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+logs_packages:
+ - rsyslog
+
+...
diff --git a/roles/logs/tasks/main.yml b/roles/logs/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b32ca8550788a6c443c67515b09a437f9ca8874
--- /dev/null
+++ b/roles/logs/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- name: install logs packages
+ apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ logs_packages }}"
+
+- name: start rsyslog
+ systemd:
+ name: rsyslog
+ enabled: true
+ state: started
+
+- name: ensure journald logs persistence is enabled
+ file:
+ path: /var/log/journal
+ state: directory
+
+...
diff --git a/roles/manager/defaults/main.yml b/roles/manager/defaults/main.yml
deleted file mode 100644
index 1bad1e9cd358f8238cb4670124bdf2dd56afbe39..0000000000000000000000000000000000000000
--- a/roles/manager/defaults/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-manager_packages:
- - ubicast-skyreach
- - ubicast-skyreach-runtime
-
-manager_testing: false
-manager_mail: dev-mediaserver@ubicast.eu
-manager_hostname: "{{ envsetup_cm_server_name }}"
-manager_default_email_sender: "noreply@{{ manager_hostname }}"
-manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
-manager_proxy_http: "{{ envsetup_proxy_http }}"
-
-manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-manager_f2b_filter:
- name: manager
- content: |
- [INCLUDES]
- before = common.conf
- [Definition]
- failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
- INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
- ignoreregex =
-manager_f2b_jail:
- name: manager
- content: |
- [manager]
- logpath = /home/skyreach/.skyreach/logs/skyreach.log
- enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
-manager_firewall_enabled: true
-manager_ferm_rules_filename: manager
-manager_ferm_input_rules:
- - proto:
- - tcp
- dport:
- - 80
- - 443
- - saddr: "{{ groups['all'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
- proto:
- - tcp
- dport:
- - 3142
-manager_ferm_output_rules: []
-manager_ferm_global_settings:
-
-...
diff --git a/roles/import/defaults/main.yml b/roles/mediaimport/defaults/main.yml
similarity index 100%
rename from roles/import/defaults/main.yml
rename to roles/mediaimport/defaults/main.yml
diff --git a/roles/import/files/mediaimport b/roles/mediaimport/files/mediaimport
similarity index 100%
rename from roles/import/files/mediaimport
rename to roles/mediaimport/files/mediaimport
diff --git a/roles/import/files/mediaimport.py b/roles/mediaimport/files/mediaimport.py
similarity index 100%
rename from roles/import/files/mediaimport.py
rename to roles/mediaimport/files/mediaimport.py
diff --git a/roles/import/files/on-upload b/roles/mediaimport/files/on-upload
similarity index 100%
rename from roles/import/files/on-upload
rename to roles/mediaimport/files/on-upload
diff --git a/roles/import/files/on-upload.go b/roles/mediaimport/files/on-upload.go
similarity index 100%
rename from roles/import/files/on-upload.go
rename to roles/mediaimport/files/on-upload.go
diff --git a/roles/import/handlers/main.yml b/roles/mediaimport/handlers/main.yml
similarity index 100%
rename from roles/import/handlers/main.yml
rename to roles/mediaimport/handlers/main.yml
diff --git a/roles/mediaimport/meta/main.yml b/roles/mediaimport/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e45d692ae3567f856967cd6f66c91d13e2e94e4e
--- /dev/null
+++ b/roles/mediaimport/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/import/tasks/main.yml b/roles/mediaimport/tasks/main.yml
similarity index 99%
rename from roles/import/tasks/main.yml
rename to roles/mediaimport/tasks/main.yml
index 8dbac10c6be3e8d2ef1503507ead98240d1be061..acf0beb7cefe720cc4ba60920352f5e3dff8ac4e 100644
--- a/roles/import/tasks/main.yml
+++ b/roles/mediaimport/tasks/main.yml
@@ -174,4 +174,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/import/templates/mediaimport.json.j2 b/roles/mediaimport/templates/mediaimport.json.j2
similarity index 100%
rename from roles/import/templates/mediaimport.json.j2
rename to roles/mediaimport/templates/mediaimport.json.j2
diff --git a/roles/import/templates/sftp_config.j2 b/roles/mediaimport/templates/sftp_config.j2
similarity index 100%
rename from roles/import/templates/sftp_config.j2
rename to roles/mediaimport/templates/sftp_config.j2
diff --git a/roles/server/defaults/main.yml b/roles/mediaserver/defaults/main.yml
similarity index 100%
rename from roles/server/defaults/main.yml
rename to roles/mediaserver/defaults/main.yml
diff --git a/roles/server/handlers/main.yml b/roles/mediaserver/handlers/main.yml
similarity index 100%
rename from roles/server/handlers/main.yml
rename to roles/mediaserver/handlers/main.yml
diff --git a/roles/mediaserver/meta/main.yml b/roles/mediaserver/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..25ac88cfec962d9b864a0286fa201ece302a0c01
--- /dev/null
+++ b/roles/mediaserver/meta/main.yml
@@ -0,0 +1,13 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+ - when: "'celerity' in group_names"
+ role: celerity
+ - when: "'postgres' in group_names"
+ role: postgres
+ - when: "'wowza' in group_names"
+ role: wowza
+
+...
diff --git a/roles/server/tasks/main.yml b/roles/mediaserver/tasks/main.yml
similarity index 93%
rename from roles/server/tasks/main.yml
rename to roles/mediaserver/tasks/main.yml
index 6d8d96a7ca5d866821a0ac54eec7b7d246391717..e3a37940a7c8a06173777187a89010ea52f0fc8a 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -83,11 +83,11 @@
# SYNCHRONIZE
- name: sync all mediaservers
- when: groups['server'] | length > 1
+ when: groups['mediaserver'] | length > 1
block:
- name: save config of first mediaserver
- when: inventory_hostname == groups['server'][0]
+ when: inventory_hostname == groups['mediaserver'][0]
register: server_primary_config
loop:
- /etc/passwd
@@ -97,8 +97,8 @@
path: "{{ item }}"
- name: deploy saved config
- when: inventory_hostname != groups['server'][0]
- loop: "{{ hostvars[groups['server'][0]].c.results }}"
+ when: inventory_hostname != groups['mediaserver'][0]
+ loop: "{{ hostvars[groups['mediaserver'][0]].c.results }}"
copy:
dest: "{{ item.source }}"
content: "{{ item.content | b64decode }}"
@@ -125,4 +125,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/server/templates/celerity-config.py.j2 b/roles/mediaserver/templates/celerity-config.py.j2
similarity index 100%
rename from roles/server/templates/celerity-config.py.j2
rename to roles/mediaserver/templates/celerity-config.py.j2
diff --git a/roles/vault/defaults/main.yml b/roles/mediavault/defaults/main.yml
similarity index 89%
rename from roles/vault/defaults/main.yml
rename to roles/mediavault/defaults/main.yml
index 00acdfc71b4ab77763886b697ad931fd64f506ae..0589de5342d9b028ce68b3903240c2477365c93e 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/mediavault/defaults/main.yml
@@ -55,4 +55,15 @@ mv_backup:
exclude_list_name: "{{ mv_exclude_list_name }}"
exclude_list_items: "{{ mv_exclude_list_items }}"
+# firewall rules
+mv_firewall_enabled: true
+mv_ferm_rules_filename: vault
+mv_ferm_input_rules: []
+mv_ferm_output_rules:
+ - proto:
+ - tcp
+ dport:
+ - 22
+mv_ferm_global_settings:
+
...
diff --git a/roles/vault/handlers/main.yml b/roles/mediavault/handlers/main.yml
similarity index 100%
rename from roles/vault/handlers/main.yml
rename to roles/mediavault/handlers/main.yml
diff --git a/roles/mediavault/meta/main.yml b/roles/mediavault/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4bdca2efd08744f9334fe73ef978e34d6bf0f09b
--- /dev/null
+++ b/roles/mediavault/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - role: base
diff --git a/roles/vault/tasks/main.yml b/roles/mediavault/tasks/main.yml
similarity index 88%
rename from roles/vault/tasks/main.yml
rename to roles/mediavault/tasks/main.yml
index cd9eeabea7d7aebc636b7ed50578458aaa601aae..4b292ff626f817cbb00c6f251980dc43a063cbd5 100644
--- a/roles/vault/tasks/main.yml
+++ b/roles/mediavault/tasks/main.yml
@@ -101,4 +101,18 @@
masked: false
state: started
+# FIREWALL
+
+- name: firewall
+ when: mv_firewall_enabled
+ vars:
+ ferm_rules_filename: "{{ mv_ferm_rules_filename }}"
+ ferm_input_rules: "{{ mv_ferm_input_rules }}"
+ ferm_output_rules: "{{ mv_ferm_output_rules }}"
+ ferm_global_settings: "{{ mv_ferm_global_settings }}"
+ include_role:
+ name: ferm
+
+- meta: flush_handlers
+
...
diff --git a/roles/vault/templates/systemd-backup-service.j2 b/roles/mediavault/templates/systemd-backup-service.j2
similarity index 100%
rename from roles/vault/templates/systemd-backup-service.j2
rename to roles/mediavault/templates/systemd-backup-service.j2
diff --git a/roles/vault/templates/systemd-backup-timer.j2 b/roles/mediavault/templates/systemd-backup-timer.j2
similarity index 100%
rename from roles/vault/templates/systemd-backup-timer.j2
rename to roles/mediavault/templates/systemd-backup-timer.j2
diff --git a/roles/vault/templates/systemd-mailer-script.j2 b/roles/mediavault/templates/systemd-mailer-script.j2
similarity index 100%
rename from roles/vault/templates/systemd-mailer-script.j2
rename to roles/mediavault/templates/systemd-mailer-script.j2
diff --git a/roles/vault/templates/systemd-mailer-service.j2 b/roles/mediavault/templates/systemd-mailer-service.j2
similarity index 100%
rename from roles/vault/templates/systemd-mailer-service.j2
rename to roles/mediavault/templates/systemd-mailer-service.j2
diff --git a/roles/worker/defaults/main.yml b/roles/mediaworker/defaults/main.yml
similarity index 100%
rename from roles/worker/defaults/main.yml
rename to roles/mediaworker/defaults/main.yml
diff --git a/roles/worker/handlers/main.yml b/roles/mediaworker/handlers/main.yml
similarity index 100%
rename from roles/worker/handlers/main.yml
rename to roles/mediaworker/handlers/main.yml
diff --git a/roles/mediaworker/meta/main.yml b/roles/mediaworker/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e45d692ae3567f856967cd6f66c91d13e2e94e4e
--- /dev/null
+++ b/roles/mediaworker/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/worker/tasks/main.yml b/roles/mediaworker/tasks/main.yml
similarity index 96%
rename from roles/worker/tasks/main.yml
rename to roles/mediaworker/tasks/main.yml
index b23cfcf161418bda0abf298f942d818eb9cd6737..8663c1ceb894cb194e5d2f04cc3e8eb095c77ec6 100644
--- a/roles/worker/tasks/main.yml
+++ b/roles/mediaworker/tasks/main.yml
@@ -30,4 +30,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/worker/templates/celerity-config.py.j2 b/roles/mediaworker/templates/celerity-config.py.j2
similarity index 100%
rename from roles/worker/templates/celerity-config.py.j2
rename to roles/mediaworker/templates/celerity-config.py.j2
diff --git a/roles/manager/files/set_site_url.py b/roles/mirismanager/files/set_site_url.py
similarity index 72%
rename from roles/manager/files/set_site_url.py
rename to roles/mirismanager/files/set_site_url.py
index e72283acc6c0da95e171ba9e7a11234df9f7e6ba..256eff011585c9cc0f8a98d8b0cb24b81b0f9ff0 100644
--- a/roles/manager/files/set_site_url.py
+++ b/roles/mirismanager/files/set_site_url.py
@@ -6,7 +6,7 @@ import django
django.setup()
-from skyreach_site.base.models import SiteSettings
+from skyreach_site.base.models import SiteSettings # noqa
def main():
@@ -15,10 +15,10 @@ def main():
args = parser.parse_args()
ss = SiteSettings.get_singleton()
- ss.url = "https://{}".format(args.url)
+ ss.url = f"https://{args.url}"
ss.save()
- path = "/home/skyreach/{}.log".format(args.url)
+ path = f"/home/skyreach/.{args.url}.log"
with open(path, "w") as flag:
flag.write("ok")
diff --git a/roles/manager/handlers/main.yml b/roles/mirismanager/handlers/main.yml
similarity index 100%
rename from roles/manager/handlers/main.yml
rename to roles/mirismanager/handlers/main.yml
diff --git a/roles/mirismanager/meta/main.yml b/roles/mirismanager/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c4cc4780bdd8beed15375c59565a39585cff6b22
--- /dev/null
+++ b/roles/mirismanager/meta/main.yml
@@ -0,0 +1,9 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+ - when: "'postgres' in group_names"
+ role: postgres
+
+...
diff --git a/roles/manager/tasks/main.yml b/roles/mirismanager/tasks/main.yml
similarity index 96%
rename from roles/manager/tasks/main.yml
rename to roles/mirismanager/tasks/main.yml
index 4c1973bd5f580dbfbc0307cdaa68104992a65051..80ebfd4b0e428f6cd056e5789abfa96d5561c8d7 100644
--- a/roles/manager/tasks/main.yml
+++ b/roles/mirismanager/tasks/main.yml
@@ -25,11 +25,11 @@
- name: configure domain name in database
become: true
become_user: skyreach
- script: files/set_site_url.py {{ manager_hostname }}
environment:
PYTHONPATH: "/home/skyreach/htdocs/skyreach_site:/home/skyreach/htdocs:${PYTHONPATH}"
DJANGO_SETTINGS_MODULE: settings
- args:
+ script:
+ cmd: files/set_site_url.py {{ manager_hostname }}
executable: python3
creates: /home/skyreach/.{{ manager_hostname }}.log
@@ -90,4 +90,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/monitor/defaults/main.yml b/roles/msmonitor/defaults/main.yml
similarity index 100%
rename from roles/monitor/defaults/main.yml
rename to roles/msmonitor/defaults/main.yml
diff --git a/roles/monitor/handlers/main.yml b/roles/msmonitor/handlers/main.yml
similarity index 100%
rename from roles/monitor/handlers/main.yml
rename to roles/msmonitor/handlers/main.yml
diff --git a/roles/msmonitor/meta/main.yml b/roles/msmonitor/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9c7711bb55dd2f0f0059aad32d2ac8d0f2050997
--- /dev/null
+++ b/roles/msmonitor/meta/main.yml
@@ -0,0 +1,7 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+
+...
diff --git a/roles/monitor/tasks/main.yml b/roles/msmonitor/tasks/main.yml
similarity index 98%
rename from roles/monitor/tasks/main.yml
rename to roles/msmonitor/tasks/main.yml
index 82b01504da2826ff147cb2854392bac2f0df6069..e8918495c681a6ea59efd8cddc74978b037ec0b8 100644
--- a/roles/monitor/tasks/main.yml
+++ b/roles/msmonitor/tasks/main.yml
@@ -67,4 +67,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/netcapture/defaults/main.yml b/roles/netcapture/defaults/main.yml
index d2de6931412cbbdb1e68be0519dd041b826bf8d0..7a81c73533743bf82449f6a2fc576045a5848732 100644
--- a/roles/netcapture/defaults/main.yml
+++ b/roles/netcapture/defaults/main.yml
@@ -11,4 +11,10 @@ netcapture_hw_acceleration: false
netcapture_miris_user_pwd: "{{ lookup('password', '/tmp/passwordfile length=12 chars=ascii_letters,digits') }}"
netcapture_miris_auth: true
+netcapture_firewall_enabled: true
+netcapture_ferm_rules_filename: netcapture
+netcapture_ferm_input_rules: []
+netcapture_ferm_output_rules: []
+netcapture_ferm_global_settings:
+
...
diff --git a/roles/netcapture/meta/main.yml b/roles/netcapture/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e45d692ae3567f856967cd6f66c91d13e2e94e4e
--- /dev/null
+++ b/roles/netcapture/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/netcapture/tasks/main.yml b/roles/netcapture/tasks/main.yml
index 04adc33167e930e33af7e3800226496bc2ac8aa0..b514e7484d21be411d25bd4ed3111296b141d419 100644
--- a/roles/netcapture/tasks/main.yml
+++ b/roles/netcapture/tasks/main.yml
@@ -3,6 +3,7 @@
- name: requirements install
apt:
force_apt_get: true
+ install_recommends: false
name:
- apt-transport-https
- ca-certificates
@@ -10,7 +11,6 @@
- gnupg-agent
- lsb-release
- software-properties-common
- state: present
- name: docker repo key
apt_key:
@@ -26,8 +26,8 @@
- name: docker install
apt:
force_apt_get: true
+ install_recommends: false
name: docker-ce
- state: present
- name: docker service
systemd:
@@ -38,8 +38,8 @@
- name: netcapture install
apt:
force_apt_get: true
+ install_recommends: false
name: python3-miris-netcapture
- state: present
- name: netcapture config
template:
@@ -67,7 +67,18 @@
recurse: true
state: directory
-# TODO: add fail2ban ?
-# TODO: add firewall
+# FIREWALL
+
+- name: firewall
+ when: netcapture_firewall_enabled
+ vars:
+ ferm_rules_filename: "{{ netcapture_ferm_rules_filename }}"
+ ferm_input_rules: "{{ netcapture_ferm_input_rules }}"
+ ferm_output_rules: "{{ netcapture_ferm_output_rules }}"
+ ferm_global_settings: "{{ netcapture_ferm_global_settings }}"
+ include_role:
+ name: ferm
+
+- meta: flush_handlers
...
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index ff57ed214482f7b00851776cdf7877b3b66b620e..c6ed9c1658a84c295ec40483c6b917e8d424983a 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -8,11 +8,11 @@ network_packages:
- network-manager
- python3-dbus
-network_ip: "{{ lookup('env', 'NETWORK_IP') | ipaddr }}"
-network_mask: "{{ lookup('env', 'NETWORK_MASK') }}"
+network_ip: "{{ envsetup_network_ip | d() }}"
+network_mask: "{{ envsetup_network_mask | d() }}"
network_ip_mask: "{{ network_ip }}/{{ network_mask }}"
network_ip_mask_cidr: "{{ network_ip_mask | ipaddr }}"
-network_gateway: "{{ lookup('env', 'NETWORK_GATEWAY') | ipaddr }}"
-network_dns: "{{ lookup('env', 'NETWORK_DNS').split(',') | ipaddr }}"
+network_gateway: "{{ envsetup_network_gateway | d() }}"
+network_dns: "{{ envsetup_network_dns.split(',') | d() }}"
...
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 8a37b81d44ff5365f7a951ddcf5aab3fcc3d4b12..da207faf37114f881f6199be38c39d3e615d29f0 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -9,20 +9,10 @@
- network_dns | d(false)
block:
- # Was needed when using ifupdown but probably not with network-manager
- # - name: prevent dhclient to erase dns config
- # copy:
- # dest: /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
- # mode: 0755
- # content: |
- # #!/bin/sh
- # make_resolv_conf() {
- # :
- # }
-
- name: packages
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ network_packages }}"
state: present
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index 7946e67af1469a9140f892effef5345ccdc31119..ce0f4ececd1b81ff4d24311549a0de482a898c38 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -5,8 +5,6 @@ nginx_packages:
- uwsgi
- uwsgi-plugin-python3
-nginx_server_name:
-
nginx_ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
nginx_ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
index 38fab58a222d274df7c367ebbe7a1853926660cf..b7774856aa335af9eb5885e0efcd4e2093c9e167 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@@ -1,7 +1,7 @@
---
- name: restart nginx
- service:
+ systemd:
name: nginx
state: restarted
diff --git a/roles/nginx/tasks/_certs.yml b/roles/nginx/tasks/_certs.yml
deleted file mode 100644
index 5a734831bdcc93c90e5be81154d6456fc03deec1..0000000000000000000000000000000000000000
--- a/roles/nginx/tasks/_certs.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-
-- name: nginx check old ssl conf exists
- register: nginx_old_ssl_conf
- stat:
- path: /etc/nginx/conf.d/ssl.conf
-
-- name: nginx migrate old ssl certificate conf
- when: nginx_old_ssl_conf.stat.exists
- notify: restart nginx
- loop:
- - grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
- - mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
- command: "{{ item }}"
-
-- name: nginx check ssl cert conf exists
- register: nginx_ssl_cert_conf
- stat:
- path: /etc/nginx/conf.d/ssl_certificate.conf
-
-- name: nginx update ssl certificate conf
- when:
- - nginx_ssl_cert_conf.stat.exists
- - nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
- notify: restart nginx
- lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
- line: 'ssl_certificate {{ nginx_ssl_certificate }};'
-
-- name: nginx update ssl certificate key conf
- when:
- - nginx_ssl_cert_conf.stat.exists
- - nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
- notify: restart nginx
- lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
- line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
-
-...
diff --git a/roles/nginx/tasks/_config.yml b/roles/nginx/tasks/_config.yml
deleted file mode 100644
index d227f3ca688ad3bbe6f3c1a805d977d265837867..0000000000000000000000000000000000000000
--- a/roles/nginx/tasks/_config.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-- name: nginx remove default vhost
- notify: restart nginx
- loop:
- - /etc/nginx/sites-enabled/default
- - /etc/nginx/sites-enabled/default.conf
- file:
- path: "{{ item }}"
- state: absent
-
-...
diff --git a/roles/nginx/tasks/_install.yml b/roles/nginx/tasks/_install.yml
deleted file mode 100644
index a251408c1cdf1589be65aa3a6bdd43e73c323bb9..0000000000000000000000000000000000000000
--- a/roles/nginx/tasks/_install.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: remove apache
- apt:
- force_apt_get: true
- name: apache2
- state: absent
-
-- name: nginx install
- apt:
- force_apt_get: true
- install_recommends: false
- name: "{{ nginx_packages }}"
- state: present
-
-...
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 39541abdda14a2e53b1543fd9b90966883cb7705..f9dfdeb38a23cca6ab0126e15e16c4a93cfdfe55 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,13 +1,58 @@
---
-- include_tasks: _install.yml
-- include_tasks: _config.yml
-- include_tasks: _certs.yml
-
-- name: ensure nginx is running
- service:
- name: nginx
- enabled: true
- state: started
+- name: nginx install
+ apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ nginx_packages }}"
+ state: present
+
+- name: nginx remove default vhost
+ notify: restart nginx
+ loop:
+ - /etc/nginx/sites-enabled/default
+ - /etc/nginx/sites-enabled/default.conf
+ file:
+ path: "{{ item }}"
+ state: absent
+
+- name: nginx check old ssl conf exists
+ register: nginx_old_ssl_conf
+ stat:
+ path: /etc/nginx/conf.d/ssl.conf
+
+- name: nginx migrate old ssl certificate conf
+ when: nginx_old_ssl_conf.stat.exists
+ notify: restart nginx
+ loop:
+ - grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
+ - mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
+ command:
+ cmd: "{{ item }}"
+
+- name: nginx check ssl cert conf exists
+ register: nginx_ssl_cert_conf
+ stat:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+
+- name: nginx update ssl certificate conf
+ when:
+ - nginx_ssl_cert_conf.stat.exists
+ - nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+ notify: restart nginx
+ lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
+ line: 'ssl_certificate {{ nginx_ssl_certificate }};'
+
+- name: nginx update ssl certificate key conf
+ when:
+ - nginx_ssl_cert_conf.stat.exists
+ - nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
+ notify: restart nginx
+ lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
+ line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
...
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index f3e4fd2cd5df33652aa609ce76fbf281aaf31ca0..071de3bd1b95ef100928b09606460c308df75fcc 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -1,37 +1,23 @@
---
- name: ansible postgresql requirements install
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
apt:
force_apt_get: true
install_recommends: false
name: python3-psycopg2
- state: present
- name: postgresql install
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
apt:
force_apt_get: true
install_recommends: false
name: postgresql
- state: present
- name: ensure postgresql is running
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
service:
name: postgresql
state: started
- name: postgresql set superuser password
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
become: true
become_user: postgres
postgresql_user:
@@ -50,4 +36,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml
index 58885b8c9bb18d9be6f1c083d448701dd5419732..f68cb01223cf2ea7875332c94908847e85c4cd45 100644
--- a/roles/proxy/tasks/main.yml
+++ b/roles/proxy/tasks/main.yml
@@ -39,8 +39,8 @@
- name: install git
apt:
force_apt_get: true
+ install_recommends: false
name: git
- state: present
- name: git
loop:
diff --git a/roles/python/tasks/main.yml b/roles/python/tasks/main.yml
deleted file mode 100644
index 829083eac64b534448e745b769573aa3a10567ee..0000000000000000000000000000000000000000
--- a/roles/python/tasks/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-- name: install python3
- register: python_install
- changed_when:
- - "'doing' in python_install.stdout_lines"
- - "'pass' not in python_install.stdout_lines"
- loop:
- - command -v python3 || ( command -v yum && echo doing && yum install -y epel-release && yum install -y python36 ) || echo pass
- - command -v python3 || ( command -v apt && echo doing && apt update && apt install -y python3-minimal python3-apt ) || echo pass
- raw: "{{ item }}"
-
-...
diff --git a/roles/wowza/meta/main.yml b/roles/wowza/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e45d692ae3567f856967cd6f66c91d13e2e94e4e
--- /dev/null
+++ b/roles/wowza/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/wowza/tasks/main.yml b/roles/wowza/tasks/main.yml
index e01a168e425468a950f393a34a000e3dcd3b22c8..b538a83378f3c91929fb3d2c7f2825d19cd7703a 100644
--- a/roles/wowza/tasks/main.yml
+++ b/roles/wowza/tasks/main.yml
@@ -3,8 +3,8 @@
- name: install wowza requirements
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ wowza_requirements }}"
- state: "present"
- name: install wowza
apt:
@@ -119,4 +119,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/site.yml b/site.yml
index 4979459ee0e4f780e47ef0b6f769556ff0b61518..64036c60e95f49296adabc4071bcbdf7d6a5b2a9 100755
--- a/site.yml
+++ b/site.yml
@@ -1,68 +1,34 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: playbooks/includes/python.yml
- tags:
- - always
-- import_playbook: playbooks/includes/check_docker.yml
- tags:
- - always
-- import_playbook: playbooks/includes/conf.yml
- tags:
- - always
- - conf
-- import_playbook: playbooks/includes/init.yml
- tags:
- - init
-- import_playbook: playbooks/includes/base.yml
- tags:
- - base
-- import_playbook: playbooks/includes/cluster.yml
- tags:
- - cluster
+- name: PYTHON
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: ensure python3 is installed
+ register: python_install
+ changed_when: "'es_pyinstall' in python_install.stdout_lines"
+ raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
-- import_playbook: playbooks/includes/postgres.yml
- tags:
- - postgres
- - monitor
- - manager
- - server
-- import_playbook: playbooks/includes/monitor.yml
- tags:
- - monitor
-- import_playbook: playbooks/includes/manager.yml
- tags:
- - manager
-- import_playbook: playbooks/includes/wowza.yml
- tags:
- - wowza
-- import_playbook: playbooks/includes/celerity.yml
- tags:
- - celerity
-- import_playbook: playbooks/includes/worker.yml
- tags:
- - worker
-- import_playbook: playbooks/includes/server.yml
- tags:
- - server
-- import_playbook: playbooks/includes/vault.yml
- tags:
- - vault
-- import_playbook: playbooks/includes/import.yml
- tags:
- - import
-- import_playbook: playbooks/includes/netcapture.yml
- tags:
- - netcapture
-
-- import_playbook: playbooks/includes/certificates.yml
- tags:
- - certificates
- - monitor
- - manager
- - server
-- import_playbook: playbooks/includes/network.yml
- tags:
- - network
+- import_playbook: playbooks/postgres.yml
+ tags: postgres
+- import_playbook: playbooks/msmonitor.yml
+ tags: monitor
+- import_playbook: playbooks/mirismanager.yml
+ tags: manager
+- import_playbook: playbooks/wowza.yml
+ tags: wowza
+- import_playbook: playbooks/celerity.yml
+ tags: celerity
+- import_playbook: playbooks/mediaworker.yml
+ tags: worker
+- import_playbook: playbooks/mediaserver.yml
+ tags: server
+- import_playbook: playbooks/mediavault.yml
+ tags: vault
+- import_playbook: playbooks/mediaimport.yml
+ tags: import
+- import_playbook: playbooks/netcapture.yml
+ tags: netcapture
...