From 90be3710f7777c93e4bb83a68d16fb727931d975 Mon Sep 17 00:00:00 2001
From: Nicolas KAROLAK <nicolas@karolak.fr>
Date: Wed, 8 Apr 2020 14:19:20 +0000
Subject: [PATCH] simplify roles organization and renames
---
.ansible-lint | 3 +
.gitattributes | 2 +-
.gitignore | 2 +-
Makefile | 16 +-
doc/config.md | 10 +-
doc/deploy.md | 18 +-
doc/image.md | 10 +-
inventories/example/hosts | 12 +-
inventories/local-full/hosts | 12 +-
.../host_vars/localhost.dist.yml | 0
.../{local-server => local-mediaserver}/hosts | 10 +-
.../host_vars/localhost.dist.yml | 0
.../{local-vault => local-mediavault}/hosts | 4 +-
.../host_vars/localhost.dist.yml | 0
.../{local-worker => local-mediaworker}/hosts | 4 +-
molecule/default/converge.yml | 49 ++++
molecule/default/molecule.yml | 33 +--
...{test_040_celerity.py => test_celerity.py} | 0
.../tests/{test_010_conf.py => test_conf.py} | 0
.../tests/{test_011_init.py => test_init.py} | 0
...test_060_import.py => test_mediaimport.py} | 2 +-
...test_050_server.py => test_mediaserver.py} | 0
molecule/default/tests/test_mediavault.py | 35 +++
...test_041_worker.py => test_mediaworker.py} | 0
...st_030_manager.py => test_mirismanager.py} | 0
...{test_021_monitor.py => test_msmonitor.py} | 0
...t_070_netcapture.py => test_netcapture.py} | 0
.../{test_020_nginx.py => test_nginx.py} | 0
.../tests/{test_013_ntp.py => test_ntp.py} | 0
.../{test_012_postfix.py => test_postfix.py} | 0
...{test_022_postgres.py => test_postgres.py} | 0
.../{test_000_python3.py => test_python3.py} | 0
packer/example.json | 10 +-
playbooks/bench-server.yml | 4 -
playbooks/bench-worker.yml | 4 -
playbooks/celerity.yml | 31 ++-
playbooks/cluster.yml | 33 ++-
playbooks/import.yml | 14 --
playbooks/includes/base.yml | 15 --
playbooks/includes/celerity.yml | 12 -
playbooks/includes/certificates.yml | 20 --
playbooks/includes/check_docker.yml | 19 --
playbooks/includes/cluster.yml | 12 -
playbooks/includes/conf.yml | 13 -
playbooks/includes/firewall.yml | 13 -
playbooks/includes/import.yml | 12 -
playbooks/includes/init.yml | 17 --
playbooks/includes/manager.yml | 15 --
playbooks/includes/monitor.yml | 15 --
playbooks/includes/netcapture.yml | 12 -
playbooks/includes/network.yml | 14 --
playbooks/includes/postgres.yml | 12 -
playbooks/includes/python.yml | 14 --
playbooks/includes/server.yml | 15 --
playbooks/includes/vault.yml | 12 -
playbooks/includes/worker.yml | 12 -
playbooks/includes/wowza.yml | 12 -
playbooks/manager.yml | 16 --
playbooks/mediaimport.yml | 27 +++
playbooks/mediaserver.yml | 31 +++
playbooks/mediavault.yml | 27 +++
playbooks/mediaworker.yml | 27 +++
playbooks/mirismanager.yml | 31 +++
playbooks/monitor.yml | 15 --
playbooks/msmonitor.yml | 31 +++
playbooks/netcapture.yml | 31 ++-
playbooks/pod.yml | 226 ------------------
playbooks/postgres.yml | 27 +++
playbooks/server.yml | 16 --
playbooks/tests.yml | 12 +-
playbooks/vault.yml | 14 --
playbooks/worker.yml | 14 --
playbooks/wowza.yml | 31 ++-
requirements.dev.in | 6 +-
requirements.dev.txt | 39 ++-
requirements.txt | 2 +-
roles/base/meta/main.yml | 16 ++
roles/bench-server/meta/main.yml | 8 +
roles/bench-worker/meta/main.yml | 8 +
roles/celerity/meta/main.yml | 6 +
roles/celerity/tasks/main.yml | 2 +
roles/conf/defaults/main.yml | 2 +-
roles/conf/tasks/main.yml | 3 +
roles/init/defaults/main.yml | 1 +
roles/locale/tasks/main.yml | 7 +-
roles/logs/defaults/main.yml | 6 +
roles/logs/tasks/main.yml | 20 ++
roles/manager/defaults/main.yml | 47 ----
.../{import => mediaimport}/defaults/main.yml | 0
.../{import => mediaimport}/files/mediaimport | 0
.../files/mediaimport.py | 0
roles/{import => mediaimport}/files/on-upload | 0
.../files/on-upload.go | 0
.../{import => mediaimport}/handlers/main.yml | 0
roles/mediaimport/meta/main.yml | 6 +
roles/{import => mediaimport}/tasks/main.yml | 2 +
.../templates/mediaimport.json.j2 | 0
.../templates/sftp_config.j2 | 0
.../{server => mediaserver}/defaults/main.yml | 0
.../{server => mediaserver}/handlers/main.yml | 0
roles/mediaserver/meta/main.yml | 13 +
roles/{server => mediaserver}/tasks/main.yml | 10 +-
.../templates/celerity-config.py.j2 | 0
roles/{vault => mediavault}/defaults/main.yml | 11 +
roles/{vault => mediavault}/handlers/main.yml | 0
roles/mediavault/meta/main.yml | 4 +
roles/{vault => mediavault}/tasks/main.yml | 14 ++
.../templates/systemd-backup-service.j2 | 0
.../templates/systemd-backup-timer.j2 | 0
.../templates/systemd-mailer-script.j2 | 0
.../templates/systemd-mailer-service.j2 | 0
.../{worker => mediaworker}/defaults/main.yml | 0
.../{worker => mediaworker}/handlers/main.yml | 0
roles/mediaworker/meta/main.yml | 6 +
roles/{worker => mediaworker}/tasks/main.yml | 2 +
.../templates/celerity-config.py.j2 | 0
.../files/set_site_url.py | 6 +-
.../handlers/main.yml | 0
roles/mirismanager/meta/main.yml | 9 +
.../{manager => mirismanager}/tasks/main.yml | 6 +-
.../{monitor => msmonitor}/defaults/main.yml | 0
.../{monitor => msmonitor}/handlers/main.yml | 0
roles/msmonitor/meta/main.yml | 7 +
roles/{monitor => msmonitor}/tasks/main.yml | 2 +
roles/netcapture/defaults/main.yml | 6 +
roles/netcapture/meta/main.yml | 6 +
roles/netcapture/tasks/main.yml | 21 +-
roles/network/defaults/main.yml | 8 +-
roles/network/tasks/main.yml | 12 +-
roles/nginx/defaults/main.yml | 2 -
roles/nginx/handlers/main.yml | 2 +-
roles/nginx/tasks/_certs.yml | 41 ----
roles/nginx/tasks/_config.yml | 12 -
roles/nginx/tasks/_install.yml | 16 --
roles/nginx/tasks/main.yml | 63 ++++-
roles/postgres/tasks/main.yml | 16 +-
roles/proxy/tasks/main.yml | 2 +-
roles/python/tasks/main.yml | 13 -
roles/wowza/meta/main.yml | 6 +
roles/wowza/tasks/main.yml | 4 +-
site.yml | 90 +++----
141 files changed, 761 insertions(+), 990 deletions(-)
rename inventories/{local-server => local-mediaserver}/host_vars/localhost.dist.yml (100%)
rename inventories/{local-server => local-mediaserver}/hosts (66%)
rename inventories/{local-vault => local-mediavault}/host_vars/localhost.dist.yml (100%)
rename inventories/{local-vault => local-mediavault}/hosts (60%)
rename inventories/{local-worker => local-mediaworker}/host_vars/localhost.dist.yml (100%)
rename inventories/{local-worker => local-mediaworker}/hosts (59%)
create mode 100644 molecule/default/converge.yml
rename molecule/default/tests/{test_040_celerity.py => test_celerity.py} (100%)
rename molecule/default/tests/{test_010_conf.py => test_conf.py} (100%)
rename molecule/default/tests/{test_011_init.py => test_init.py} (100%)
rename molecule/default/tests/{test_060_import.py => test_mediaimport.py} (96%)
rename molecule/default/tests/{test_050_server.py => test_mediaserver.py} (100%)
create mode 100644 molecule/default/tests/test_mediavault.py
rename molecule/default/tests/{test_041_worker.py => test_mediaworker.py} (100%)
rename molecule/default/tests/{test_030_manager.py => test_mirismanager.py} (100%)
rename molecule/default/tests/{test_021_monitor.py => test_msmonitor.py} (100%)
rename molecule/default/tests/{test_070_netcapture.py => test_netcapture.py} (100%)
rename molecule/default/tests/{test_020_nginx.py => test_nginx.py} (100%)
rename molecule/default/tests/{test_013_ntp.py => test_ntp.py} (100%)
rename molecule/default/tests/{test_012_postfix.py => test_postfix.py} (100%)
rename molecule/default/tests/{test_022_postgres.py => test_postgres.py} (100%)
rename molecule/default/tests/{test_000_python3.py => test_python3.py} (100%)
delete mode 100755 playbooks/import.yml
delete mode 100755 playbooks/includes/base.yml
delete mode 100755 playbooks/includes/celerity.yml
delete mode 100755 playbooks/includes/certificates.yml
delete mode 100755 playbooks/includes/check_docker.yml
delete mode 100755 playbooks/includes/cluster.yml
delete mode 100755 playbooks/includes/conf.yml
delete mode 100755 playbooks/includes/firewall.yml
delete mode 100755 playbooks/includes/import.yml
delete mode 100755 playbooks/includes/init.yml
delete mode 100755 playbooks/includes/manager.yml
delete mode 100755 playbooks/includes/monitor.yml
delete mode 100755 playbooks/includes/netcapture.yml
delete mode 100755 playbooks/includes/network.yml
delete mode 100755 playbooks/includes/postgres.yml
delete mode 100755 playbooks/includes/python.yml
delete mode 100755 playbooks/includes/server.yml
delete mode 100755 playbooks/includes/vault.yml
delete mode 100755 playbooks/includes/worker.yml
delete mode 100755 playbooks/includes/wowza.yml
delete mode 100755 playbooks/manager.yml
create mode 100755 playbooks/mediaimport.yml
create mode 100755 playbooks/mediaserver.yml
create mode 100755 playbooks/mediavault.yml
create mode 100755 playbooks/mediaworker.yml
create mode 100755 playbooks/mirismanager.yml
delete mode 100755 playbooks/monitor.yml
create mode 100755 playbooks/msmonitor.yml
delete mode 100755 playbooks/pod.yml
create mode 100755 playbooks/postgres.yml
delete mode 100755 playbooks/server.yml
delete mode 100755 playbooks/vault.yml
delete mode 100755 playbooks/worker.yml
create mode 100644 roles/base/meta/main.yml
create mode 100644 roles/bench-server/meta/main.yml
create mode 100644 roles/bench-worker/meta/main.yml
create mode 100644 roles/celerity/meta/main.yml
create mode 100644 roles/logs/defaults/main.yml
create mode 100644 roles/logs/tasks/main.yml
delete mode 100644 roles/manager/defaults/main.yml
rename roles/{import => mediaimport}/defaults/main.yml (100%)
rename roles/{import => mediaimport}/files/mediaimport (100%)
rename roles/{import => mediaimport}/files/mediaimport.py (100%)
rename roles/{import => mediaimport}/files/on-upload (100%)
rename roles/{import => mediaimport}/files/on-upload.go (100%)
rename roles/{import => mediaimport}/handlers/main.yml (100%)
create mode 100644 roles/mediaimport/meta/main.yml
rename roles/{import => mediaimport}/tasks/main.yml (99%)
rename roles/{import => mediaimport}/templates/mediaimport.json.j2 (100%)
rename roles/{import => mediaimport}/templates/sftp_config.j2 (100%)
rename roles/{server => mediaserver}/defaults/main.yml (100%)
rename roles/{server => mediaserver}/handlers/main.yml (100%)
create mode 100644 roles/mediaserver/meta/main.yml
rename roles/{server => mediaserver}/tasks/main.yml (93%)
rename roles/{server => mediaserver}/templates/celerity-config.py.j2 (100%)
rename roles/{vault => mediavault}/defaults/main.yml (89%)
rename roles/{vault => mediavault}/handlers/main.yml (100%)
create mode 100644 roles/mediavault/meta/main.yml
rename roles/{vault => mediavault}/tasks/main.yml (88%)
rename roles/{vault => mediavault}/templates/systemd-backup-service.j2 (100%)
rename roles/{vault => mediavault}/templates/systemd-backup-timer.j2 (100%)
rename roles/{vault => mediavault}/templates/systemd-mailer-script.j2 (100%)
rename roles/{vault => mediavault}/templates/systemd-mailer-service.j2 (100%)
rename roles/{worker => mediaworker}/defaults/main.yml (100%)
rename roles/{worker => mediaworker}/handlers/main.yml (100%)
create mode 100644 roles/mediaworker/meta/main.yml
rename roles/{worker => mediaworker}/tasks/main.yml (96%)
rename roles/{worker => mediaworker}/templates/celerity-config.py.j2 (100%)
rename roles/{manager => mirismanager}/files/set_site_url.py (72%)
rename roles/{manager => mirismanager}/handlers/main.yml (100%)
create mode 100644 roles/mirismanager/meta/main.yml
rename roles/{manager => mirismanager}/tasks/main.yml (96%)
rename roles/{monitor => msmonitor}/defaults/main.yml (100%)
rename roles/{monitor => msmonitor}/handlers/main.yml (100%)
create mode 100644 roles/msmonitor/meta/main.yml
rename roles/{monitor => msmonitor}/tasks/main.yml (98%)
create mode 100644 roles/netcapture/meta/main.yml
delete mode 100644 roles/nginx/tasks/_certs.yml
delete mode 100644 roles/nginx/tasks/_config.yml
delete mode 100644 roles/nginx/tasks/_install.yml
delete mode 100644 roles/python/tasks/main.yml
create mode 100644 roles/wowza/meta/main.yml
diff --git a/.ansible-lint b/.ansible-lint
index ae6a780c..5fbaf4e3 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -7,4 +7,7 @@ exclude_paths:
- playbooks/upgrade.yml
- roles/_*/
+skip_list:
+ - '701'
+
...
diff --git a/.gitattributes b/.gitattributes
index d80a9fe1..89e09d2f 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1 @@
-roles/import/files/on-upload filter=lfs diff=lfs merge=lfs -text
+roles/mediaimport/files/on-upload filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
index 94b749e0..9858f9b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,7 @@ inventories/*
inventories/local*/host_vars/localhost.yml
playbooks/_*
roles/_*
-logs/
+./logs/
log/
# packer
diff --git a/Makefile b/Makefile
index a7688479..7c24eabf 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,5 @@
SHELL := /bin/bash
DOCKER_IMAGE_NAME := registry.ubicast.net/mediaserver/envsetup
-ifdef debug
- MOLECULE_FLAGS += --debug
-endif
-ifdef keep
- MOLECULE_TEST_FLAGS += --destroy=never
-endif
VENV := /tmp/pyvensetup
PIP_BIN = $(shell command -v $(VENV)/bin/pip3 || command -v pip3 || echo pip3)
PIP_COMPILE_BIN = $(shell command -v $(VENV)/bin/pip-compile || command -v pip-compile)
@@ -15,6 +9,14 @@ ANSIBLE_LINT_BIN = $(shell command -v ansible-lint || command -v $(VENV)/bin/ans
YAMLLINT_BIN = $(shell command -v yamllint || command -v $(VENV)/bin/yamllint)
FLAKE8_BIN = $(shell command -v flake8 || command -v $(VENV)/bin/flake8)
+# molecule tests flags
+ifdef debug
+ MOLECULE_FLAGS += --debug
+endif
+ifdef keep
+ MOLECULE_TEST_FLAGS += --destroy=never
+endif
+
.PHONY: all
## TARGET: DESCRIPTION: ARGS
all: help
@@ -50,7 +52,7 @@ lint:
$(ANSIBLE_LINT_BIN) site.yml
.PHONY: test
-## test: Run development tests on the project : debug=1, keep=1
+## test: Run development tests on the project : debug=1, keep=1, SKYREACH_SYSTEM_KEY=<xxx>
test:
ifndef SKYREACH_SYSTEM_KEY
$(error SKYREACH_SYSTEM_KEY is undefined)
diff --git a/doc/config.md b/doc/config.md
index 32a0e2b3..89908293 100644
--- a/doc/config.md
+++ b/doc/config.md
@@ -62,16 +62,16 @@ mymediaserver
mymediaworker
mymediavault
-[monitor]
+[msmonitor]
mymediaserver
[postgres]
mymediaserver
-[manager]
+[mirismanager]
mymediaserver
-[server]
+[mediaserver]
mymediaserver
[wowza]
@@ -80,10 +80,10 @@ mymediaserver
[celerity]
mymediaserver
-[worker]
+[mediaworker]
mymediaworker
-[vault]
+[mediavault]
mymediavault
```
diff --git a/doc/deploy.md b/doc/deploy.md
index f8f19397..92bb3bcc 100644
--- a/doc/deploy.md
+++ b/doc/deploy.md
@@ -11,37 +11,37 @@ make deploy i=inventories/my-customer
### MediaWorker
```sh
-make deploy i=inventories/my-customer l=worker
+make deploy i=inventories/my-customer l=mediaworker
```
### Monitor
```sh
-make deploy i=inventories/my-customer l=monitor
+make deploy i=inventories/my-customer l=msmonitor
```
### MirisManager
```sh
-make deploy i=inventories/my-customer l=manager
+make deploy i=inventories/my-customer l=mirismanager
```
### MediaServer
```sh
-make deploy i=inventories/my-customer l=server
+make deploy i=inventories/my-customer l=mediaserver
```
### MediaImport
```sh
-make deploy i=inventories/my-customer l=import
+make deploy i=inventories/my-customer l=mediaimport
```
### MediaVault
```sh
-make deploy i=inventories/my-customer l=vault
+make deploy i=inventories/my-customer l=mediavault
```
### Celerity
@@ -73,9 +73,9 @@ make deploy i=inventories/my-customer l=netcapture
Instead of deploying all host remotely through SSH, you can also clone the envsetup repository on the server as `root` in `~/envsetup`, then enter in the directory, configure the activation or system key and run one of those commands:
```sh
-make deploy i=inventories/local-server
-make deploy i=inventories/local-worker
-make deploy i=inventories/local-vault
+make deploy i=inventories/local-mediaserver
+make deploy i=inventories/local-mediaworker
+make deploy i=inventories/local-mediavault
```
## Known issues
diff --git a/doc/image.md b/doc/image.md
index 967c86d9..7ee677bc 100644
--- a/doc/image.md
+++ b/doc/image.md
@@ -28,13 +28,13 @@ Then you need the groups that will be applied to the machine, for example for a
"type": "ansible",
[...]
"groups": [
- "monitor",
+ "msmonitor",
"postgres",
- "manager",
+ "mirismanager",
"wowza",
"celerity",
- "server",
- "import"
+ "mediaserver",
+ "mediaimport"
]
}
]
@@ -52,7 +52,7 @@ For a worker:
"type": "ansible",
[...]
"groups": [
- "worker"
+ "mediaworker"
]
}
]
diff --git a/inventories/example/hosts b/inventories/example/hosts
index 1acf9be5..495e6bfe 100644
--- a/inventories/example/hosts
+++ b/inventories/example/hosts
@@ -8,16 +8,16 @@ mymediaworker ansible_host=10.0.0.2
; groups list and their members
-[monitor]
+[msmonitor]
mymediaserver
[postgres]
mymediaserver
-[manager]
+[mirismanager]
mymediaserver
-[server]
+[mediaserver]
mymediaserver
[wowza]
@@ -26,13 +26,13 @@ mymediaserver
[celerity]
mymediaserver
-[worker]
+[mediaworker]
mymediaworker
-[import]
+[mediaimport]
mymediaserver
-[vault]
+[mediavault]
[netcapture]
diff --git a/inventories/local-full/hosts b/inventories/local-full/hosts
index 5047b2e4..7ac5fbd7 100644
--- a/inventories/local-full/hosts
+++ b/inventories/local-full/hosts
@@ -1,15 +1,15 @@
localhost ansible_connection=local
-[monitor]
+[msmonitor]
localhost
[postgres]
localhost
-[manager]
+[mirismanager]
localhost
-[server]
+[mediaserver]
localhost
[wowza]
@@ -18,8 +18,10 @@ localhost
[celerity]
localhost
-[worker]
+[mediaworker]
localhost
-[import]
+[mediaimport]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-server/host_vars/localhost.dist.yml b/inventories/local-mediaserver/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-server/host_vars/localhost.dist.yml
rename to inventories/local-mediaserver/host_vars/localhost.dist.yml
diff --git a/inventories/local-server/hosts b/inventories/local-mediaserver/hosts
similarity index 66%
rename from inventories/local-server/hosts
rename to inventories/local-mediaserver/hosts
index ec3c7bcc..95b51cf5 100644
--- a/inventories/local-server/hosts
+++ b/inventories/local-mediaserver/hosts
@@ -1,15 +1,15 @@
localhost ansible_connection=local
-[monitor]
+[msmonitor]
localhost
[postgres]
localhost
-[manager]
+[mirismanager]
localhost
-[server]
+[mediaserver]
localhost
[wowza]
@@ -18,5 +18,7 @@ localhost
[celerity]
localhost
-[import]
+[mediaimport]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-vault/host_vars/localhost.dist.yml b/inventories/local-mediavault/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-vault/host_vars/localhost.dist.yml
rename to inventories/local-mediavault/host_vars/localhost.dist.yml
diff --git a/inventories/local-vault/hosts b/inventories/local-mediavault/hosts
similarity index 60%
rename from inventories/local-vault/hosts
rename to inventories/local-mediavault/hosts
index 8acb6f25..6dfe3095 100644
--- a/inventories/local-vault/hosts
+++ b/inventories/local-mediavault/hosts
@@ -1,4 +1,6 @@
localhost ansible_connection=local
-[vault]
+[mediavault]
localhost
+
+; vim:ft=dosini
diff --git a/inventories/local-worker/host_vars/localhost.dist.yml b/inventories/local-mediaworker/host_vars/localhost.dist.yml
similarity index 100%
rename from inventories/local-worker/host_vars/localhost.dist.yml
rename to inventories/local-mediaworker/host_vars/localhost.dist.yml
diff --git a/inventories/local-worker/hosts b/inventories/local-mediaworker/hosts
similarity index 59%
rename from inventories/local-worker/hosts
rename to inventories/local-mediaworker/hosts
index f3870ec4..4b3a22ad 100644
--- a/inventories/local-worker/hosts
+++ b/inventories/local-mediaworker/hosts
@@ -1,4 +1,6 @@
localhost ansible_connection=local
-[worker]
+[mediaworker]
localhost
+
+; vim:ft=dosini
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 00000000..0f6ee7c7
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,49 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: PYTHON
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: ensure python3 is installed
+ register: python_install
+ changed_when: "'es_pyinstall' in python_install.stdout_lines"
+ raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
+
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - base
+ - postgres
+ - msmonitor
+ - mirismanager
+ - wowza
+ - celerity
+ - mediaworker
+ - mediaserver
+ - mediaimport
+ - mediavault
+ - netcapture
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 4d9fe5f0..97d2cd39 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,11 +1,7 @@
---
-dependency:
- name: galaxy
driver:
name: docker
-lint:
- name: yamllint
platforms:
- name: debian-buster-${CI_PIPELINE_ID:-default}
image: registry.ubicast.net/docker/debian-systemd:buster
@@ -16,15 +12,15 @@ platforms:
tmpfs:
- /tmp
- /run
- - /run/lock
groups:
- celerity
- - manager
- - monitor
+ - mirismanager
+ - msmonitor
+ - wowza
- postgres
- - server
- - worker
- - import
+ - mediaserver
+ - mediaworker
+ - mediaimport
- netcapture
provisioner:
name: ansible
@@ -33,22 +29,5 @@ provisioner:
ANSIBLE_LIBRARY: ../../library
ANSIBLE_ACTION_PLUGINS: ../../plugins/action
ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
- lint:
- name: ansible-lint
- env:
- ANSIBLE_ROLES_PATH: ../../roles
- ANSIBLE_LIBRARY: ../../library
- ANSIBLE_ACTION_PLUGINS: ../../plugins/action
- ANSIBLE_PYTHON_INTERPRETER: /usr/bin/python3
- inventory:
- group_vars:
- all:
- ansible_python_interpreter: /usr/bin/python3
- playbooks:
- converge: ../../site.yml
verifier:
name: testinfra
- lint:
- name: flake8
- options:
- max-line-length: 90
diff --git a/molecule/default/tests/test_040_celerity.py b/molecule/default/tests/test_celerity.py
similarity index 100%
rename from molecule/default/tests/test_040_celerity.py
rename to molecule/default/tests/test_celerity.py
diff --git a/molecule/default/tests/test_010_conf.py b/molecule/default/tests/test_conf.py
similarity index 100%
rename from molecule/default/tests/test_010_conf.py
rename to molecule/default/tests/test_conf.py
diff --git a/molecule/default/tests/test_011_init.py b/molecule/default/tests/test_init.py
similarity index 100%
rename from molecule/default/tests/test_011_init.py
rename to molecule/default/tests/test_init.py
diff --git a/molecule/default/tests/test_060_import.py b/molecule/default/tests/test_mediaimport.py
similarity index 96%
rename from molecule/default/tests/test_060_import.py
rename to molecule/default/tests/test_mediaimport.py
index 72ecace9..0328895d 100644
--- a/molecule/default/tests/test_060_import.py
+++ b/molecule/default/tests/test_mediaimport.py
@@ -10,7 +10,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
# TODO: ubicast-mediaimport when released
def test_import_is_installed(host):
- p = host.package("python3-mediaserver-mediaimport")
+ p = host.package("ubicast-mediaimport")
assert p.is_installed
diff --git a/molecule/default/tests/test_050_server.py b/molecule/default/tests/test_mediaserver.py
similarity index 100%
rename from molecule/default/tests/test_050_server.py
rename to molecule/default/tests/test_mediaserver.py
diff --git a/molecule/default/tests/test_mediavault.py b/molecule/default/tests/test_mediavault.py
new file mode 100644
index 00000000..fc9ff9fa
--- /dev/null
+++ b/molecule/default/tests/test_mediavault.py
@@ -0,0 +1,35 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ["MOLECULE_INVENTORY_FILE"]
+).get_hosts("all")
+
+
+def test_rsync_is_installed(host):
+ p = host.package("rsync")
+
+ assert p.is_installed
+
+
+def test_rsync_time_backup_repo(host):
+ d = host.file("/usr/local/share/rsync-time-backup")
+
+ assert d.exists
+ assert d.is_directory
+
+
+def test_rsync_time_backup_link(host):
+ s = host.file("/usr/local/sbin/rsync_tmbackup")
+
+ assert s.exists
+ assert s.is_symlink
+
+
+def test_backup_dir(host):
+ d = host.file("/backup")
+
+ assert d.exists
+ assert d.is_directory
diff --git a/molecule/default/tests/test_041_worker.py b/molecule/default/tests/test_mediaworker.py
similarity index 100%
rename from molecule/default/tests/test_041_worker.py
rename to molecule/default/tests/test_mediaworker.py
diff --git a/molecule/default/tests/test_030_manager.py b/molecule/default/tests/test_mirismanager.py
similarity index 100%
rename from molecule/default/tests/test_030_manager.py
rename to molecule/default/tests/test_mirismanager.py
diff --git a/molecule/default/tests/test_021_monitor.py b/molecule/default/tests/test_msmonitor.py
similarity index 100%
rename from molecule/default/tests/test_021_monitor.py
rename to molecule/default/tests/test_msmonitor.py
diff --git a/molecule/default/tests/test_070_netcapture.py b/molecule/default/tests/test_netcapture.py
similarity index 100%
rename from molecule/default/tests/test_070_netcapture.py
rename to molecule/default/tests/test_netcapture.py
diff --git a/molecule/default/tests/test_020_nginx.py b/molecule/default/tests/test_nginx.py
similarity index 100%
rename from molecule/default/tests/test_020_nginx.py
rename to molecule/default/tests/test_nginx.py
diff --git a/molecule/default/tests/test_013_ntp.py b/molecule/default/tests/test_ntp.py
similarity index 100%
rename from molecule/default/tests/test_013_ntp.py
rename to molecule/default/tests/test_ntp.py
diff --git a/molecule/default/tests/test_012_postfix.py b/molecule/default/tests/test_postfix.py
similarity index 100%
rename from molecule/default/tests/test_012_postfix.py
rename to molecule/default/tests/test_postfix.py
diff --git a/molecule/default/tests/test_022_postgres.py b/molecule/default/tests/test_postgres.py
similarity index 100%
rename from molecule/default/tests/test_022_postgres.py
rename to molecule/default/tests/test_postgres.py
diff --git a/molecule/default/tests/test_000_python3.py b/molecule/default/tests/test_python3.py
similarity index 100%
rename from molecule/default/tests/test_000_python3.py
rename to molecule/default/tests/test_python3.py
diff --git a/packer/example.json b/packer/example.json
index ed316d9d..fd1539a1 100644
--- a/packer/example.json
+++ b/packer/example.json
@@ -79,14 +79,14 @@
],
"playbook_file": "site.yml",
"groups": [
- "monitor",
+ "msmonitor",
"postgres",
- "manager",
+ "mirismanager",
"wowza",
"celerity",
- "server",
- "worker",
- "import"
+ "mediaserver",
+ "mediaworker",
+ "mediaimport"
]
}
]
diff --git a/playbooks/bench-server.yml b/playbooks/bench-server.yml
index 0ef8cecb..1754ee65 100755
--- a/playbooks/bench-server.yml
+++ b/playbooks/bench-server.yml
@@ -1,10 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-
- name: DEPLOY BENCHMARK SERVER
hosts:
- bench_server
diff --git a/playbooks/bench-worker.yml b/playbooks/bench-worker.yml
index 6cb6031f..1f86b371 100755
--- a/playbooks/bench-worker.yml
+++ b/playbooks/bench-worker.yml
@@ -1,10 +1,6 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-
- name: DEPLOY BENCHMARK WORKERS
hosts:
- bench_worker
diff --git a/playbooks/celerity.yml b/playbooks/celerity.yml
index 7777414e..69751262 100755
--- a/playbooks/celerity.yml
+++ b/playbooks/celerity.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/celerity.yml
-
-- import_playbook: includes/network.yml
+- name: CELERITY SERVER
+ hosts: celerity
+ tags: celerity
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - celerity
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/cluster.yml b/playbooks/cluster.yml
index 432b1462..dcb1ab8d 100755
--- a/playbooks/cluster.yml
+++ b/playbooks/cluster.yml
@@ -1,16 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-- when: firewall_enabled | default(false) | bool
- import_playbook: includes/firewall.yml
-
-- import_playbook: includes/cluster.yml
-
-- import_playbook: includes/network.yml
+- name: CLUSTER
+ hosts: cluster
+ tags: cluster
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - cluster
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/import.yml b/playbooks/import.yml
deleted file mode 100755
index 10fe65e6..00000000
--- a/playbooks/import.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/import.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/includes/base.yml b/playbooks/includes/base.yml
deleted file mode 100755
index 890d6ec1..00000000
--- a/playbooks/includes/base.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: BASE
- hosts:
- - all
- tags:
- - always
- - base
- roles:
- - postfix
- - ntp
- - fail2ban
-
-...
diff --git a/playbooks/includes/celerity.yml b/playbooks/includes/celerity.yml
deleted file mode 100755
index b4d9f597..00000000
--- a/playbooks/includes/celerity.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CELERITY
- hosts:
- - celerity
- tags:
- - celerity
- roles:
- - celerity
-
-...
diff --git a/playbooks/includes/certificates.yml b/playbooks/includes/certificates.yml
deleted file mode 100755
index 5f059109..00000000
--- a/playbooks/includes/certificates.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CERTIFICATES
- hosts:
- - monitor
- - manager
- - server
- tags:
- - monitor
- - manager
- - server
- - letsencrypt
- roles:
- - role: letsencrypt
- when:
- - letsencrypt_enabled is defined
- - letsencrypt_enabled
-
-...
diff --git a/playbooks/includes/check_docker.yml b/playbooks/includes/check_docker.yml
deleted file mode 100755
index 026e58ad..00000000
--- a/playbooks/includes/check_docker.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CHECK IF RUNNING IN DOCKER
- hosts:
- - all
- tags:
- - always
- - check
- tasks:
- - name: check .dockerenv presence
- register: check_if_docker
- stat:
- path: /.dockerenv
- - name: set docker flag variable
- set_fact:
- in_docker: "{{ check_if_docker.stat.isreg is defined and check_if_docker.stat.isreg }}"
-
-...
diff --git a/playbooks/includes/cluster.yml b/playbooks/includes/cluster.yml
deleted file mode 100755
index a7b072f1..00000000
--- a/playbooks/includes/cluster.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CLUSTER
- hosts:
- - cluster
- tags:
- - cluster
- roles:
- - cluster
-
-...
diff --git a/playbooks/includes/conf.yml b/playbooks/includes/conf.yml
deleted file mode 100755
index e9ce9e78..00000000
--- a/playbooks/includes/conf.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: LOAD CONF
- hosts:
- - all
- tags:
- - always
- - conf
- roles:
- - conf
-
-...
diff --git a/playbooks/includes/firewall.yml b/playbooks/includes/firewall.yml
deleted file mode 100755
index b37ad0f8..00000000
--- a/playbooks/includes/firewall.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: FIREWALL
- hosts:
- - all
- tags:
- - always
- - firewall
- roles:
- - ferm
-
-...
diff --git a/playbooks/includes/import.yml b/playbooks/includes/import.yml
deleted file mode 100755
index 944c9ba7..00000000
--- a/playbooks/includes/import.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAIMPORT
- hosts:
- - import
- tags:
- - import
- roles:
- - import
-
-...
diff --git a/playbooks/includes/init.yml b/playbooks/includes/init.yml
deleted file mode 100755
index 06ba396e..00000000
--- a/playbooks/includes/init.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: INIT
- hosts:
- - all
- tags:
- - always
- - init
- roles:
- - init
- - repos
- - sysutils
- - locale
- - users
-
-...
diff --git a/playbooks/includes/manager.yml b/playbooks/includes/manager.yml
deleted file mode 100755
index ff6cfc37..00000000
--- a/playbooks/includes/manager.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MIRISMANAGER
- hosts:
- - manager
- tags:
- - manager
- vars:
- nginx_server_name: "{{ manager_hostname | default(envsetup_cm_server_name, true) }}"
- roles:
- - nginx
- - manager
-
-...
diff --git a/playbooks/includes/monitor.yml b/playbooks/includes/monitor.yml
deleted file mode 100755
index 358de25f..00000000
--- a/playbooks/includes/monitor.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MSMONITOR
- hosts:
- - monitor
- tags:
- - monitor
- vars:
- nginx_server_name: "{{ monitor_hostname | default(envsetup_monitor_server_name, true) }}"
- roles:
- - nginx
- - monitor
-
-...
diff --git a/playbooks/includes/netcapture.yml b/playbooks/includes/netcapture.yml
deleted file mode 100755
index fae8ca2c..00000000
--- a/playbooks/includes/netcapture.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: NETCAPTURE
- hosts:
- - netcapture
- tags:
- - netcapture
- roles:
- - netcapture
-
-...
diff --git a/playbooks/includes/network.yml b/playbooks/includes/network.yml
deleted file mode 100755
index 92f4d62b..00000000
--- a/playbooks/includes/network.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: CUSTOMIZE NETWORK SETTINGS
- hosts:
- - all
- tags:
- - always
- - network
- roles:
- - network
- - proxy
-
-...
diff --git a/playbooks/includes/postgres.yml b/playbooks/includes/postgres.yml
deleted file mode 100755
index dafae998..00000000
--- a/playbooks/includes/postgres.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POSTGRESQL
- hosts:
- - postgres
- tags:
- - postgres
- roles:
- - postgres
-
-...
diff --git a/playbooks/includes/python.yml b/playbooks/includes/python.yml
deleted file mode 100755
index b19c8a3b..00000000
--- a/playbooks/includes/python.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: ENSURE PYTHON
- hosts:
- - all
- tags:
- - always
- - python
- gather_facts: false
- roles:
- - python
-
-...
diff --git a/playbooks/includes/server.yml b/playbooks/includes/server.yml
deleted file mode 100755
index e35f0830..00000000
--- a/playbooks/includes/server.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIASERVER
- hosts:
- - server
- tags:
- - server
- vars:
- nginx_server_name: "{{ server_hostname | default(envsetup_ms_server_name, true) }}"
- roles:
- - nginx
- - server
-
-...
diff --git a/playbooks/includes/vault.yml b/playbooks/includes/vault.yml
deleted file mode 100755
index 89a7f49a..00000000
--- a/playbooks/includes/vault.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAVAULT
- hosts:
- - vault
- tags:
- - vault
- roles:
- - vault
-
-...
diff --git a/playbooks/includes/worker.yml b/playbooks/includes/worker.yml
deleted file mode 100755
index 7786fda4..00000000
--- a/playbooks/includes/worker.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAWORKER
- hosts:
- - worker
- tags:
- - worker
- roles:
- - worker
-
-...
diff --git a/playbooks/includes/wowza.yml b/playbooks/includes/wowza.yml
deleted file mode 100755
index 753f1671..00000000
--- a/playbooks/includes/wowza.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: WOWZA
- hosts:
- - wowza
- tags:
- - wowza
- roles:
- - wowza
-
-...
diff --git a/playbooks/manager.yml b/playbooks/manager.yml
deleted file mode 100755
index ea5f4af6..00000000
--- a/playbooks/manager.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/postgres.yml
-- import_playbook: includes/manager.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/mediaimport.yml b/playbooks/mediaimport.yml
new file mode 100755
index 00000000..637c8474
--- /dev/null
+++ b/playbooks/mediaimport.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAIMPORT
+ hosts: mediaimport
+ tags: mediaimport
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaimport
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediaserver.yml b/playbooks/mediaserver.yml
new file mode 100755
index 00000000..052ed623
--- /dev/null
+++ b/playbooks/mediaserver.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIASERVER
+ hosts: mediaserver
+ tags: mediaserver
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaserver
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediavault.yml b/playbooks/mediavault.yml
new file mode 100755
index 00000000..a45939fa
--- /dev/null
+++ b/playbooks/mediavault.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAVAULT
+ hosts: mediavault
+ tags: mediavault
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediavault
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mediaworker.yml b/playbooks/mediaworker.yml
new file mode 100755
index 00000000..1f0464c3
--- /dev/null
+++ b/playbooks/mediaworker.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MEDIAWORKER
+ hosts: mediaworker
+ tags: mediaworker
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mediaworker
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/mirismanager.yml b/playbooks/mirismanager.yml
new file mode 100755
index 00000000..a67d2210
--- /dev/null
+++ b/playbooks/mirismanager.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MIRIS MANAGER
+ hosts: mirismanager
+ tags: mirismanager
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - mirismanager
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/monitor.yml b/playbooks/monitor.yml
deleted file mode 100755
index fc8b4917..00000000
--- a/playbooks/monitor.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/monitor.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/msmonitor.yml b/playbooks/msmonitor.yml
new file mode 100755
index 00000000..fe3e96c0
--- /dev/null
+++ b/playbooks/msmonitor.yml
@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: MSMONITOR
+ hosts: msmonitor
+ tags: msmonitor
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - msmonitor
+ post_tasks:
+ - name: deploy letsencrypt certificate
+ when: letsencrypt_enabled | d(false)
+ include_role:
+ name: letsencrypt
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/netcapture.yml b/playbooks/netcapture.yml
index 7513cf46..aa1b3372 100755
--- a/playbooks/netcapture.yml
+++ b/playbooks/netcapture.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/netcapture.yml
-
-- import_playbook: includes/network.yml
+- name: NETCAPTURE
+ hosts: netcapture
+ tags: netcapture
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - netcapture
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/playbooks/pod.yml b/playbooks/pod.yml
deleted file mode 100755
index 2ae27f6d..00000000
--- a/playbooks/pod.yml
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POD INSTALLATION
- hosts:
- - pod
-
- vars:
-
- pod_elastic_version: 6
- pod_version: 2.2.2
- pod_project_path: /usr/local/pod
- pod_application_path: "{{ pod_project_path }}/app"
- pod_virtualenv_path: "{{ pod_project_path }}/venv"
- pod_superuser_name: admin
- pod_superuser_email: sysadmin+pod@ubicast.eu
- pod_superuser_password: pLafk0tt
- pod_site_name: pod.ubicast.net
- pod_site_domain: pod.ubicast.net
- pod_settings: |
- SECRET_KEY = 'T4b4B8BEP7kfHoSx7s49aUCR7NiY8zeZNcmJpQzZYYCDNCTv284rjSB262JAB8nQ'
- ALLOWED_HOSTS = ['{{ pod_site_domain }}', 'localhost', '127.0.0.1', '::1']
-
- handlers:
-
- - name: restart elastic
- systemd:
- name: elasticsearch
- state: restarted
-
- - name: flag create_pod_index
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.create_pod_index"
- state: touch
-
- - name: flag initialize_database
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.initialize_database"
- state: touch
-
- - name: flag create_superuser
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.create_superuser"
- state: touch
-
- - name: flag config_site
- become: true
- become_user: pod
- file:
- path: "{{ pod_project_path }}/.config_site"
- state: touch
-
- tasks:
-
- - name: os requirements
- apt:
- force_apt_get: true
- name:
- - build-essential
- - ffmpeg
- - ffmpegthumbnailer
- - git
- - imagemagick
- - libjpeg-dev
- - openjdk-11-jre
- - policykit-1
- - python3-dev
- - python3-venv
- - python3-wheel
- - zlib1g-dev
- state: present
-
- - name: elastic key
- apt_key:
- keyserver: pgp.mit.edu
- id: D88E42B4
- state: present
-
- - name: elastic repo
- apt_repository:
- repo: deb https://artifacts.elastic.co/packages/{{ pod_elastic_version }}.x/apt stable main
- filename: elastic-{{ pod_elastic_version }}.x
- state: present
-
- - name: elastic package
- apt:
- force_apt_get: true
- name:
- - elasticsearch
- state: present
-
- - name: elastic cluster name
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- regexp: '^#?cluster.name: '
- line: 'cluster.name: pod-application'
- state: present
-
- - name: elastic node name
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- regexp: '^#?node.name: '
- line: 'node.name: pod-1'
- state: present
-
- - name: elastic discovery host
- notify: restart elastic
- lineinfile:
- path: /etc/elasticsearch/elasticsearch.yml
- line: 'discovery.zen.ping.unicast.hosts: ["127.0.0.1"]'
- state: present
-
- - name: elastic plugin analysis-icu
- notify: restart elastic
- command: /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu
- args:
- creates: /usr/share/elasticsearch/plugins/analysis-icu
-
- - meta: flush_handlers
-
- - name: elastic service
- systemd:
- name: elasticsearch
- enabled: true
- state: started
-
- - name: pod group
- group:
- name: pod
- system: true
- state: present
-
- - name: pod user
- user:
- name: pod
- group: pod
- system: true
- password_lock: true
- state: present
-
- - name: pod project directory
- file:
- path: "{{ pod_project_path }}"
- owner: pod
- group: pod
- state: directory
-
- - name: pod repo
- become: true
- become_user: pod
- git:
- accept_hostkey: true
- repo: https://github.com/esupportail/podv2.git
- version: "{{ pod_version }}"
- dest: "{{ pod_application_path }}"
-
- - name: pod pip install
- become: true
- become_user: pod
- pip:
- virtualenv_command: /usr/bin/python3 -m venv
- virtualenv_site_packages: true
- virtualenv: "{{ pod_virtualenv_path }}"
- requirements: "{{ pod_application_path }}/requirements.txt"
- state: present
-
- - name: pod settings
- become: true
- become_user: pod
- copy:
- dest: "{{ pod_application_path }}/pod/custom/settings_local.py"
- content: "{{ pod_settings }}"
-
- - name: pod elastic index video
- become: true
- become_user: pod
- notify: flag create_pod_index
- command: "python {{ pod_application_path }}/manage.py create_pod_index"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.create_pod_index"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod initialize database
- become: true
- become_user: pod
- notify: flag initialize_database
- command: /usr/bin/sh {{ pod_application_path }}/create_data_base.sh
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.initialize_database"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod create superuser
- become: true
- become_user: pod
- notify: flag create_superuser
- shell: python manage.py shell -c "from django.contrib.auth.models import User; User.objects.create_superuser('{{ pod_superuser_name }}', '{{ pod_superuser_email }}', '{{ pod_superuser_password }}')"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.create_superuser"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
- - name: pod configure site
- become: true
- become_user: pod
- notify: flag config_site
- shell: python manage.py shell -c "from django.contrib.sites.models import Site; Site.objects.filter(pk=1).update(name='{{ pod_site_name }}', domain='{{ pod_site_domain }}')"
- args:
- chdir: "{{ pod_application_path }}"
- creates: "{{ pod_project_path }}/.config_site"
- environment:
- PATH: "{{ pod_virtualenv_path }}/bin:$PATH"
-
-...
diff --git a/playbooks/postgres.yml b/playbooks/postgres.yml
new file mode 100755
index 00000000..85b3916f
--- /dev/null
+++ b/playbooks/postgres.yml
@@ -0,0 +1,27 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: POSTGRESQL
+ hosts: postgres
+ tags: postgres
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - postgres
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
+
+...
diff --git a/playbooks/server.yml b/playbooks/server.yml
deleted file mode 100755
index 3bd48187..00000000
--- a/playbooks/server.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/postgres.yml
-- import_playbook: includes/server.yml
-
-- import_playbook: includes/certificates.yml
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/tests.yml b/playbooks/tests.yml
index df7fbc2a..d5b0f2e4 100755
--- a/playbooks/tests.yml
+++ b/playbooks/tests.yml
@@ -11,14 +11,14 @@
- name: remove envsetup tester log
when: tester_reset_log
file:
- path: /root/envsetup/log_tester.txt
+ path: /root/envsetup/logs/tester.txt
state: absent
- name: envsetup tester
- shell: |
- set -o pipefail
- python3 /root/envsetup/tester.py 2>&1 | tee /root/envsetup/log_tester.txt
- args:
- creates: /root/envsetup/log_tester.txt
+ shell:
+ cmd: |
+ set -o pipefail
+ python3 /root/envsetup/tester.py 2>&1 | tee /root/envsetup/logs/tester.txt
+ creates: /root/envsetup/logs/tester.txt
executable: /bin/bash
...
diff --git a/playbooks/vault.yml b/playbooks/vault.yml
deleted file mode 100755
index bf884c8e..00000000
--- a/playbooks/vault.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/vault.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/worker.yml b/playbooks/worker.yml
deleted file mode 100755
index f02c1442..00000000
--- a/playbooks/worker.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/worker.yml
-
-- import_playbook: includes/network.yml
-
-...
diff --git a/playbooks/wowza.yml b/playbooks/wowza.yml
index f0882a11..881eefeb 100755
--- a/playbooks/wowza.yml
+++ b/playbooks/wowza.yml
@@ -1,14 +1,27 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: includes/python.yml
-- import_playbook: includes/check_docker.yml
-- import_playbook: includes/conf.yml
-- import_playbook: includes/init.yml
-- import_playbook: includes/base.yml
-
-- import_playbook: includes/wowza.yml
-
-- import_playbook: includes/network.yml
+- name: WOWZA
+ hosts: wowza
+ tags: wowza
+ pre_tasks:
+ - name: check running in a docker container
+ register: check_if_docker
+ stat:
+ path: /.dockerenv
+ - name: set docker flag variable
+ set_fact:
+ in_docker: "{{ check_if_docker.stat.exists | d(false) }}"
+ roles:
+ - wowza
+ post_tasks:
+ - name: configure network
+ when: network_apply | d(false)
+ include_role:
+ name: network
+ - name: configure proxy
+ when: proxy_apply | d(false)
+ include_role:
+ name: proxy
...
diff --git a/requirements.dev.in b/requirements.dev.in
index f453c2fe..a5e18ddb 100644
--- a/requirements.dev.in
+++ b/requirements.dev.in
@@ -1,7 +1,7 @@
-r requirements.in
ansible-lint
-molecule[docker] ~= 2.22
+flake8
+molecule[docker]
pip-tools
-pre-commit
-pylint
+testinfra
yamllint
diff --git a/requirements.dev.txt b/requirements.dev.txt
index 22a25e9b..8b7d8ba0 100644
--- a/requirements.dev.txt
+++ b/requirements.dev.txt
@@ -4,43 +4,40 @@
#
# pip-compile --output-file=requirements.dev.txt requirements.dev.in
#
-ansible-lint==4.2.0 # via -r requirements.dev.in, molecule
+ansible-lint==4.2.0 # via -r requirements.dev.in
ansible==2.9.6 # via -r requirements.in, ansible-lint, molecule
-anyconfig==0.9.7 # via molecule
appdirs==1.4.3 # via virtualenv
arrow==0.15.5 # via jinja2-time
aspy.yaml==1.3.0 # via pre-commit
-astroid==2.3.3 # via pylint
attrs==19.3.0 # via pytest
bcrypt==3.1.7 # via paramiko
binaryornot==0.4.4 # via cookiecutter
cerberus==1.3.2 # via molecule
-certifi==2019.11.28 # via requests
+certifi==2020.4.5.1 # via requests
cffi==1.14.0 # via bcrypt, cryptography, pynacl
cfgv==3.1.0 # via pre-commit
chardet==3.0.4 # via binaryornot, requests
click-completion==0.5.2 # via molecule
-click==7.1.1 # via click-completion, cookiecutter, molecule, pip-tools, python-gilt
+click-help-colors==0.8 # via molecule
+click==7.1.1 # via click-completion, click-help-colors, cookiecutter, molecule, pip-tools, python-gilt
colorama==0.4.3 # via molecule, python-gilt
cookiecutter==1.7.0 # via molecule
-cryptography==2.8 # via ansible, paramiko
+cryptography==2.9 # via ansible, paramiko
distlib==0.3.0 # via virtualenv
docker==4.2.0 # via molecule
entrypoints==0.3 # via flake8
fasteners==0.15 # via python-gilt
filelock==3.0.12 # via virtualenv
-flake8==3.7.9 # via molecule
+flake8==3.7.9 # via -r requirements.dev.in
future==0.18.2 # via cookiecutter
-identify==1.4.13 # via pre-commit
+identify==1.4.14 # via pre-commit
idna==2.9 # via requests
-importlib-metadata==1.5.2 # via pluggy, pre-commit, pytest, virtualenv
-isort==4.3.21 # via pylint
+importlib-metadata==1.6.0 # via pluggy, pre-commit, pytest, virtualenv
jinja2-time==0.2.0 # via cookiecutter
jinja2==2.11.1 # via ansible, click-completion, cookiecutter, jinja2-time, molecule
-lazy-object-proxy==1.4.3 # via astroid
markupsafe==1.1.1 # via jinja2
-mccabe==0.6.1 # via flake8, pylint
-molecule[docker]==2.22 # via -r requirements.dev.in
+mccabe==0.6.1 # via flake8
+molecule[docker]==3.0.2 # via -r requirements.dev.in
monotonic==1.5 # via fasteners
more-itertools==8.2.0 # via pytest
netaddr==0.7.19 # via -r requirements.in
@@ -50,18 +47,16 @@ paramiko==2.7.1 # via molecule
pathspec==0.7.0 # via yamllint
pexpect==4.8.0 # via molecule
pip-tools==4.5.1 # via -r requirements.dev.in
-pluggy==0.13.1 # via pytest
+pluggy==0.13.1 # via molecule, pytest
poyo==0.5.0 # via cookiecutter
-pre-commit==1.21.0 # via -r requirements.dev.in, molecule
-psutil==5.7.0 # via molecule
+pre-commit==1.21.0 # via molecule
ptyprocess==0.6.0 # via pexpect
py==1.8.1 # via pytest
pycodestyle==2.5.0 # via flake8
pycparser==2.20 # via cffi
pyflakes==2.1.1 # via flake8
-pylint==2.4.4 # via -r requirements.dev.in
pynacl==1.3.0 # via paramiko
-pyparsing==2.4.6 # via packaging
+pyparsing==2.4.7 # via packaging
pytest==5.4.1 # via testinfra
python-dateutil==2.8.1 # via arrow
python-gilt==1.2.3 # via molecule
@@ -71,18 +66,16 @@ ruamel.yaml.clib==0.2.0 # via ruamel.yaml
ruamel.yaml==0.16.10 # via ansible-lint
sh==1.12.14 # via molecule, python-gilt
shellingham==1.3.2 # via click-completion
-six==1.14.0 # via ansible-lint, astroid, bcrypt, click-completion, cryptography, docker, fasteners, molecule, packaging, pip-tools, pre-commit, pynacl, python-dateutil, testinfra, virtualenv, websocket-client
+six==1.14.0 # via ansible-lint, bcrypt, click-completion, cryptography, docker, fasteners, molecule, packaging, pip-tools, pre-commit, pynacl, python-dateutil, virtualenv, websocket-client
tabulate==0.8.7 # via molecule
-testinfra==3.4.0 # via molecule
+testinfra==5.0.0 # via -r requirements.dev.in
toml==0.10.0 # via pre-commit
tree-format==0.1.2 # via molecule
-typed-ast==1.4.1 # via astroid
urllib3==1.25.8 # via requests
-virtualenv==20.0.14 # via pre-commit
+virtualenv==20.0.16 # via pre-commit
wcwidth==0.1.9 # via pytest
websocket-client==0.57.0 # via docker
whichcraft==0.6.1 # via cookiecutter
-wrapt==1.11.2 # via astroid
yamllint==1.21.0 # via -r requirements.dev.in, molecule
zipp==3.1.0 # via importlib-metadata
diff --git a/requirements.txt b/requirements.txt
index 8e2caf92..a66b3f77 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
#
ansible==2.9.6 # via -r requirements.in
cffi==1.14.0 # via cryptography
-cryptography==2.8 # via ansible
+cryptography==2.9 # via ansible
jinja2==2.11.1 # via ansible
markupsafe==1.1.1 # via jinja2
netaddr==0.7.19 # via -r requirements.in
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
new file mode 100644
index 00000000..bddea6df
--- /dev/null
+++ b/roles/base/meta/main.yml
@@ -0,0 +1,16 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+ - role: sysutils
+ - role: logs
+ - role: locale
+ - role: users
+ - role: postfix
+ - role: ntp
+ - role: ferm
+ - role: fail2ban
+
+...
diff --git a/roles/bench-server/meta/main.yml b/roles/bench-server/meta/main.yml
new file mode 100644
index 00000000..c76bb2fd
--- /dev/null
+++ b/roles/bench-server/meta/main.yml
@@ -0,0 +1,8 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+
+...
diff --git a/roles/bench-worker/meta/main.yml b/roles/bench-worker/meta/main.yml
new file mode 100644
index 00000000..c76bb2fd
--- /dev/null
+++ b/roles/bench-worker/meta/main.yml
@@ -0,0 +1,8 @@
+---
+
+dependencies:
+ - role: conf
+ - role: init
+ - role: repos
+
+...
diff --git a/roles/celerity/meta/main.yml b/roles/celerity/meta/main.yml
new file mode 100644
index 00000000..e45d692a
--- /dev/null
+++ b/roles/celerity/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/celerity/tasks/main.yml b/roles/celerity/tasks/main.yml
index 995d95f9..fdc66eb5 100644
--- a/roles/celerity/tasks/main.yml
+++ b/roles/celerity/tasks/main.yml
@@ -40,4 +40,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/conf/defaults/main.yml b/roles/conf/defaults/main.yml
index f2494667..aa9610a5 100644
--- a/roles/conf/defaults/main.yml
+++ b/roles/conf/defaults/main.yml
@@ -10,7 +10,7 @@ conf_repo_url: https://mirismanager.ubicast.eu/git/mediaserver/envsetup.git
conf_repo_version: stable
conf_repo_dest: /root/envsetup
-conf_host: "{{ skyreach_host | default('panel.ubicast.eu', true) }}"
+conf_host: "{{ skyreach_host | default('mirismanager.ubicast.eu', true) }}"
conf_valid_cert: "{{ skyreach_valid_cert | default(true, true) }}"
skyreach_activation_key: "{{ lookup('env', 'SKYREACH_ACTIVATION_KEY') }}"
diff --git a/roles/conf/tasks/main.yml b/roles/conf/tasks/main.yml
index 89d429ee..f48c0c8d 100644
--- a/roles/conf/tasks/main.yml
+++ b/roles/conf/tasks/main.yml
@@ -1,6 +1,9 @@
---
- name: proxy
+ when:
+ - proxy_http | d()
+ - proxy_https | d()
include_role:
name: proxy
diff --git a/roles/init/defaults/main.yml b/roles/init/defaults/main.yml
index 784cc1cc..d140d408 100644
--- a/roles/init/defaults/main.yml
+++ b/roles/init/defaults/main.yml
@@ -4,5 +4,6 @@ init_packages:
- apt-utils
- gnupg
- ssh-client
+ - sudo
...
diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml
index e40deb53..fe3dbed7 100644
--- a/roles/locale/tasks/main.yml
+++ b/roles/locale/tasks/main.yml
@@ -3,6 +3,7 @@
- name: install locale packages
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ locale_packages }}"
- name: generate locale
@@ -14,9 +15,9 @@
copy:
dest: /etc/default/locale
content: |
- LANG="{{ init_locale }}"
- LANGUAGE="{{ init_locale }}"
- LC_ALL="{{ init_locale }}"
+ LANG={{ init_locale }}
+ LANGUAGE={{ init_locale }}
+ LC_ALL={{ init_locale }}
- name: set locale.gen
notify: update locale
diff --git a/roles/logs/defaults/main.yml b/roles/logs/defaults/main.yml
new file mode 100644
index 00000000..cc884aef
--- /dev/null
+++ b/roles/logs/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+logs_packages:
+ - rsyslog
+
+...
diff --git a/roles/logs/tasks/main.yml b/roles/logs/tasks/main.yml
new file mode 100644
index 00000000..9b32ca85
--- /dev/null
+++ b/roles/logs/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- name: install logs packages
+ apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ logs_packages }}"
+
+- name: start rsyslog
+ systemd:
+ name: rsyslog
+ enabled: true
+ state: started
+
+- name: ensure journald logs persistence is enabled
+ file:
+ path: /var/log/journal
+ state: directory
+
+...
diff --git a/roles/manager/defaults/main.yml b/roles/manager/defaults/main.yml
deleted file mode 100644
index 1bad1e9c..00000000
--- a/roles/manager/defaults/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-
-manager_packages:
- - ubicast-skyreach
- - ubicast-skyreach-runtime
-
-manager_testing: false
-manager_mail: dev-mediaserver@ubicast.eu
-manager_hostname: "{{ envsetup_cm_server_name }}"
-manager_default_email_sender: "noreply@{{ manager_hostname }}"
-manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
-manager_proxy_http: "{{ envsetup_proxy_http }}"
-
-manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
-manager_f2b_filter:
- name: manager
- content: |
- [INCLUDES]
- before = common.conf
- [Definition]
- failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
- INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
- ignoreregex =
-manager_f2b_jail:
- name: manager
- content: |
- [manager]
- logpath = /home/skyreach/.skyreach/logs/skyreach.log
- enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
-
-manager_firewall_enabled: true
-manager_ferm_rules_filename: manager
-manager_ferm_input_rules:
- - proto:
- - tcp
- dport:
- - 80
- - 443
- - saddr: "{{ groups['all'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
- proto:
- - tcp
- dport:
- - 3142
-manager_ferm_output_rules: []
-manager_ferm_global_settings:
-
-...
diff --git a/roles/import/defaults/main.yml b/roles/mediaimport/defaults/main.yml
similarity index 100%
rename from roles/import/defaults/main.yml
rename to roles/mediaimport/defaults/main.yml
diff --git a/roles/import/files/mediaimport b/roles/mediaimport/files/mediaimport
similarity index 100%
rename from roles/import/files/mediaimport
rename to roles/mediaimport/files/mediaimport
diff --git a/roles/import/files/mediaimport.py b/roles/mediaimport/files/mediaimport.py
similarity index 100%
rename from roles/import/files/mediaimport.py
rename to roles/mediaimport/files/mediaimport.py
diff --git a/roles/import/files/on-upload b/roles/mediaimport/files/on-upload
similarity index 100%
rename from roles/import/files/on-upload
rename to roles/mediaimport/files/on-upload
diff --git a/roles/import/files/on-upload.go b/roles/mediaimport/files/on-upload.go
similarity index 100%
rename from roles/import/files/on-upload.go
rename to roles/mediaimport/files/on-upload.go
diff --git a/roles/import/handlers/main.yml b/roles/mediaimport/handlers/main.yml
similarity index 100%
rename from roles/import/handlers/main.yml
rename to roles/mediaimport/handlers/main.yml
diff --git a/roles/mediaimport/meta/main.yml b/roles/mediaimport/meta/main.yml
new file mode 100644
index 00000000..e45d692a
--- /dev/null
+++ b/roles/mediaimport/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/import/tasks/main.yml b/roles/mediaimport/tasks/main.yml
similarity index 99%
rename from roles/import/tasks/main.yml
rename to roles/mediaimport/tasks/main.yml
index 8dbac10c..acf0beb7 100644
--- a/roles/import/tasks/main.yml
+++ b/roles/mediaimport/tasks/main.yml
@@ -174,4 +174,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/import/templates/mediaimport.json.j2 b/roles/mediaimport/templates/mediaimport.json.j2
similarity index 100%
rename from roles/import/templates/mediaimport.json.j2
rename to roles/mediaimport/templates/mediaimport.json.j2
diff --git a/roles/import/templates/sftp_config.j2 b/roles/mediaimport/templates/sftp_config.j2
similarity index 100%
rename from roles/import/templates/sftp_config.j2
rename to roles/mediaimport/templates/sftp_config.j2
diff --git a/roles/server/defaults/main.yml b/roles/mediaserver/defaults/main.yml
similarity index 100%
rename from roles/server/defaults/main.yml
rename to roles/mediaserver/defaults/main.yml
diff --git a/roles/server/handlers/main.yml b/roles/mediaserver/handlers/main.yml
similarity index 100%
rename from roles/server/handlers/main.yml
rename to roles/mediaserver/handlers/main.yml
diff --git a/roles/mediaserver/meta/main.yml b/roles/mediaserver/meta/main.yml
new file mode 100644
index 00000000..25ac88cf
--- /dev/null
+++ b/roles/mediaserver/meta/main.yml
@@ -0,0 +1,13 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+ - when: "'celerity' in group_names"
+ role: celerity
+ - when: "'postgres' in group_names"
+ role: postgres
+ - when: "'wowza' in group_names"
+ role: wowza
+
+...
diff --git a/roles/server/tasks/main.yml b/roles/mediaserver/tasks/main.yml
similarity index 93%
rename from roles/server/tasks/main.yml
rename to roles/mediaserver/tasks/main.yml
index 6d8d96a7..e3a37940 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -83,11 +83,11 @@
# SYNCHRONIZE
- name: sync all mediaservers
- when: groups['server'] | length > 1
+ when: groups['mediaserver'] | length > 1
block:
- name: save config of first mediaserver
- when: inventory_hostname == groups['server'][0]
+ when: inventory_hostname == groups['mediaserver'][0]
register: server_primary_config
loop:
- /etc/passwd
@@ -97,8 +97,8 @@
path: "{{ item }}"
- name: deploy saved config
- when: inventory_hostname != groups['server'][0]
- loop: "{{ hostvars[groups['server'][0]].c.results }}"
+ when: inventory_hostname != groups['mediaserver'][0]
+ loop: "{{ hostvars[groups['mediaserver'][0]].c.results }}"
copy:
dest: "{{ item.source }}"
content: "{{ item.content | b64decode }}"
@@ -125,4 +125,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/server/templates/celerity-config.py.j2 b/roles/mediaserver/templates/celerity-config.py.j2
similarity index 100%
rename from roles/server/templates/celerity-config.py.j2
rename to roles/mediaserver/templates/celerity-config.py.j2
diff --git a/roles/vault/defaults/main.yml b/roles/mediavault/defaults/main.yml
similarity index 89%
rename from roles/vault/defaults/main.yml
rename to roles/mediavault/defaults/main.yml
index 00acdfc7..0589de53 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/mediavault/defaults/main.yml
@@ -55,4 +55,15 @@ mv_backup:
exclude_list_name: "{{ mv_exclude_list_name }}"
exclude_list_items: "{{ mv_exclude_list_items }}"
+# firewall rules
+mv_firewall_enabled: true
+mv_ferm_rules_filename: vault
+mv_ferm_input_rules: []
+mv_ferm_output_rules:
+ - proto:
+ - tcp
+ dport:
+ - 22
+mv_ferm_global_settings:
+
...
diff --git a/roles/vault/handlers/main.yml b/roles/mediavault/handlers/main.yml
similarity index 100%
rename from roles/vault/handlers/main.yml
rename to roles/mediavault/handlers/main.yml
diff --git a/roles/mediavault/meta/main.yml b/roles/mediavault/meta/main.yml
new file mode 100644
index 00000000..4bdca2ef
--- /dev/null
+++ b/roles/mediavault/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+ - role: base
diff --git a/roles/vault/tasks/main.yml b/roles/mediavault/tasks/main.yml
similarity index 88%
rename from roles/vault/tasks/main.yml
rename to roles/mediavault/tasks/main.yml
index cd9eeabe..4b292ff6 100644
--- a/roles/vault/tasks/main.yml
+++ b/roles/mediavault/tasks/main.yml
@@ -101,4 +101,18 @@
masked: false
state: started
+# FIREWALL
+
+- name: firewall
+ when: mv_firewall_enabled
+ vars:
+ ferm_rules_filename: "{{ mv_ferm_rules_filename }}"
+ ferm_input_rules: "{{ mv_ferm_input_rules }}"
+ ferm_output_rules: "{{ mv_ferm_output_rules }}"
+ ferm_global_settings: "{{ mv_ferm_global_settings }}"
+ include_role:
+ name: ferm
+
+- meta: flush_handlers
+
...
diff --git a/roles/vault/templates/systemd-backup-service.j2 b/roles/mediavault/templates/systemd-backup-service.j2
similarity index 100%
rename from roles/vault/templates/systemd-backup-service.j2
rename to roles/mediavault/templates/systemd-backup-service.j2
diff --git a/roles/vault/templates/systemd-backup-timer.j2 b/roles/mediavault/templates/systemd-backup-timer.j2
similarity index 100%
rename from roles/vault/templates/systemd-backup-timer.j2
rename to roles/mediavault/templates/systemd-backup-timer.j2
diff --git a/roles/vault/templates/systemd-mailer-script.j2 b/roles/mediavault/templates/systemd-mailer-script.j2
similarity index 100%
rename from roles/vault/templates/systemd-mailer-script.j2
rename to roles/mediavault/templates/systemd-mailer-script.j2
diff --git a/roles/vault/templates/systemd-mailer-service.j2 b/roles/mediavault/templates/systemd-mailer-service.j2
similarity index 100%
rename from roles/vault/templates/systemd-mailer-service.j2
rename to roles/mediavault/templates/systemd-mailer-service.j2
diff --git a/roles/worker/defaults/main.yml b/roles/mediaworker/defaults/main.yml
similarity index 100%
rename from roles/worker/defaults/main.yml
rename to roles/mediaworker/defaults/main.yml
diff --git a/roles/worker/handlers/main.yml b/roles/mediaworker/handlers/main.yml
similarity index 100%
rename from roles/worker/handlers/main.yml
rename to roles/mediaworker/handlers/main.yml
diff --git a/roles/mediaworker/meta/main.yml b/roles/mediaworker/meta/main.yml
new file mode 100644
index 00000000..e45d692a
--- /dev/null
+++ b/roles/mediaworker/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/worker/tasks/main.yml b/roles/mediaworker/tasks/main.yml
similarity index 96%
rename from roles/worker/tasks/main.yml
rename to roles/mediaworker/tasks/main.yml
index b23cfcf1..8663c1ce 100644
--- a/roles/worker/tasks/main.yml
+++ b/roles/mediaworker/tasks/main.yml
@@ -30,4 +30,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/worker/templates/celerity-config.py.j2 b/roles/mediaworker/templates/celerity-config.py.j2
similarity index 100%
rename from roles/worker/templates/celerity-config.py.j2
rename to roles/mediaworker/templates/celerity-config.py.j2
diff --git a/roles/manager/files/set_site_url.py b/roles/mirismanager/files/set_site_url.py
similarity index 72%
rename from roles/manager/files/set_site_url.py
rename to roles/mirismanager/files/set_site_url.py
index e72283ac..256eff01 100644
--- a/roles/manager/files/set_site_url.py
+++ b/roles/mirismanager/files/set_site_url.py
@@ -6,7 +6,7 @@ import django
django.setup()
-from skyreach_site.base.models import SiteSettings
+from skyreach_site.base.models import SiteSettings # noqa
def main():
@@ -15,10 +15,10 @@ def main():
args = parser.parse_args()
ss = SiteSettings.get_singleton()
- ss.url = "https://{}".format(args.url)
+ ss.url = f"https://{args.url}"
ss.save()
- path = "/home/skyreach/{}.log".format(args.url)
+ path = f"/home/skyreach/.{args.url}.log"
with open(path, "w") as flag:
flag.write("ok")
diff --git a/roles/manager/handlers/main.yml b/roles/mirismanager/handlers/main.yml
similarity index 100%
rename from roles/manager/handlers/main.yml
rename to roles/mirismanager/handlers/main.yml
diff --git a/roles/mirismanager/meta/main.yml b/roles/mirismanager/meta/main.yml
new file mode 100644
index 00000000..c4cc4780
--- /dev/null
+++ b/roles/mirismanager/meta/main.yml
@@ -0,0 +1,9 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+ - when: "'postgres' in group_names"
+ role: postgres
+
+...
diff --git a/roles/manager/tasks/main.yml b/roles/mirismanager/tasks/main.yml
similarity index 96%
rename from roles/manager/tasks/main.yml
rename to roles/mirismanager/tasks/main.yml
index 4c1973bd..80ebfd4b 100644
--- a/roles/manager/tasks/main.yml
+++ b/roles/mirismanager/tasks/main.yml
@@ -25,11 +25,11 @@
- name: configure domain name in database
become: true
become_user: skyreach
- script: files/set_site_url.py {{ manager_hostname }}
environment:
PYTHONPATH: "/home/skyreach/htdocs/skyreach_site:/home/skyreach/htdocs:${PYTHONPATH}"
DJANGO_SETTINGS_MODULE: settings
- args:
+ script:
+ cmd: files/set_site_url.py {{ manager_hostname }}
executable: python3
creates: /home/skyreach/.{{ manager_hostname }}.log
@@ -90,4 +90,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/monitor/defaults/main.yml b/roles/msmonitor/defaults/main.yml
similarity index 100%
rename from roles/monitor/defaults/main.yml
rename to roles/msmonitor/defaults/main.yml
diff --git a/roles/monitor/handlers/main.yml b/roles/msmonitor/handlers/main.yml
similarity index 100%
rename from roles/monitor/handlers/main.yml
rename to roles/msmonitor/handlers/main.yml
diff --git a/roles/msmonitor/meta/main.yml b/roles/msmonitor/meta/main.yml
new file mode 100644
index 00000000..9c7711bb
--- /dev/null
+++ b/roles/msmonitor/meta/main.yml
@@ -0,0 +1,7 @@
+---
+
+dependencies:
+ - role: base
+ - role: nginx
+
+...
diff --git a/roles/monitor/tasks/main.yml b/roles/msmonitor/tasks/main.yml
similarity index 98%
rename from roles/monitor/tasks/main.yml
rename to roles/msmonitor/tasks/main.yml
index 82b01504..e8918495 100644
--- a/roles/monitor/tasks/main.yml
+++ b/roles/msmonitor/tasks/main.yml
@@ -67,4 +67,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/netcapture/defaults/main.yml b/roles/netcapture/defaults/main.yml
index d2de6931..7a81c735 100644
--- a/roles/netcapture/defaults/main.yml
+++ b/roles/netcapture/defaults/main.yml
@@ -11,4 +11,10 @@ netcapture_hw_acceleration: false
netcapture_miris_user_pwd: "{{ lookup('password', '/tmp/passwordfile length=12 chars=ascii_letters,digits') }}"
netcapture_miris_auth: true
+netcapture_firewall_enabled: true
+netcapture_ferm_rules_filename: netcapture
+netcapture_ferm_input_rules: []
+netcapture_ferm_output_rules: []
+netcapture_ferm_global_settings:
+
...
diff --git a/roles/netcapture/meta/main.yml b/roles/netcapture/meta/main.yml
new file mode 100644
index 00000000..e45d692a
--- /dev/null
+++ b/roles/netcapture/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/netcapture/tasks/main.yml b/roles/netcapture/tasks/main.yml
index 04adc331..b514e748 100644
--- a/roles/netcapture/tasks/main.yml
+++ b/roles/netcapture/tasks/main.yml
@@ -3,6 +3,7 @@
- name: requirements install
apt:
force_apt_get: true
+ install_recommends: false
name:
- apt-transport-https
- ca-certificates
@@ -10,7 +11,6 @@
- gnupg-agent
- lsb-release
- software-properties-common
- state: present
- name: docker repo key
apt_key:
@@ -26,8 +26,8 @@
- name: docker install
apt:
force_apt_get: true
+ install_recommends: false
name: docker-ce
- state: present
- name: docker service
systemd:
@@ -38,8 +38,8 @@
- name: netcapture install
apt:
force_apt_get: true
+ install_recommends: false
name: python3-miris-netcapture
- state: present
- name: netcapture config
template:
@@ -67,7 +67,18 @@
recurse: true
state: directory
-# TODO: add fail2ban ?
-# TODO: add firewall
+# FIREWALL
+
+- name: firewall
+ when: netcapture_firewall_enabled
+ vars:
+ ferm_rules_filename: "{{ netcapture_ferm_rules_filename }}"
+ ferm_input_rules: "{{ netcapture_ferm_input_rules }}"
+ ferm_output_rules: "{{ netcapture_ferm_output_rules }}"
+ ferm_global_settings: "{{ netcapture_ferm_global_settings }}"
+ include_role:
+ name: ferm
+
+- meta: flush_handlers
...
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index ff57ed21..c6ed9c16 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -8,11 +8,11 @@ network_packages:
- network-manager
- python3-dbus
-network_ip: "{{ lookup('env', 'NETWORK_IP') | ipaddr }}"
-network_mask: "{{ lookup('env', 'NETWORK_MASK') }}"
+network_ip: "{{ envsetup_network_ip | d() }}"
+network_mask: "{{ envsetup_network_mask | d() }}"
network_ip_mask: "{{ network_ip }}/{{ network_mask }}"
network_ip_mask_cidr: "{{ network_ip_mask | ipaddr }}"
-network_gateway: "{{ lookup('env', 'NETWORK_GATEWAY') | ipaddr }}"
-network_dns: "{{ lookup('env', 'NETWORK_DNS').split(',') | ipaddr }}"
+network_gateway: "{{ envsetup_network_gateway | d() }}"
+network_dns: "{{ envsetup_network_dns.split(',') | d() }}"
...
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 8a37b81d..da207faf 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -9,20 +9,10 @@
- network_dns | d(false)
block:
- # Was needed when using ifupdown but probably not with network-manager
- # - name: prevent dhclient to erase dns config
- # copy:
- # dest: /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
- # mode: 0755
- # content: |
- # #!/bin/sh
- # make_resolv_conf() {
- # :
- # }
-
- name: packages
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ network_packages }}"
state: present
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index 7946e67a..ce0f4ece 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -5,8 +5,6 @@ nginx_packages:
- uwsgi
- uwsgi-plugin-python3
-nginx_server_name:
-
nginx_ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
nginx_ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
index 38fab58a..b7774856 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@@ -1,7 +1,7 @@
---
- name: restart nginx
- service:
+ systemd:
name: nginx
state: restarted
diff --git a/roles/nginx/tasks/_certs.yml b/roles/nginx/tasks/_certs.yml
deleted file mode 100644
index 5a734831..00000000
--- a/roles/nginx/tasks/_certs.yml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-
-- name: nginx check old ssl conf exists
- register: nginx_old_ssl_conf
- stat:
- path: /etc/nginx/conf.d/ssl.conf
-
-- name: nginx migrate old ssl certificate conf
- when: nginx_old_ssl_conf.stat.exists
- notify: restart nginx
- loop:
- - grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
- - mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
- command: "{{ item }}"
-
-- name: nginx check ssl cert conf exists
- register: nginx_ssl_cert_conf
- stat:
- path: /etc/nginx/conf.d/ssl_certificate.conf
-
-- name: nginx update ssl certificate conf
- when:
- - nginx_ssl_cert_conf.stat.exists
- - nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
- notify: restart nginx
- lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
- line: 'ssl_certificate {{ nginx_ssl_certificate }};'
-
-- name: nginx update ssl certificate key conf
- when:
- - nginx_ssl_cert_conf.stat.exists
- - nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
- notify: restart nginx
- lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
- line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
-
-...
diff --git a/roles/nginx/tasks/_config.yml b/roles/nginx/tasks/_config.yml
deleted file mode 100644
index d227f3ca..00000000
--- a/roles/nginx/tasks/_config.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-- name: nginx remove default vhost
- notify: restart nginx
- loop:
- - /etc/nginx/sites-enabled/default
- - /etc/nginx/sites-enabled/default.conf
- file:
- path: "{{ item }}"
- state: absent
-
-...
diff --git a/roles/nginx/tasks/_install.yml b/roles/nginx/tasks/_install.yml
deleted file mode 100644
index a251408c..00000000
--- a/roles/nginx/tasks/_install.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: remove apache
- apt:
- force_apt_get: true
- name: apache2
- state: absent
-
-- name: nginx install
- apt:
- force_apt_get: true
- install_recommends: false
- name: "{{ nginx_packages }}"
- state: present
-
-...
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 39541abd..f9dfdeb3 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,13 +1,58 @@
---
-- include_tasks: _install.yml
-- include_tasks: _config.yml
-- include_tasks: _certs.yml
-
-- name: ensure nginx is running
- service:
- name: nginx
- enabled: true
- state: started
+- name: nginx install
+ apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ nginx_packages }}"
+ state: present
+
+- name: nginx remove default vhost
+ notify: restart nginx
+ loop:
+ - /etc/nginx/sites-enabled/default
+ - /etc/nginx/sites-enabled/default.conf
+ file:
+ path: "{{ item }}"
+ state: absent
+
+- name: nginx check old ssl conf exists
+ register: nginx_old_ssl_conf
+ stat:
+ path: /etc/nginx/conf.d/ssl.conf
+
+- name: nginx migrate old ssl certificate conf
+ when: nginx_old_ssl_conf.stat.exists
+ notify: restart nginx
+ loop:
+ - grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
+ - mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
+ command:
+ cmd: "{{ item }}"
+
+- name: nginx check ssl cert conf exists
+ register: nginx_ssl_cert_conf
+ stat:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+
+- name: nginx update ssl certificate conf
+ when:
+ - nginx_ssl_cert_conf.stat.exists
+ - nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+ notify: restart nginx
+ lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
+ line: 'ssl_certificate {{ nginx_ssl_certificate }};'
+
+- name: nginx update ssl certificate key conf
+ when:
+ - nginx_ssl_cert_conf.stat.exists
+ - nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
+ notify: restart nginx
+ lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
+ line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
...
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index f3e4fd2c..071de3bd 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -1,37 +1,23 @@
---
- name: ansible postgresql requirements install
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
apt:
force_apt_get: true
install_recommends: false
name: python3-psycopg2
- state: present
- name: postgresql install
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
apt:
force_apt_get: true
install_recommends: false
name: postgresql
- state: present
- name: ensure postgresql is running
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
service:
name: postgresql
state: started
- name: postgresql set superuser password
- when:
- - postgres_host == "127.0.0.1" or postgres_host == "localhost"
- - postgres_port == "5432"
become: true
become_user: postgres
postgresql_user:
@@ -50,4 +36,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml
index 58885b8c..f68cb012 100644
--- a/roles/proxy/tasks/main.yml
+++ b/roles/proxy/tasks/main.yml
@@ -39,8 +39,8 @@
- name: install git
apt:
force_apt_get: true
+ install_recommends: false
name: git
- state: present
- name: git
loop:
diff --git a/roles/python/tasks/main.yml b/roles/python/tasks/main.yml
deleted file mode 100644
index 829083ea..00000000
--- a/roles/python/tasks/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-- name: install python3
- register: python_install
- changed_when:
- - "'doing' in python_install.stdout_lines"
- - "'pass' not in python_install.stdout_lines"
- loop:
- - command -v python3 || ( command -v yum && echo doing && yum install -y epel-release && yum install -y python36 ) || echo pass
- - command -v python3 || ( command -v apt && echo doing && apt update && apt install -y python3-minimal python3-apt ) || echo pass
- raw: "{{ item }}"
-
-...
diff --git a/roles/wowza/meta/main.yml b/roles/wowza/meta/main.yml
new file mode 100644
index 00000000..e45d692a
--- /dev/null
+++ b/roles/wowza/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: base
+
+...
diff --git a/roles/wowza/tasks/main.yml b/roles/wowza/tasks/main.yml
index e01a168e..b538a833 100644
--- a/roles/wowza/tasks/main.yml
+++ b/roles/wowza/tasks/main.yml
@@ -3,8 +3,8 @@
- name: install wowza requirements
apt:
force_apt_get: true
+ install_recommends: false
name: "{{ wowza_requirements }}"
- state: "present"
- name: install wowza
apt:
@@ -119,4 +119,6 @@
include_role:
name: ferm
+- meta: flush_handlers
+
...
diff --git a/site.yml b/site.yml
index 4979459e..64036c60 100755
--- a/site.yml
+++ b/site.yml
@@ -1,68 +1,34 @@
#!/usr/bin/env ansible-playbook
---
-- import_playbook: playbooks/includes/python.yml
- tags:
- - always
-- import_playbook: playbooks/includes/check_docker.yml
- tags:
- - always
-- import_playbook: playbooks/includes/conf.yml
- tags:
- - always
- - conf
-- import_playbook: playbooks/includes/init.yml
- tags:
- - init
-- import_playbook: playbooks/includes/base.yml
- tags:
- - base
-- import_playbook: playbooks/includes/cluster.yml
- tags:
- - cluster
+- name: PYTHON
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: ensure python3 is installed
+ register: python_install
+ changed_when: "'es_pyinstall' in python_install.stdout_lines"
+ raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt
-- import_playbook: playbooks/includes/postgres.yml
- tags:
- - postgres
- - monitor
- - manager
- - server
-- import_playbook: playbooks/includes/monitor.yml
- tags:
- - monitor
-- import_playbook: playbooks/includes/manager.yml
- tags:
- - manager
-- import_playbook: playbooks/includes/wowza.yml
- tags:
- - wowza
-- import_playbook: playbooks/includes/celerity.yml
- tags:
- - celerity
-- import_playbook: playbooks/includes/worker.yml
- tags:
- - worker
-- import_playbook: playbooks/includes/server.yml
- tags:
- - server
-- import_playbook: playbooks/includes/vault.yml
- tags:
- - vault
-- import_playbook: playbooks/includes/import.yml
- tags:
- - import
-- import_playbook: playbooks/includes/netcapture.yml
- tags:
- - netcapture
-
-- import_playbook: playbooks/includes/certificates.yml
- tags:
- - certificates
- - monitor
- - manager
- - server
-- import_playbook: playbooks/includes/network.yml
- tags:
- - network
+- import_playbook: playbooks/postgres.yml
+ tags: postgres
+- import_playbook: playbooks/msmonitor.yml
+ tags: monitor
+- import_playbook: playbooks/mirismanager.yml
+ tags: manager
+- import_playbook: playbooks/wowza.yml
+ tags: wowza
+- import_playbook: playbooks/celerity.yml
+ tags: celerity
+- import_playbook: playbooks/mediaworker.yml
+ tags: worker
+- import_playbook: playbooks/mediaserver.yml
+ tags: server
+- import_playbook: playbooks/mediavault.yml
+ tags: vault
+- import_playbook: playbooks/mediaimport.yml
+ tags: import
+- import_playbook: playbooks/netcapture.yml
+ tags: netcapture
...
--
GitLab