Compare commits
No commits in common. "704a1aaba153c566af57ccc680466ec907bce405" and "57981fdd96605cf92c605d4ce58546bb80f4d162" have entirely different histories.
704a1aaba1
...
57981fdd96
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,3 +1 @@
|
|||||||
.vagrant
|
.vagrant
|
||||||
hosts.ini
|
|
||||||
ubuntu-bionic-18.04-cloudimg-console.log
|
|
@ -2,8 +2,6 @@
|
|||||||
|
|
||||||
Playbooks for (relatively) easy sysadmin!
|
Playbooks for (relatively) easy sysadmin!
|
||||||
|
|
||||||
ansible-galaxy install -r requirements.yml
|
|
||||||
|
|
||||||
## With Vagrant
|
## With Vagrant
|
||||||
1. Install Vagrant
|
1. Install Vagrant
|
||||||
2. `vagrant up`
|
2. `vagrant up`
|
||||||
|
72
Vagrantfile
vendored
Normal file
72
Vagrantfile
vendored
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||||
|
# configures the configuration version (we support older styles for
|
||||||
|
# backwards compatibility). Please don't change it unless you know what
|
||||||
|
# you're doing.
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
# The most common configuration options are documented and commented below.
|
||||||
|
# For a complete reference, please see the online documentation at
|
||||||
|
# https://docs.vagrantup.com.
|
||||||
|
|
||||||
|
# Every Vagrant development environment requires a box. You can search for
|
||||||
|
# boxes at https://vagrantcloud.com/search.
|
||||||
|
config.vm.box = "ubuntu/bionic64"
|
||||||
|
|
||||||
|
# Disable automatic box update checking. If you disable this, then
|
||||||
|
# boxes will only be checked for updates when the user runs
|
||||||
|
# `vagrant box outdated`. This is not recommended.
|
||||||
|
# config.vm.box_check_update = false
|
||||||
|
|
||||||
|
# Create a forwarded port mapping which allows access to a specific port
|
||||||
|
# within the machine from a port on the host machine. In the example below,
|
||||||
|
# accessing "localhost:8080" will access port 80 on the guest machine.
|
||||||
|
# NOTE: This will enable public access to the opened port
|
||||||
|
# config.vm.network "forwarded_port", guest: 80, host: 8080
|
||||||
|
|
||||||
|
# Create a forwarded port mapping which allows access to a specific port
|
||||||
|
# within the machine from a port on the host machine and only allow access
|
||||||
|
# via 127.0.0.1 to disable public access
|
||||||
|
config.vm.network "forwarded_port", guest: 8008, host: 8008, host_ip: "127.0.0.1"
|
||||||
|
config.vm.network "forwarded_port", guest: 8448, host: 8448, host_ip: "127.0.0.1"
|
||||||
|
config.vm.network "forwarded_port", guest: 443, host: 443, host_ip: "127.0.0.1"
|
||||||
|
|
||||||
|
# Create a private network, which allows host-only access to the machine
|
||||||
|
# using a specific IP.
|
||||||
|
config.vm.network "private_network", ip: "192.168.33.10"
|
||||||
|
|
||||||
|
# Create a public network, which generally matched to bridged network.
|
||||||
|
# Bridged networks make the machine appear as another physical device on
|
||||||
|
# your network.
|
||||||
|
# config.vm.network "public_network"
|
||||||
|
|
||||||
|
# Share an additional folder to the guest VM. The first argument is
|
||||||
|
# the path on the host to the actual folder. The second argument is
|
||||||
|
# the path on the guest to mount the folder. And the optional third
|
||||||
|
# argument is a set of non-required options.
|
||||||
|
# config.vm.synced_folder "../data", "/vagrant_data"
|
||||||
|
|
||||||
|
# Provider-specific configuration so you can fine-tune various
|
||||||
|
# backing providers for Vagrant. These expose provider-specific options.
|
||||||
|
# Example for VirtualBox:
|
||||||
|
#
|
||||||
|
config.vm.provider "virtualbox" do |vb|
|
||||||
|
# Display the VirtualBox GUI when booting the machine
|
||||||
|
# vb.gui = true
|
||||||
|
|
||||||
|
# Customize the amount of memory on the VM:
|
||||||
|
vb.memory = "4096"
|
||||||
|
end
|
||||||
|
#
|
||||||
|
# View the documentation for the provider you are using for more
|
||||||
|
# information on available options.
|
||||||
|
|
||||||
|
# Enable provisioning with a shell script. Additional provisioners such as
|
||||||
|
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
||||||
|
# documentation for more information about their specific syntax and use.
|
||||||
|
# config.vm.provision "shell", inline: <<-SHELL
|
||||||
|
# apt-get update
|
||||||
|
# apt-get install -y apache2
|
||||||
|
# SHELL
|
||||||
|
end
|
3
certificate.yml
Normal file
3
certificate.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Correctly setup Let's Encrypt certificate renewal
|
||||||
|
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html
|
||||||
|
# https://github.com/geerlingguy/ansible-role-certbot
|
3
group_vars/all/vars.yml
Normal file
3
group_vars/all/vars.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
synapse_dbname: synapse
|
||||||
|
synapse_dbuser: synapse_db
|
||||||
|
synapse_dbpw: synapse_db
|
@ -1 +1 @@
|
|||||||
sonic-preprod ansible_connection=ssh ansible_user=root ansible_password=rootroot ansible_host=192.168.42.4 ansible_become=yes
|
synapse ansible_user=vagrant ansible_host="127.0.0.1" ansible_port="2222" ansible_ssh_private_key_file=".vagrant/machines/default/virtualbox/private_key" ansible_become=yes
|
17
main.yml
17
main.yml
@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts:
|
|
||||||
- sonic-preprod
|
|
||||||
handlers:
|
|
||||||
- name: reboot
|
|
||||||
reboot:
|
|
||||||
|
|
||||||
pre_tasks:
|
|
||||||
- apt:
|
|
||||||
update_cache: yes
|
|
||||||
# - apt:
|
|
||||||
# name: python-pip
|
|
||||||
# roles:
|
|
||||||
# - geerlingguy.pip
|
|
||||||
|
|
||||||
# - import_playbook: nginx-certbot.yml
|
|
||||||
- import_playbook: matrix.yml
|
|
@ -1,11 +0,0 @@
|
|||||||
# https://github.com/tulir/mautrix-telegram/wiki/Bridge-setup-with-Docker
|
|
||||||
|
|
||||||
# version: "3.7"
|
|
||||||
|
|
||||||
# services:
|
|
||||||
# mautrix-telegram:
|
|
||||||
# container_name: mautrix-telegram
|
|
||||||
# image: dock.mau.dev/tulir/mautrix-telegram:<version>
|
|
||||||
# restart: unless-stopped
|
|
||||||
# volumes:
|
|
||||||
# - .:/data
|
|
41
matrix.yml
41
matrix.yml
@ -1,41 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: synapse
|
|
||||||
# todo: create user for synapse
|
|
||||||
vars:
|
|
||||||
matrix_synapse_version: "v1.5.1-py3"
|
|
||||||
# matrix_synapse_version: "v1.5.1"
|
|
||||||
matrix_server_name: matrix-sonic-beta.local
|
|
||||||
matrix_bind_address: "192.168.42.4"
|
|
||||||
|
|
||||||
matrix_synapse_pg_host: synapse-postgres # does it need to be an IP?
|
|
||||||
matrix_synapse_db_name: psycopg2
|
|
||||||
matrix_synapse_pg_user: "synapse"
|
|
||||||
matrix_synapse_pg_pass: "pomme"
|
|
||||||
matrix_synapse_pg_db: "synapse"
|
|
||||||
matrix_registration_shared_secret: "xxxxx"
|
|
||||||
matrix_synapse_report_stats: false
|
|
||||||
matrix_synapse_config_path: "/etc/matrix-synapse/homeserver.yaml"
|
|
||||||
|
|
||||||
# to implement
|
|
||||||
# matrix_no_tls: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
# - docker_volume:
|
|
||||||
# name: synapse-data
|
|
||||||
|
|
||||||
- template:
|
|
||||||
src: templates/synapse_homeserver.yaml.j2
|
|
||||||
dest: {{ matrix_synapse_config_path }}
|
|
||||||
|
|
||||||
- template:
|
|
||||||
src: templates/docker-compose-matrix.yml.j2
|
|
||||||
dest: /etc/docker/docker-compose.yml
|
|
||||||
|
|
||||||
- name: Create and start matrix services
|
|
||||||
docker_compose:
|
|
||||||
project_src: matrix
|
|
||||||
register: output
|
|
||||||
|
|
||||||
|
|
||||||
# uploads_path: "/var/lib/matrix-synapse/uploads"
|
|
||||||
# media_store_path: "/var/lib/matrix-synapse/media"
|
|
1
nextcloud.yml
Normal file
1
nextcloud.yml
Normal file
@ -0,0 +1 @@
|
|||||||
|
# Nextcloud with Calendar, Notes and Kanban enabled.
|
21
postgres.yml
Normal file
21
postgres.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
- hosts: synapse
|
||||||
|
tasks:
|
||||||
|
- pip:
|
||||||
|
name: psycopg2
|
||||||
|
state: present
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.postgresql
|
||||||
|
postgresql_databases:
|
||||||
|
- name: "{{ synapse_dbname }}"
|
||||||
|
postgresql_users:
|
||||||
|
- name: "{{ synapse_dbuser }}"
|
||||||
|
password: "{{ synapse_dbpw }}"
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: listen_addresses
|
||||||
|
value: "*"
|
||||||
|
|
||||||
|
|
||||||
|
# username: "postgres",
|
||||||
|
# password: "postgres",
|
||||||
|
# database: "imago_dev",
|
||||||
|
# hostname: "localhost",
|
@ -1,8 +1,6 @@
|
|||||||
# from galaxy
|
# from galaxy
|
||||||
# - src: geerlingguy.pip
|
- src: geerlingguy.pip
|
||||||
# - src: geerlingguy.postgresql
|
- src: geerlingguy.postgresql
|
||||||
# - src: https://github.com/geerlingguy/ansible-role-certbot
|
|
||||||
# scm: git
|
|
||||||
|
|
||||||
# from GitHub, overriding the name and specifying a specific tag
|
# from GitHub, overriding the name and specifying a specific tag
|
||||||
# - src: https://github.com/bennojoy/nginx
|
# - src: https://github.com/bennojoy/nginx
|
||||||
@ -15,6 +13,6 @@
|
|||||||
|
|
||||||
|
|
||||||
# from GitLab or other git-based scm, using git+ssh
|
# from GitLab or other git-based scm, using git+ssh
|
||||||
# - src: https://gitlab.com/famedly/ansible/synapse
|
- src: https://gitlab.com/famedly/ansible/synapse
|
||||||
# scm: git
|
scm: git
|
||||||
# version: "0.1" # quoted, so YAML doesn't parse this as a floating-point value
|
# version: "0.1" # quoted, so YAML doesn't parse this as a floating-point value
|
||||||
|
3
roles/geerlingguy.pip/.gitignore
vendored
Normal file
3
roles/geerlingguy.pip/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
*.retry
|
||||||
|
*/__pycache__
|
||||||
|
*.pyc
|
29
roles/geerlingguy.pip/.travis.yml
Normal file
29
roles/geerlingguy.pip/.travis.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
language: python
|
||||||
|
services: docker
|
||||||
|
|
||||||
|
env:
|
||||||
|
global:
|
||||||
|
- ROLE_NAME: pip
|
||||||
|
matrix:
|
||||||
|
- MOLECULE_DISTRO: centos7
|
||||||
|
- MOLECULE_DISTRO: fedora29
|
||||||
|
- MOLECULE_DISTRO: ubuntu1804
|
||||||
|
- MOLECULE_DISTRO: debian9
|
||||||
|
|
||||||
|
install:
|
||||||
|
# Install test dependencies.
|
||||||
|
- pip install molecule docker
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
# Use actual Ansible Galaxy role name for the project directory.
|
||||||
|
- cd ../
|
||||||
|
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
|
||||||
|
- cd geerlingguy.$ROLE_NAME
|
||||||
|
|
||||||
|
script:
|
||||||
|
# Run tests.
|
||||||
|
- molecule test
|
||||||
|
|
||||||
|
notifications:
|
||||||
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
20
roles/geerlingguy.pip/LICENSE
Normal file
20
roles/geerlingguy.pip/LICENSE
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2017 Jeff Geerling
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||||
|
subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
76
roles/geerlingguy.pip/README.md
Normal file
76
roles/geerlingguy.pip/README.md
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
# Ansible Role: Pip (for Python)
|
||||||
|
|
||||||
|
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pip.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pip)
|
||||||
|
|
||||||
|
An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
|
pip_package: python-pip
|
||||||
|
|
||||||
|
The name of the packge to install to get `pip` on the system. You can set to `python3-pip`, for example, when using Python 3 on Ubuntu.
|
||||||
|
|
||||||
|
pip_executable: pip
|
||||||
|
|
||||||
|
The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
|
||||||
|
|
||||||
|
pip_install_packages: []
|
||||||
|
|
||||||
|
A list of packages to install with pip. Examples below:
|
||||||
|
|
||||||
|
pip_install_packages:
|
||||||
|
# Specify names and versions.
|
||||||
|
- name: docker
|
||||||
|
version: "1.2.3"
|
||||||
|
- name: awscli
|
||||||
|
version: "1.11.91"
|
||||||
|
|
||||||
|
# Or specify bare packages to get the latest release.
|
||||||
|
- docker
|
||||||
|
- awscli
|
||||||
|
|
||||||
|
# Or uninstall a package.
|
||||||
|
- name: docker
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
# Or update a package ot the latest version.
|
||||||
|
- name: docker
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
# Or force a reinstall.
|
||||||
|
- name: docker
|
||||||
|
state: forcereinstall
|
||||||
|
|
||||||
|
# Or install a package in a particular virtualenv.
|
||||||
|
- name: docker
|
||||||
|
virtualenv: /my_app/venv
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
|
||||||
|
vars:
|
||||||
|
pip_install_packages:
|
||||||
|
- name: docker
|
||||||
|
- name: awscli
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.pip
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT / BSD
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
|
6
roles/geerlingguy.pip/defaults/main.yml
Normal file
6
roles/geerlingguy.pip/defaults/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
# For Python 3, use python3-pip.
|
||||||
|
pip_package: python-pip
|
||||||
|
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
|
||||||
|
|
||||||
|
pip_install_packages: []
|
2
roles/geerlingguy.pip/meta/.galaxy_install_info
Normal file
2
roles/geerlingguy.pip/meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
install_date: Tue Sep 24 09:13:41 2019
|
||||||
|
version: 1.3.0
|
30
roles/geerlingguy.pip/meta/main.yml
Normal file
30
roles/geerlingguy.pip/meta/main.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
dependencies: []
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: geerlingguy
|
||||||
|
description: Pip (Python package manager) for Linux.
|
||||||
|
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
|
||||||
|
company: "Midwestern Mac, LLC"
|
||||||
|
license: "license (BSD, MIT)"
|
||||||
|
min_ansible_version: 2.0
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Fedora
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
galaxy_tags:
|
||||||
|
- system
|
||||||
|
- server
|
||||||
|
- packaging
|
||||||
|
- python
|
||||||
|
- pip
|
||||||
|
- tools
|
29
roles/geerlingguy.pip/molecule/default/molecule.yml
Normal file
29
roles/geerlingguy.pip/molecule/default/molecule.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
lint:
|
||||||
|
name: yamllint
|
||||||
|
options:
|
||||||
|
config-file: molecule/default/yaml-lint.yml
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
||||||
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
playbooks:
|
||||||
|
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
|
||||||
|
scenario:
|
||||||
|
name: default
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
20
roles/geerlingguy.pip/molecule/default/playbook.yml
Normal file
20
roles/geerlingguy.pip/molecule/default/playbook.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
pip_install_packages:
|
||||||
|
# Test installing a specific version of a package.
|
||||||
|
- name: ipaddress
|
||||||
|
version: "1.0.18"
|
||||||
|
# Test installing a package by name.
|
||||||
|
- colorama
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Update apt cache.
|
||||||
|
apt: update_cache=true cache_valid_time=600
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.pip
|
14
roles/geerlingguy.pip/molecule/default/tests/test_default.py
Normal file
14
roles/geerlingguy.pip/molecule/default/tests/test_default.py
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
import os
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||||
|
|
||||||
|
|
||||||
|
def test_hosts_file(host):
|
||||||
|
f = host.file('/etc/hosts')
|
||||||
|
|
||||||
|
assert f.exists
|
||||||
|
assert f.user == 'root'
|
||||||
|
assert f.group == 'root'
|
6
roles/geerlingguy.pip/molecule/default/yaml-lint.yml
Normal file
6
roles/geerlingguy.pip/molecule/default/yaml-lint.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
extends: default
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 120
|
||||||
|
level: warning
|
14
roles/geerlingguy.pip/tasks/main.yml
Normal file
14
roles/geerlingguy.pip/tasks/main.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure Pip is installed.
|
||||||
|
package:
|
||||||
|
name: "{{ pip_package }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure pip_install_packages are installed.
|
||||||
|
pip:
|
||||||
|
name: "{{ item.name | default(item) }}"
|
||||||
|
version: "{{ item.version | default(omit) }}"
|
||||||
|
virtualenv: "{{ item.virtualenv | default(omit) }}"
|
||||||
|
state: "{{ item.state | default(omit) }}"
|
||||||
|
executable: "{{ pip_executable }}"
|
||||||
|
with_items: "{{ pip_install_packages }}"
|
3
roles/geerlingguy.postgresql/.ansible-lint
Normal file
3
roles/geerlingguy.postgresql/.ansible-lint
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
skip_list:
|
||||||
|
- '405'
|
||||||
|
- '503'
|
3
roles/geerlingguy.postgresql/.gitignore
vendored
Normal file
3
roles/geerlingguy.postgresql/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
*.retry
|
||||||
|
*/__pycache__
|
||||||
|
*.pyc
|
31
roles/geerlingguy.postgresql/.travis.yml
Normal file
31
roles/geerlingguy.postgresql/.travis.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
language: python
|
||||||
|
services: docker
|
||||||
|
|
||||||
|
env:
|
||||||
|
global:
|
||||||
|
- ROLE_NAME: postgresql
|
||||||
|
matrix:
|
||||||
|
- MOLECULE_DISTRO: centos7
|
||||||
|
- MOLECULE_DISTRO: fedora30
|
||||||
|
- MOLECULE_DISTRO: ubuntu1804
|
||||||
|
- MOLECULE_DISTRO: ubuntu1604
|
||||||
|
- MOLECULE_DISTRO: debian10
|
||||||
|
- MOLECULE_DISTRO: debian9
|
||||||
|
|
||||||
|
install:
|
||||||
|
# Install test dependencies.
|
||||||
|
- pip install molecule docker
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
# Use actual Ansible Galaxy role name for the project directory.
|
||||||
|
- cd ../
|
||||||
|
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
|
||||||
|
- cd geerlingguy.$ROLE_NAME
|
||||||
|
|
||||||
|
script:
|
||||||
|
# Run tests.
|
||||||
|
- molecule test
|
||||||
|
|
||||||
|
notifications:
|
||||||
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
20
roles/geerlingguy.postgresql/LICENSE
Normal file
20
roles/geerlingguy.postgresql/LICENSE
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2017 Jeff Geerling
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||||
|
subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
145
roles/geerlingguy.postgresql/README.md
Normal file
145
roles/geerlingguy.postgresql/README.md
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
# Ansible Role: PostgreSQL
|
||||||
|
|
||||||
|
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postgresql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postgresql)
|
||||||
|
|
||||||
|
Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
|
||||||
|
|
||||||
|
- hosts: database
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.postgresql
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
|
postgresql_enablerepo: ""
|
||||||
|
|
||||||
|
(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here.
|
||||||
|
|
||||||
|
postgresql_restarted_state: "restarted"
|
||||||
|
|
||||||
|
Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`.
|
||||||
|
|
||||||
|
postgresql_python_library: python-psycopg2
|
||||||
|
|
||||||
|
Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`.
|
||||||
|
|
||||||
|
postgresql_user: postgres
|
||||||
|
postgresql_group: postgres
|
||||||
|
|
||||||
|
The user and group under which PostgreSQL will run.
|
||||||
|
|
||||||
|
postgresql_unix_socket_directories:
|
||||||
|
- /var/run/postgresql
|
||||||
|
|
||||||
|
The directories (usually one, but can be multiple) where PostgreSQL's socket will be created.
|
||||||
|
|
||||||
|
postgresql_service_state: started
|
||||||
|
postgresql_service_enabled: true
|
||||||
|
|
||||||
|
Control the state of the postgresql service and whether it should start at boot time.
|
||||||
|
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: unix_socket_directories
|
||||||
|
value: '{{ postgresql_unix_socket_directories | join(",") }}'
|
||||||
|
|
||||||
|
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
|
||||||
|
|
||||||
|
postgresql_hba_entries:
|
||||||
|
- { type: local, database: all, user: postgres, auth_method: peer }
|
||||||
|
- { type: local, database: all, user: all, auth_method: peer }
|
||||||
|
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
|
||||||
|
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
|
||||||
|
|
||||||
|
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
|
||||||
|
|
||||||
|
- `type` (required)
|
||||||
|
- `database` (required)
|
||||||
|
- `user` (required)
|
||||||
|
- `address` (one of this or the following two are required)
|
||||||
|
- `ip_address`
|
||||||
|
- `ip_mask`
|
||||||
|
- `auth_method` (required)
|
||||||
|
- `auth_options` (optional)
|
||||||
|
|
||||||
|
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
|
||||||
|
|
||||||
|
postgresql_locales:
|
||||||
|
- 'en_US.UTF-8'
|
||||||
|
|
||||||
|
(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases.
|
||||||
|
|
||||||
|
postgresql_databases:
|
||||||
|
- name: exampledb # required; the rest are optional
|
||||||
|
lc_collate: # defaults to 'en_US.UTF-8'
|
||||||
|
lc_ctype: # defaults to 'en_US.UTF-8'
|
||||||
|
encoding: # defaults to 'UTF-8'
|
||||||
|
template: # defaults to 'template0'
|
||||||
|
login_host: # defaults to 'localhost'
|
||||||
|
login_password: # defaults to not set
|
||||||
|
login_user: # defaults to 'postgresql_user'
|
||||||
|
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
|
||||||
|
port: # defaults to not set
|
||||||
|
owner: # defaults to postgresql_user
|
||||||
|
state: # defaults to 'present'
|
||||||
|
|
||||||
|
A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional.
|
||||||
|
|
||||||
|
postgresql_users:
|
||||||
|
- name: jdoe #required; the rest are optional
|
||||||
|
password: # defaults to not set
|
||||||
|
encrypted: # defaults to not set
|
||||||
|
priv: # defaults to not set
|
||||||
|
role_attr_flags: # defaults to not set
|
||||||
|
db: # defaults to not set
|
||||||
|
login_host: # defaults to 'localhost'
|
||||||
|
login_password: # defaults to not set
|
||||||
|
login_user: # defaults to '{{ postgresql_user }}'
|
||||||
|
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
|
||||||
|
port: # defaults to not set
|
||||||
|
state: # defaults to 'present'
|
||||||
|
|
||||||
|
A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional.
|
||||||
|
|
||||||
|
postgresql_version: [OS-specific]
|
||||||
|
postgresql_data_dir: [OS-specific]
|
||||||
|
postgresql_bin_path: [OS-specific]
|
||||||
|
postgresql_config_path: [OS-specific]
|
||||||
|
postgresql_daemon: [OS-specific]
|
||||||
|
postgresql_packages: [OS-specific]
|
||||||
|
|
||||||
|
OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages.
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
- hosts: database
|
||||||
|
become: yes
|
||||||
|
vars_files:
|
||||||
|
- vars/main.yml
|
||||||
|
roles:
|
||||||
|
- geerlingguy.postgresql
|
||||||
|
|
||||||
|
*Inside `vars/main.yml`*:
|
||||||
|
|
||||||
|
postgresql_databases:
|
||||||
|
- name: example_db
|
||||||
|
postgresql_users:
|
||||||
|
- name: example_user
|
||||||
|
password: supersecure
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT / BSD
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
|
64
roles/geerlingguy.postgresql/defaults/main.yml
Normal file
64
roles/geerlingguy.postgresql/defaults/main.yml
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
# RHEL/CentOS only. Set a repository to use for PostgreSQL installation.
|
||||||
|
postgresql_enablerepo: ""
|
||||||
|
|
||||||
|
# Set postgresql state when configuration changes are made. Recommended values:
|
||||||
|
# `restarted` or `reloaded`
|
||||||
|
postgresql_restarted_state: "restarted"
|
||||||
|
|
||||||
|
postgresql_python_library: python-psycopg2
|
||||||
|
postgresql_user: postgres
|
||||||
|
postgresql_group: postgres
|
||||||
|
|
||||||
|
postgresql_unix_socket_directories:
|
||||||
|
- /var/run/postgresql
|
||||||
|
|
||||||
|
postgresql_service_state: started
|
||||||
|
postgresql_service_enabled: true
|
||||||
|
|
||||||
|
# Global configuration options that will be set in postgresql.conf.
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: unix_socket_directories
|
||||||
|
value: '{{ postgresql_unix_socket_directories | join(",") }}'
|
||||||
|
|
||||||
|
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
|
||||||
|
# variable's defaults reflect the defaults that come with a fresh installation.
|
||||||
|
postgresql_hba_entries:
|
||||||
|
- {type: local, database: all, user: postgres, auth_method: peer}
|
||||||
|
- {type: local, database: all, user: all, auth_method: peer}
|
||||||
|
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
|
||||||
|
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
|
||||||
|
|
||||||
|
# Debian only. Used to generate the locales used by PostgreSQL databases.
|
||||||
|
postgresql_locales:
|
||||||
|
- 'en_US.UTF-8'
|
||||||
|
|
||||||
|
# Databases to ensure exist.
|
||||||
|
postgresql_databases: []
|
||||||
|
# - name: exampledb # required; the rest are optional
|
||||||
|
# lc_collate: # defaults to 'en_US.UTF-8'
|
||||||
|
# lc_ctype: # defaults to 'en_US.UTF-8'
|
||||||
|
# encoding: # defaults to 'UTF-8'
|
||||||
|
# template: # defaults to 'template0'
|
||||||
|
# login_host: # defaults to 'localhost'
|
||||||
|
# login_password: # defaults to not set
|
||||||
|
# login_user: # defaults to '{{ postgresql_user }}'
|
||||||
|
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
|
||||||
|
# port: # defaults to not set
|
||||||
|
# owner: # defaults to postgresql_user
|
||||||
|
# state: # defaults to 'present'
|
||||||
|
|
||||||
|
# Users to ensure exist.
|
||||||
|
postgresql_users: []
|
||||||
|
# - name: jdoe #required; the rest are optional
|
||||||
|
# password: # defaults to not set
|
||||||
|
# encrypted: # defaults to not set
|
||||||
|
# priv: # defaults to not set
|
||||||
|
# role_attr_flags: # defaults to not set
|
||||||
|
# db: # defaults to not set
|
||||||
|
# login_host: # defaults to 'localhost'
|
||||||
|
# login_password: # defaults to not set
|
||||||
|
# login_user: # defaults to '{{ postgresql_user }}'
|
||||||
|
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
|
||||||
|
# port: # defaults to not set
|
||||||
|
# state: # defaults to 'present'
|
6
roles/geerlingguy.postgresql/handlers/main.yml
Normal file
6
roles/geerlingguy.postgresql/handlers/main.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: restart postgresql
|
||||||
|
service:
|
||||||
|
name: "{{ postgresql_daemon }}"
|
||||||
|
state: "{{ postgresql_restarted_state }}"
|
||||||
|
sleep: 5
|
2
roles/geerlingguy.postgresql/meta/.galaxy_install_info
Normal file
2
roles/geerlingguy.postgresql/meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
install_date: Tue Sep 24 09:13:46 2019
|
||||||
|
version: 2.0.0
|
33
roles/geerlingguy.postgresql/meta/main.yml
Normal file
33
roles/geerlingguy.postgresql/meta/main.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
dependencies: []
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: geerlingguy
|
||||||
|
description: PostgreSQL server for Linux.
|
||||||
|
company: "Midwestern Mac, LLC"
|
||||||
|
license: "license (BSD, MIT)"
|
||||||
|
min_ansible_version: 2.4
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 6
|
||||||
|
- 7
|
||||||
|
- name: Fedora
|
||||||
|
versions:
|
||||||
|
- 29
|
||||||
|
- 30
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- xenial
|
||||||
|
- bionic
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- wheezy
|
||||||
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
galaxy_tags:
|
||||||
|
- database
|
||||||
|
- postgresql
|
||||||
|
- postgres
|
||||||
|
- rdbms
|
29
roles/geerlingguy.postgresql/molecule/default/molecule.yml
Normal file
29
roles/geerlingguy.postgresql/molecule/default/molecule.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
lint:
|
||||||
|
name: yamllint
|
||||||
|
options:
|
||||||
|
config-file: molecule/default/yaml-lint.yml
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
||||||
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
playbooks:
|
||||||
|
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
|
||||||
|
scenario:
|
||||||
|
name: default
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
46
roles/geerlingguy.postgresql/molecule/default/playbook.yml
Normal file
46
roles/geerlingguy.postgresql/molecule/default/playbook.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
postgresql_databases:
|
||||||
|
- name: example
|
||||||
|
postgresql_users:
|
||||||
|
- name: jdoe
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
# The Fedora 30+ container images have only C.UTF-8 installed
|
||||||
|
- name: Set database locale if using Fedora 30+
|
||||||
|
set_fact:
|
||||||
|
postgresql_databases:
|
||||||
|
- name: example
|
||||||
|
lc_collate: 'C.UTF-8'
|
||||||
|
lc_ctype: 'C.UTF-8'
|
||||||
|
when:
|
||||||
|
- ansible_distribution == 'Fedora'
|
||||||
|
- ansible_distribution_major_version >= '30'
|
||||||
|
|
||||||
|
- name: Update apt cache.
|
||||||
|
apt: update_cache=true cache_valid_time=600
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Set custom variables for old CentOS 6 PostgreSQL install.
|
||||||
|
set_fact:
|
||||||
|
postgresql_hba_entries: []
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: unix_socket_directory
|
||||||
|
value: '{{ postgresql_unix_socket_directories[0] }}'
|
||||||
|
when:
|
||||||
|
- ansible_os_family == 'RedHat'
|
||||||
|
- ansible_distribution_version.split('.')[0] == '6'
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.postgresql
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Verify postgres is running.
|
||||||
|
command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status"
|
||||||
|
changed_when: false
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
extends: default
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 120
|
||||||
|
level: warning
|
28
roles/geerlingguy.postgresql/tasks/configure.yml
Normal file
28
roles/geerlingguy.postgresql/tasks/configure.yml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
- name: Configure global settings.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ postgresql_config_path }}/postgresql.conf"
|
||||||
|
regexp: "^#?{{ item.option }}.+$"
|
||||||
|
line: "{{ item.option }} = '{{ item.value }}'"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
with_items: "{{ postgresql_global_config_options }}"
|
||||||
|
notify: restart postgresql
|
||||||
|
|
||||||
|
- name: Configure host based authentication (if entries are configured).
|
||||||
|
template:
|
||||||
|
src: "pg_hba.conf.j2"
|
||||||
|
dest: "{{ postgresql_config_path }}/pg_hba.conf"
|
||||||
|
owner: "{{ postgresql_user }}"
|
||||||
|
group: "{{ postgresql_group }}"
|
||||||
|
mode: 0600
|
||||||
|
notify: restart postgresql
|
||||||
|
when: postgresql_hba_entries | length > 0
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL unix socket dirs exist.
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ postgresql_user }}"
|
||||||
|
group: "{{ postgresql_group }}"
|
||||||
|
mode: 02775
|
||||||
|
with_items: "{{ postgresql_unix_socket_directories }}"
|
21
roles/geerlingguy.postgresql/tasks/databases.yml
Normal file
21
roles/geerlingguy.postgresql/tasks/databases.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure PostgreSQL databases are present.
|
||||||
|
postgresql_db:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}"
|
||||||
|
lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
|
||||||
|
encoding: "{{ item.encoding | default('UTF-8') }}"
|
||||||
|
template: "{{ item.template | default('template0') }}"
|
||||||
|
login_host: "{{ item.login_host | default('localhost') }}"
|
||||||
|
login_password: "{{ item.login_password | default(omit) }}"
|
||||||
|
login_user: "{{ item.login_user | default(postgresql_user) }}"
|
||||||
|
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
|
||||||
|
port: "{{ item.port | default(omit) }}"
|
||||||
|
owner: "{{ item.owner | default(postgresql_user) }}"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
with_items: "{{ postgresql_databases }}"
|
||||||
|
become: true
|
||||||
|
become_user: "{{ postgresql_user }}"
|
||||||
|
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
|
||||||
|
vars:
|
||||||
|
ansible_ssh_pipelining: true
|
29
roles/geerlingguy.postgresql/tasks/initialize.yml
Normal file
29
roles/geerlingguy.postgresql/tasks/initialize.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
- name: Set PostgreSQL environment variables.
|
||||||
|
template:
|
||||||
|
src: postgres.sh.j2
|
||||||
|
dest: /etc/profile.d/postgres.sh
|
||||||
|
mode: 0644
|
||||||
|
notify: restart postgresql
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL data directory exists.
|
||||||
|
file:
|
||||||
|
path: "{{ postgresql_data_dir }}"
|
||||||
|
owner: "{{ postgresql_user }}"
|
||||||
|
group: "{{ postgresql_group }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Check if PostgreSQL database is initialized.
|
||||||
|
stat:
|
||||||
|
path: "{{ postgresql_data_dir }}/PG_VERSION"
|
||||||
|
register: pgdata_dir_version
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL database is initialized.
|
||||||
|
command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
|
||||||
|
when: not pgdata_dir_version.stat.exists
|
||||||
|
become: true
|
||||||
|
become_user: "{{ postgresql_user }}"
|
||||||
|
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
|
||||||
|
vars:
|
||||||
|
ansible_ssh_pipelining: true
|
23
roles/geerlingguy.postgresql/tasks/main.yml
Normal file
23
roles/geerlingguy.postgresql/tasks/main.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
# Variable configuration.
|
||||||
|
- include_tasks: variables.yml
|
||||||
|
|
||||||
|
# Setup/install tasks.
|
||||||
|
- include_tasks: setup-RedHat.yml
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- include_tasks: setup-Debian.yml
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- include_tasks: initialize.yml
|
||||||
|
- include_tasks: configure.yml
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL is started and enabled on boot.
|
||||||
|
service:
|
||||||
|
name: "{{ postgresql_daemon }}"
|
||||||
|
state: "{{ postgresql_service_state }}"
|
||||||
|
enabled: "{{ postgresql_service_enabled }}"
|
||||||
|
|
||||||
|
# Configure PostgreSQL.
|
||||||
|
- import_tasks: users.yml
|
||||||
|
- import_tasks: databases.yml
|
21
roles/geerlingguy.postgresql/tasks/setup-Debian.yml
Normal file
21
roles/geerlingguy.postgresql/tasks/setup-Debian.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure PostgreSQL Python libraries are installed.
|
||||||
|
apt:
|
||||||
|
name: "{{ postgresql_python_library }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL packages are installed.
|
||||||
|
apt:
|
||||||
|
name: "{{ postgresql_packages }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure all configured locales are present.
|
||||||
|
locale_gen: "name={{ item }} state=present"
|
||||||
|
with_items: "{{ postgresql_locales }}"
|
||||||
|
register: locale_gen_result
|
||||||
|
|
||||||
|
- name: Force-restart PostgreSQL after new locales are generated.
|
||||||
|
service:
|
||||||
|
name: "{{ postgresql_daemon }}"
|
||||||
|
state: restarted
|
||||||
|
when: locale_gen_result.changed
|
16
roles/geerlingguy.postgresql/tasks/setup-RedHat.yml
Normal file
16
roles/geerlingguy.postgresql/tasks/setup-RedHat.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure PostgreSQL packages are installed.
|
||||||
|
yum:
|
||||||
|
name: "{{ postgresql_packages }}"
|
||||||
|
state: present
|
||||||
|
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
|
||||||
|
# Don't let postgresql-contrib cause the /usr/bin/python symlink
|
||||||
|
# to be installed, which breaks later Ansible runs on Fedora 30,
|
||||||
|
# and affects system behavior in multiple ways.
|
||||||
|
exclude: python-unversioned-command
|
||||||
|
|
||||||
|
- name: Ensure PostgreSQL Python libraries are installed.
|
||||||
|
yum:
|
||||||
|
name: "{{ postgresql_python_library }}"
|
||||||
|
state: present
|
||||||
|
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
|
22
roles/geerlingguy.postgresql/tasks/users.yml
Normal file
22
roles/geerlingguy.postgresql/tasks/users.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure PostgreSQL users are present.
|
||||||
|
postgresql_user:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
password: "{{ item.password | default(omit) }}"
|
||||||
|
encrypted: "{{ item.encrypted | default(omit) }}"
|
||||||
|
priv: "{{ item.priv | default(omit) }}"
|
||||||
|
role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
|
||||||
|
db: "{{ item.db | default(omit) }}"
|
||||||
|
login_host: "{{ item.login_host | default('localhost') }}"
|
||||||
|
login_password: "{{ item.login_password | default(omit) }}"
|
||||||
|
login_user: "{{ item.login_user | default(postgresql_user) }}"
|
||||||
|
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
|
||||||
|
port: "{{ item.port | default(omit) }}"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
with_items: "{{ postgresql_users }}"
|
||||||
|
no_log: true
|
||||||
|
become: true
|
||||||
|
become_user: "{{ postgresql_user }}"
|
||||||
|
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
|
||||||
|
vars:
|
||||||
|
ansible_ssh_pipelining: true
|
45
roles/geerlingguy.postgresql/tasks/variables.yml
Normal file
45
roles/geerlingguy.postgresql/tasks/variables.yml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
# Variable configuration.
|
||||||
|
- name: Include OS-specific variables (Debian).
|
||||||
|
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Include OS-specific variables (RedHat).
|
||||||
|
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
|
||||||
|
when:
|
||||||
|
- ansible_os_family == 'RedHat'
|
||||||
|
- ansible_distribution != 'Fedora'
|
||||||
|
|
||||||
|
- name: Include OS-specific variables (Fedora).
|
||||||
|
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
|
||||||
|
when: ansible_distribution == 'Fedora'
|
||||||
|
|
||||||
|
- name: Define postgresql_packages.
|
||||||
|
set_fact:
|
||||||
|
postgresql_packages: "{{ __postgresql_packages | list }}"
|
||||||
|
when: postgresql_packages is not defined
|
||||||
|
|
||||||
|
- name: Define postgresql_version.
|
||||||
|
set_fact:
|
||||||
|
postgresql_version: "{{ __postgresql_version }}"
|
||||||
|
when: postgresql_version is not defined
|
||||||
|
|
||||||
|
- name: Define postgresql_daemon.
|
||||||
|
set_fact:
|
||||||
|
postgresql_daemon: "{{ __postgresql_daemon }}"
|
||||||
|
when: postgresql_daemon is not defined
|
||||||
|
|
||||||
|
- name: Define postgresql_data_dir.
|
||||||
|
set_fact:
|
||||||
|
postgresql_data_dir: "{{ __postgresql_data_dir }}"
|
||||||
|
when: postgresql_data_dir is not defined
|
||||||
|
|
||||||
|
- name: Define postgresql_bin_path.
|
||||||
|
set_fact:
|
||||||
|
postgresql_bin_path: "{{ __postgresql_bin_path }}"
|
||||||
|
when: postgresql_bin_path is not defined
|
||||||
|
|
||||||
|
- name: Define postgresql_config_path.
|
||||||
|
set_fact:
|
||||||
|
postgresql_config_path: "{{ __postgresql_config_path }}"
|
||||||
|
when: postgresql_config_path is not defined
|
9
roles/geerlingguy.postgresql/templates/pg_hba.conf.j2
Normal file
9
roles/geerlingguy.postgresql/templates/pg_hba.conf.j2
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# PostgreSQL Client Authentication Configuration File
|
||||||
|
# ===================================================
|
||||||
|
#
|
||||||
|
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
|
||||||
|
|
||||||
|
{% for client in postgresql_hba_entries %}
|
||||||
|
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
|
||||||
|
{% endfor %}
|
2
roles/geerlingguy.postgresql/templates/postgres.sh.j2
Normal file
2
roles/geerlingguy.postgresql/templates/postgres.sh.j2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
export PGDATA={{ postgresql_data_dir }}
|
||||||
|
export PATH=$PATH:{{ postgresql_bin_path }}
|
10
roles/geerlingguy.postgresql/vars/Debian-10.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Debian-10.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "11"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
10
roles/geerlingguy.postgresql/vars/Debian-7.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Debian-7.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "9.1"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
10
roles/geerlingguy.postgresql/vars/Debian-8.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Debian-8.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "9.4"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
10
roles/geerlingguy.postgresql/vars/Debian-9.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Debian-9.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "9.6"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
12
roles/geerlingguy.postgresql/vars/Fedora-29.yml
Normal file
12
roles/geerlingguy.postgresql/vars/Fedora-29.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "10.5"
|
||||||
|
__postgresql_data_dir: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_bin_path: "/usr/bin"
|
||||||
|
__postgresql_config_path: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-server
|
||||||
|
- postgresql-contrib
|
||||||
|
- postgresql-libs
|
||||||
|
postgresql_python_library: python2-psycopg2
|
13
roles/geerlingguy.postgresql/vars/Fedora-30.yml
Normal file
13
roles/geerlingguy.postgresql/vars/Fedora-30.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "11.2"
|
||||||
|
__postgresql_data_dir: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_bin_path: "/usr/bin"
|
||||||
|
__postgresql_config_path: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-server
|
||||||
|
- postgresql-contrib
|
||||||
|
- postgresql-libs
|
||||||
|
# Fedora 30 containers only have python3 by default
|
||||||
|
postgresql_python_library: python3-psycopg2
|
11
roles/geerlingguy.postgresql/vars/RedHat-6.yml
Normal file
11
roles/geerlingguy.postgresql/vars/RedHat-6.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "8.4"
|
||||||
|
__postgresql_data_dir: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_bin_path: "/usr/bin"
|
||||||
|
__postgresql_config_path: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-server
|
||||||
|
- postgresql-contrib
|
||||||
|
- postgresql-libs
|
11
roles/geerlingguy.postgresql/vars/RedHat-7.yml
Normal file
11
roles/geerlingguy.postgresql/vars/RedHat-7.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "9.2"
|
||||||
|
__postgresql_data_dir: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_bin_path: "/usr/bin"
|
||||||
|
__postgresql_config_path: "/var/lib/pgsql/data"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-server
|
||||||
|
- postgresql-contrib
|
||||||
|
- postgresql-libs
|
10
roles/geerlingguy.postgresql/vars/Ubuntu-16.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Ubuntu-16.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "9.5"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
10
roles/geerlingguy.postgresql/vars/Ubuntu-18.yml
Normal file
10
roles/geerlingguy.postgresql/vars/Ubuntu-18.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
__postgresql_version: "10"
|
||||||
|
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
|
||||||
|
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
|
||||||
|
__postgresql_daemon: postgresql
|
||||||
|
__postgresql_packages:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
7
roles/synapse/.editorconfig
Normal file
7
roles/synapse/.editorconfig
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
root = true
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
|
||||||
|
[*.yml]
|
||||||
|
insert_final_newline = true
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 2
|
1
roles/synapse/.gitignore
vendored
Normal file
1
roles/synapse/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
tests/roles/
|
24
roles/synapse/.gitlab-ci.yml
Normal file
24
roles/synapse/.gitlab-ci.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- apt-get update -qy
|
||||||
|
- apt-get install -y python-dev python-pip
|
||||||
|
- git submodule update --init
|
||||||
|
- pip install --upgrade ansible ansible-lint
|
||||||
|
- ansible --version
|
||||||
|
- ansible-lint --version
|
||||||
|
|
||||||
|
stages:
|
||||||
|
- ansible-lint
|
||||||
|
- ansible-syntax-check
|
||||||
|
|
||||||
|
ansible-lint-pip:
|
||||||
|
stage: ansible-lint
|
||||||
|
script:
|
||||||
|
- ansible-lint tests/test-pip.yml
|
||||||
|
|
||||||
|
ansible-lint-docker:
|
||||||
|
stage: ansible-lint
|
||||||
|
script:
|
||||||
|
- ansible-lint tests/test-docker.yml
|
64
roles/synapse/README.md
Normal file
64
roles/synapse/README.md
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# matrix-synapse
|
||||||
|
|
||||||
|
Install a matrix synapse server.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
The following should be present on the target system
|
||||||
|
* `pip`
|
||||||
|
* `systemd`
|
||||||
|
* `rsyslogd`
|
||||||
|
* `logrotate`
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
### Mandatory Variables
|
||||||
|
|
||||||
|
| Name | Type | Description |
|
||||||
|
| :--- | :--- | :--- |
|
||||||
|
| **matrix_server_name** | __string__ | |
|
||||||
|
| **matrix_synapse_tls_cert** | __string__ | server's TLS certificate chain (_when matrix_synapse_extra_config.no_tls is set to true_)|
|
||||||
|
| **matrix_synapse_tls_key** | __string__ | server's TLS key (_when matrix_synapse_extra_config.no_tls is set to true_)|
|
||||||
|
| **matrix_synapse_report_stats** | __bool__ | Report the stats to matrix.org |
|
||||||
|
| **matrix_synapse_pg_host** | __sting__ | postgresql server |
|
||||||
|
| **matrix_synapse_pg_user** | __string__ | postgresql user |
|
||||||
|
| **matrix_synapse_pg_pass** | __string__ | postgresql user's password |
|
||||||
|
| **matrix_synapse_pg_db** | __string__ | postgresql database |
|
||||||
|
|
||||||
|
### Optional Variables
|
||||||
|
|
||||||
|
| Name | Value | Description |
|
||||||
|
| :--- | :--- | :--- |
|
||||||
|
| matrix_synapse_base_path | "/opt/synapse" |
|
||||||
|
| matrix_synapse_secrets_path | "{{ matrix_synapse_base_path }}/secrets"
|
||||||
|
| matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) |
|
||||||
|
| matrix_synapse_dh_path | "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh" |
|
||||||
|
| matrix_synapse_baseurl | "https://{{ matrix_server_name }}" |
|
||||||
|
| matrix_synapse_signing_key_path | "{{ matrix_synapse_base_path }}/ssl/{{ matrix_server_name }}.signing.key" |
|
||||||
|
| matrix_synapse_version | "v1.0.0" |
|
||||||
|
| matrix_synapse_log_days_keep | 30 |
|
||||||
|
| matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
|
||||||
|
| matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |
|
||||||
|
| matrix_synapse_python_version | 3 | Default python version (2, 3) to be used |
|
||||||
|
|
||||||
|
<a name="footnote_1">¹</a>: Docker must be used for both or neither deployment and supervision
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
__None__.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
#TODO: Add example
|
||||||
|
```
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
Apache 2.0
|
||||||
|
|
||||||
|
# Author Information
|
||||||
|
|
||||||
|
* Michael Kaye
|
||||||
|
* Jan Christian Grünhage
|
||||||
|
* Emmanouil Kampitakis
|
1
roles/synapse/TODO.md
Normal file
1
roles/synapse/TODO.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
- Write a handler to restart the systemd service when upgrading
|
15
roles/synapse/defaults/main.yml
Normal file
15
roles/synapse/defaults/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
matrix_synapse_extra_config: {}
|
||||||
|
matrix_synapse_deployment_method: pip
|
||||||
|
matrix_synapse_supervision_method: systemd
|
||||||
|
matrix_synapse_base_path: "/opt/synapse"
|
||||||
|
matrix_synapse_secrets_path: "{{ matrix_synapse_base_path }}/secrets"
|
||||||
|
matrix_synapse_dh_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh"
|
||||||
|
matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
|
||||||
|
matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key"
|
||||||
|
matrix_synapse_version: "v1.3.1"
|
||||||
|
matrix_synapse_log_dir: "/var/log/matrix_synapse"
|
||||||
|
matrix_synapse_log_days_keep: 30
|
||||||
|
matrix_synapse_pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
|
||||||
|
matrix_synapse_docker_ports: ["8008:8008", "8448:8448"]
|
||||||
|
matrix_synapse_docker_labels: {}
|
29
roles/synapse/files/log.config
Normal file
29
roles/synapse/files/log.config
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
||||||
|
|
||||||
|
filters:
|
||||||
|
context:
|
||||||
|
(): synapse.util.logcontext.LoggingContextFilter
|
||||||
|
request: ""
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
filters: [context]
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
handlers: [console]
|
27
roles/synapse/handlers/main.yml
Normal file
27
roles/synapse/handlers/main.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
- name: "reload systemd"
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: "restart matrix-synapse using systemd"
|
||||||
|
service:
|
||||||
|
name: "matrix-synapse"
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
when: matrix_synapse_supervision_method == "systemd"
|
||||||
|
listen: "restart matrix-synapse"
|
||||||
|
|
||||||
|
- name: "restart synapse using docker"
|
||||||
|
docker_container:
|
||||||
|
name: synapse
|
||||||
|
state: started
|
||||||
|
restart: yes
|
||||||
|
when: matrix_synapse_supervision_method == "docker"
|
||||||
|
listen: "restart matrix-synapse"
|
||||||
|
|
||||||
|
- name: restart rsyslog
|
||||||
|
become: yes
|
||||||
|
service:
|
||||||
|
name: rsyslog
|
||||||
|
state: restarted
|
||||||
|
when: matrix_synapse_supervision_method == "systemd"
|
51
roles/synapse/library/matrix_signing_key.py
Normal file
51
roles/synapse/library/matrix_signing_key.py
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
#!/bin/python3
|
||||||
|
# Copyright: (c) 2018, Emmanouil Kampitakis <info@kampitakis.de>
|
||||||
|
# Apache 2.0
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
from signedjson import key
|
||||||
|
import os
|
||||||
|
|
||||||
|
def write_signing_key(path):
|
||||||
|
with open(path,'w') as f:
|
||||||
|
key.write_signing_keys(
|
||||||
|
f,
|
||||||
|
[key.generate_signing_key('first')]
|
||||||
|
)
|
||||||
|
|
||||||
|
def run_module():
|
||||||
|
module_args = dict(
|
||||||
|
path=dict(type='str', required=True),
|
||||||
|
)
|
||||||
|
|
||||||
|
result = dict(
|
||||||
|
changed=False,
|
||||||
|
original_message='',
|
||||||
|
message=''
|
||||||
|
)
|
||||||
|
|
||||||
|
module = AnsibleModule(
|
||||||
|
argument_spec=module_args,
|
||||||
|
supports_check_mode=True
|
||||||
|
)
|
||||||
|
|
||||||
|
signing_key_path = module.params['path']
|
||||||
|
|
||||||
|
signing_key_exists = os.path.isfile(signing_key_path)
|
||||||
|
|
||||||
|
if not signing_key_exists:
|
||||||
|
result['changed'] = True
|
||||||
|
if module.check_mode:
|
||||||
|
return result
|
||||||
|
|
||||||
|
write_signing_key(signing_key_path)
|
||||||
|
|
||||||
|
module.exit_json(**result)
|
||||||
|
|
||||||
|
def main():
|
||||||
|
run_module()
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
|
|
||||||
|
|
2
roles/synapse/meta/.galaxy_install_info
Normal file
2
roles/synapse/meta/.galaxy_install_info
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
install_date: Tue Sep 24 09:13:48 2019
|
||||||
|
version: ''
|
16
roles/synapse/meta/main.yml
Normal file
16
roles/synapse/meta/main.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
galaxy_info:
|
||||||
|
author: michaelkaye
|
||||||
|
description: Deploys a synapse server
|
||||||
|
|
||||||
|
license: Apache 2.0
|
||||||
|
|
||||||
|
min_ansible_version: 2.0
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- jessie
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
|
||||||
|
dependencies: []
|
1
roles/synapse/synapse
Symbolic link
1
roles/synapse/synapse
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
synapse
|
64
roles/synapse/tasks/configure.yml
Normal file
64
roles/synapse/tasks/configure.yml
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
- name: create user
|
||||||
|
user:
|
||||||
|
name: synapse
|
||||||
|
state: present
|
||||||
|
register: synapse_user
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: create directory
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_synapse_base_path }}"
|
||||||
|
state: directory
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: Create secrets directory
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_synapse_secrets_path }}"
|
||||||
|
state: directory
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: Generate secrets
|
||||||
|
include_tasks: generate_secret.yml
|
||||||
|
loop:
|
||||||
|
- file: "macaroon.key"
|
||||||
|
var: "macaroon_file"
|
||||||
|
- file: "registration.key"
|
||||||
|
var: "registration_shared_secret_file"
|
||||||
|
- file: "form.key"
|
||||||
|
var: "form_secret_file"
|
||||||
|
loop_control:
|
||||||
|
loop_var: secret
|
||||||
|
|
||||||
|
- name: Create directory for media storage
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
loop:
|
||||||
|
- "{{ matrix_synapse_config.media_store_path }}"
|
||||||
|
- "{{ matrix_synapse_config.uploads_path }}"
|
||||||
|
- "{{ matrix_synapse_base_path }}/tls"
|
||||||
|
|
||||||
|
- name: Deploy config
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_synapse_config | to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_synapse_base_path }}/homeserver.yaml"
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
notify:
|
||||||
|
- "restart matrix-synapse"
|
||||||
|
|
||||||
|
- name: Configure logging
|
||||||
|
import_tasks: logging.yml
|
||||||
|
|
||||||
|
- name: Create certificates
|
||||||
|
include_tasks: crypto.yml
|
32
roles/synapse/tasks/crypto.yml
Normal file
32
roles/synapse/tasks/crypto.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
- name: Install signedjson
|
||||||
|
pip:
|
||||||
|
name: signedjson
|
||||||
|
|
||||||
|
- name: Create signing key
|
||||||
|
matrix_signing_key:
|
||||||
|
path: "{{ matrix_synapse_config.signing_key_path }}"
|
||||||
|
notify:
|
||||||
|
- "restart matrix-synapse"
|
||||||
|
|
||||||
|
- name: Write server's certificate and private key
|
||||||
|
block:
|
||||||
|
- name: create DH parameters
|
||||||
|
openssl_dhparam:
|
||||||
|
path: "{{ matrix_synapse_dh_path }}"
|
||||||
|
owner: synapse
|
||||||
|
- name: Write certificate
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_synapse_tls_cert }}"
|
||||||
|
dest: "{{ matrix_synapse_config.tls_certificate_path }}"
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
mode: "0644"
|
||||||
|
- name: Write keyfile
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_synapse_tls_key }}"
|
||||||
|
dest: "{{ matrix_synapse_config.tls_private_key_path }}"
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
mode: "0600"
|
||||||
|
when: not matrix_synapse_config.no_tls
|
78
roles/synapse/tasks/deployment.yml
Normal file
78
roles/synapse/tasks/deployment.yml
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
---
|
||||||
|
- name: install synapse with pip into virtualenv
|
||||||
|
block:
|
||||||
|
- name: Install dependencies
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- git
|
||||||
|
- build-essential
|
||||||
|
- python3-dev
|
||||||
|
- python-virtualenv
|
||||||
|
- python-pip
|
||||||
|
- python-setuptools
|
||||||
|
- sqlite3
|
||||||
|
- libffi-dev
|
||||||
|
- libssl-dev
|
||||||
|
- libjpeg-dev
|
||||||
|
- libxslt1-dev
|
||||||
|
- libpq-dev
|
||||||
|
state: present
|
||||||
|
cache_valid_time: 1800
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: Create virtualenv
|
||||||
|
pip:
|
||||||
|
name:
|
||||||
|
- pip
|
||||||
|
- setuptools
|
||||||
|
virtualenv: "{{ matrix_synapse_base_path }}/env"
|
||||||
|
virtualenv_python: python3
|
||||||
|
extra_args: --upgrade
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: Clone synapse
|
||||||
|
git:
|
||||||
|
repo: https://github.com/matrix-org/synapse
|
||||||
|
dest: "{{ matrix_synapse_base_path }}/synapse"
|
||||||
|
accept_hostkey: yes
|
||||||
|
version: "{{ matrix_synapse_version }}"
|
||||||
|
register: clone_synapse
|
||||||
|
tags:
|
||||||
|
- pre_install
|
||||||
|
|
||||||
|
- name: Install Synapse
|
||||||
|
pip:
|
||||||
|
name: "{{ matrix_synapse_base_path }}/synapse[matrix-synapse-ldap3,postgres,resources.consent,acme,url_preview]"
|
||||||
|
virtualenv: "{{ matrix_synapse_base_path }}/env"
|
||||||
|
when: clone_synapse.changed
|
||||||
|
tags:
|
||||||
|
- skip_ansible_lint # skip when clause
|
||||||
|
- pre_install
|
||||||
|
notify: restart matrix-synapse
|
||||||
|
when: matrix_synapse_deployment_method == "pip"
|
||||||
|
|
||||||
|
- name: install synapse with docker
|
||||||
|
docker_container:
|
||||||
|
name: synapse
|
||||||
|
image: "docker.io/matrixdotorg/synapse:{{ matrix_synapse_version }}"
|
||||||
|
ports: "{{ matrix_synapse_docker_ports }}"
|
||||||
|
labels: "{{ matrix_synapse_docker_labels }}"
|
||||||
|
restart_policy: unless-stopped
|
||||||
|
recreate: true
|
||||||
|
pull: true
|
||||||
|
entrypoint: "python"
|
||||||
|
command:
|
||||||
|
- "-m"
|
||||||
|
- "synapse.app.homeserver"
|
||||||
|
- "-c"
|
||||||
|
- "{{ matrix_synapse_base_path }}/homeserver.yaml"
|
||||||
|
user: "{{ synapse_user.uid }}:{{ synapse_user.group }}"
|
||||||
|
volumes:
|
||||||
|
- "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
|
||||||
|
- "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
|
||||||
|
- "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml"
|
||||||
|
- "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config"
|
||||||
|
- "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls"
|
||||||
|
when: matrix_synapse_deployment_method == "docker"
|
27
roles/synapse/tasks/generate_secret.yml
Normal file
27
roles/synapse/tasks/generate_secret.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
- name: Set full file path
|
||||||
|
set_fact:
|
||||||
|
secret_file_path: "{{ matrix_synapse_secrets_path }}/{{ secret.file }}"
|
||||||
|
|
||||||
|
- name: Check if secret exists
|
||||||
|
stat:
|
||||||
|
path: "{{ secret_file_path }}"
|
||||||
|
register: secret_file_stat
|
||||||
|
|
||||||
|
- name: Generate random string
|
||||||
|
copy:
|
||||||
|
content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=42') }}"
|
||||||
|
dest: "{{ secret_file_path }}"
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
mode: "0600"
|
||||||
|
when:
|
||||||
|
- not secret_file_stat.stat.exists
|
||||||
|
# TODO: This below is a dirty hack and should be properly revisited
|
||||||
|
- name: Retrieve secret
|
||||||
|
slurp:
|
||||||
|
src: "{{ secret_file_path }}"
|
||||||
|
register: secret_var
|
||||||
|
|
||||||
|
- name: Set secret.var fact
|
||||||
|
set_fact: { "{{ secret.var }}": "{{ secret_var }}" }
|
35
roles/synapse/tasks/logging.yml
Normal file
35
roles/synapse/tasks/logging.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
- name: Logging config (systemd)
|
||||||
|
block:
|
||||||
|
- name: create logging folder
|
||||||
|
file:
|
||||||
|
name: "{{ matrix_synapse_log_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
|
||||||
|
- name: copy syslog config
|
||||||
|
template:
|
||||||
|
src: syslog-synapse.conf.j2
|
||||||
|
dest: /etc/rsyslog.d/matrix_synapse.conf
|
||||||
|
owner: root
|
||||||
|
notify: restart rsyslog
|
||||||
|
|
||||||
|
- name: template logrotate config
|
||||||
|
template:
|
||||||
|
src: logrotate.j2
|
||||||
|
dest: /etc/logrotate.d/matrix_synapse
|
||||||
|
owner: root
|
||||||
|
when: matrix_synapse_supervision_method == "systemd"
|
||||||
|
# TODO: Figure out how to make sure that logging ends up in rsyslog no matter what system we run on
|
||||||
|
|
||||||
|
- name: Deploy log config
|
||||||
|
copy:
|
||||||
|
src: "log.config"
|
||||||
|
dest: "{{ matrix_synapse_base_path }}/log.config"
|
||||||
|
owner: synapse
|
||||||
|
group: synapse
|
||||||
|
notify:
|
||||||
|
- "restart matrix-synapse"
|
||||||
|
|
||||||
|
|
16
roles/synapse/tasks/main.yml
Normal file
16
roles/synapse/tasks/main.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- name: check that sypervision and deployment are compatible
|
||||||
|
fail:
|
||||||
|
msg: "Either both or neither of deployment and supervision method should be docker."
|
||||||
|
when: (matrix_synapse_supervision_method == "docker" and matrix_synapse_deployment_method != "docker") or
|
||||||
|
(matrix_synapse_deployment_method == "docker" and matrix_synapse_supervision_method != "docker")
|
||||||
|
|
||||||
|
- name: configure synapse
|
||||||
|
import_tasks: configure.yml
|
||||||
|
|
||||||
|
- name: deploy synapse
|
||||||
|
import_tasks: deployment.yml
|
||||||
|
|
||||||
|
- name: configure service
|
||||||
|
import_tasks: systemd.yml
|
||||||
|
when: matrix_synapse_supervision_method == "systemd"
|
8
roles/synapse/tasks/systemd.yml
Normal file
8
roles/synapse/tasks/systemd.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: Deploy service file
|
||||||
|
template:
|
||||||
|
src: "matrix-synapse.service.j2"
|
||||||
|
dest: "/etc/systemd/system/matrix-synapse.service"
|
||||||
|
notify:
|
||||||
|
- "reload systemd"
|
||||||
|
- "restart matrix-synapse"
|
10
roles/synapse/templates/logrotate.j2
Normal file
10
roles/synapse/templates/logrotate.j2
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
/var/log/matrix_synapse/matrix_synapse.log {
|
||||||
|
daily
|
||||||
|
rotate {{ matrix_synapse_log_days_keep }}
|
||||||
|
compress
|
||||||
|
shred
|
||||||
|
postrotate
|
||||||
|
/usr/bin/pkill -HUP rsyslogd
|
||||||
|
endscript
|
||||||
|
}
|
16
roles/synapse/templates/matrix-synapse.service.j2
Normal file
16
roles/synapse/templates/matrix-synapse.service.j2
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
[Unit]
|
||||||
|
Description="Matrix Synapse Server (synapse)"
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory={{ matrix_synapse_base_path }}
|
||||||
|
ExecStart={{ matrix_synapse_base_path }}/env/bin/python -m synapse.app.homeserver --config-path={{ matrix_synapse_base_path }}/homeserver.yaml
|
||||||
|
ExecStop={{ matrix_synapse_base_path }}/env/bin/synctl stop {{ matrix_synapse_base_path }}/homeserver.yaml
|
||||||
|
User=synapse
|
||||||
|
Group=synapse
|
||||||
|
Restart=always
|
||||||
|
StandardOutput=syslog
|
||||||
|
SyslogIdentifier=matrix_synapse
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
2
roles/synapse/templates/syslog-synapse.conf.j2
Normal file
2
roles/synapse/templates/syslog-synapse.conf.j2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
if $programname == 'matrix_synapse' then {{ matrix_synapse_log_dir }}/matrix_synapse.log
|
||||||
|
if $programname == 'matrix_synapse' then ~
|
2
roles/synapse/tests/.gitignore
vendored
Normal file
2
roles/synapse/tests/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
.vagrant
|
||||||
|
*.retry
|
25
roles/synapse/tests/Vagrantfile
vendored
Normal file
25
roles/synapse/tests/Vagrantfile
vendored
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
config.vm.define "pip" do |pip|
|
||||||
|
pip.vm.box = "debian/stretch64"
|
||||||
|
|
||||||
|
pip.vm.network "forwarded_port", guest: 8008, host: 8008
|
||||||
|
pip.vm.network "forwarded_port", guest: 8448, host: 8448
|
||||||
|
|
||||||
|
pip.vm.provision "ansible" do |ansible|
|
||||||
|
ansible.playbook = "test-pip.yml"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
config.vm.define "docker" do |docker|
|
||||||
|
docker.vm.box = "debian/stretch64"
|
||||||
|
|
||||||
|
docker.vm.network "forwarded_port", guest: 8008, host: 8009
|
||||||
|
docker.vm.network "forwarded_port", guest: 8448, host: 8449
|
||||||
|
|
||||||
|
docker.vm.provision "ansible" do |ansible|
|
||||||
|
ansible.playbook = "test-docker.yml"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
3
roles/synapse/tests/ansible.cfg
Normal file
3
roles/synapse/tests/ansible.cfg
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[defaults]
|
||||||
|
nocows=1
|
||||||
|
roles_path=./roles:./../../
|
4
roles/synapse/tests/requirements.yml
Normal file
4
roles/synapse/tests/requirements.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
- role: geerlingguy.pip
|
||||||
|
- role: geerlingguy.docker
|
||||||
|
- role: geerlingguy.postgresql
|
52
roles/synapse/tests/test-docker.yml
Normal file
52
roles/synapse/tests/test-docker.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: Flush handlers
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Check if the api returns the correct version
|
||||||
|
uri:
|
||||||
|
url: "http://localhost:8008/_matrix/federation/v1/version"
|
||||||
|
return_content: true
|
||||||
|
register: api_version
|
||||||
|
until: api_version.status == 200
|
||||||
|
retries: 10
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Check returned api version
|
||||||
|
fail: >
|
||||||
|
Return value is not as expected {{ api_version }}
|
||||||
|
when: matrix_synapse_version != "v"~(api_version.content | from_json).server.version
|
||||||
|
vars:
|
||||||
|
dbname: synapse
|
||||||
|
dbuser: synapse_user
|
||||||
|
dbpw: synapse_password
|
||||||
|
matrix_synapse_deployment_method: docker
|
||||||
|
matrix_synapse_supervision_method: docker
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.pip
|
||||||
|
pip_install_packages:
|
||||||
|
- name: docker
|
||||||
|
- role: geerlingguy.docker
|
||||||
|
- role: geerlingguy.postgresql
|
||||||
|
postgresql_databases:
|
||||||
|
- name: "{{ dbname }}"
|
||||||
|
postgresql_users:
|
||||||
|
- name: "{{ dbuser }}"
|
||||||
|
password: "{{ dbpw }}"
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: listen_addresses
|
||||||
|
value: "172.17.0.1"
|
||||||
|
postgresql_hba_entries:
|
||||||
|
- { type: local, database: all, user: all, auth_method: trust }
|
||||||
|
- { type: host, database: "{{ dbname }}", user: "{{ dbuser }}", address: "172.17.0.1/16", auth_method: md5 }
|
||||||
|
- role: matrix-ansible-synapse
|
||||||
|
matrix_server_name: localhost
|
||||||
|
matrix_synapse_report_stats: false
|
||||||
|
matrix_synapse_pg_host: 172.17.0.1
|
||||||
|
matrix_synapse_pg_user: "{{ dbuser }}"
|
||||||
|
matrix_synapse_pg_pass: "{{ dbpw }}"
|
||||||
|
matrix_synapse_pg_db: "{{ dbname }}"
|
||||||
|
matrix_synapse_extra_config:
|
||||||
|
no_tls: true
|
44
roles/synapse/tests/test-pip.yml
Normal file
44
roles/synapse/tests/test-pip.yml
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
dbname: synapse
|
||||||
|
dbuser: synapse_user
|
||||||
|
dbpw: synapse_password
|
||||||
|
tasks:
|
||||||
|
- name: Flush handlers
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Check if the api returns the correct version
|
||||||
|
uri:
|
||||||
|
url: "http://localhost:8008/_matrix/federation/v1/version"
|
||||||
|
return_content: true
|
||||||
|
register: api_version
|
||||||
|
until: api_version.status == 200
|
||||||
|
retries: 10
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Check returned api version
|
||||||
|
fail:
|
||||||
|
msg: "Return value {{ api_version }} is not as expected {{ matrix_synapse_version }}"
|
||||||
|
when: matrix_synapse_version != "v"~(api_version.content | from_json).server.version
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.pip
|
||||||
|
- role: geerlingguy.postgresql
|
||||||
|
postgresql_databases:
|
||||||
|
- name: "{{ dbname }}"
|
||||||
|
postgresql_users:
|
||||||
|
- name: "{{ dbuser }}"
|
||||||
|
password: "{{ dbpw }}"
|
||||||
|
postgresql_global_config_options:
|
||||||
|
- option: listen_addresses
|
||||||
|
value: "*"
|
||||||
|
- role: matrix-ansible-synapse
|
||||||
|
matrix_server_name: localhost
|
||||||
|
matrix_synapse_report_stats: false
|
||||||
|
matrix_synapse_pg_host: localhost
|
||||||
|
matrix_synapse_pg_user: "{{ dbuser }}"
|
||||||
|
matrix_synapse_pg_pass: "{{ dbpw }}"
|
||||||
|
matrix_synapse_pg_db: "{{ dbname }}"
|
||||||
|
matrix_synapse_extra_config:
|
||||||
|
no_tls: true
|
141
roles/synapse/vars/main.yml
Normal file
141
roles/synapse/vars/main.yml
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
---
|
||||||
|
matrix_synapse_config: "{{ matrix_synapse_base_config | combine(matrix_synapse_extra_config, recursive=True) }}"
|
||||||
|
matrix_synapse_base_config:
|
||||||
|
server_name: "{{ matrix_server_name }}"
|
||||||
|
tls_certificate_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.crt"
|
||||||
|
tls_private_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.key"
|
||||||
|
acme:
|
||||||
|
enabled: false
|
||||||
|
url: https://acme-v01.api.letsencrypt.org/directory
|
||||||
|
port: 80
|
||||||
|
bind_addresses: ['::', '0.0.0.0']
|
||||||
|
reprovision_threshold: 30
|
||||||
|
no_tls: false
|
||||||
|
tls_fingerprints: []
|
||||||
|
pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
|
||||||
|
soft_file_limit: 0
|
||||||
|
use_presence: true
|
||||||
|
listeners:
|
||||||
|
- port: 8448
|
||||||
|
bind_addresses:
|
||||||
|
- '::'
|
||||||
|
- '0.0.0.0'
|
||||||
|
type: http
|
||||||
|
tls: true
|
||||||
|
x_forwarded: false
|
||||||
|
resources:
|
||||||
|
- names: [client]
|
||||||
|
compress: true
|
||||||
|
- names: [federation]
|
||||||
|
compress: false
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
bind_addresses:
|
||||||
|
- '::'
|
||||||
|
- '0.0.0.0'
|
||||||
|
type: http
|
||||||
|
x_forwarded: false
|
||||||
|
resources:
|
||||||
|
- names: [client]
|
||||||
|
compress: true
|
||||||
|
- names: [federation]
|
||||||
|
compress: false
|
||||||
|
database:
|
||||||
|
name: "psycopg2"
|
||||||
|
args:
|
||||||
|
user: "{{ matrix_synapse_pg_user }}"
|
||||||
|
password: "{{ matrix_synapse_pg_pass }}"
|
||||||
|
database: "{{ matrix_synapse_pg_db }}"
|
||||||
|
host: "{{ matrix_synapse_pg_host }}"
|
||||||
|
cp_min: 5
|
||||||
|
cp_max: 10
|
||||||
|
log_config: "{{ matrix_synapse_base_path }}/log.config"
|
||||||
|
event_cache_size: "10K"
|
||||||
|
rc_messages_per_second: 0.2
|
||||||
|
rc_message_burst_count: 10.0
|
||||||
|
federation_rc_window_size: 1000
|
||||||
|
federation_rc_sleep_limit: 10
|
||||||
|
federation_rc_sleep_delay: 500
|
||||||
|
federation_rc_reject_limit: 50
|
||||||
|
federation_rc_concurrent: 3
|
||||||
|
media_store_path: "{{ matrix_synapse_base_path }}/media_store"
|
||||||
|
uploads_path: "{{ matrix_synapse_base_path }}/uploads"
|
||||||
|
max_upload_size: "23M"
|
||||||
|
max_image_pixels: "32M"
|
||||||
|
dynamic_thumbnails: false
|
||||||
|
thumbnail_sizes:
|
||||||
|
- width: 32
|
||||||
|
height: 32
|
||||||
|
method: crop
|
||||||
|
- width: 96
|
||||||
|
height: 96
|
||||||
|
method: crop
|
||||||
|
- width: 320
|
||||||
|
height: 240
|
||||||
|
method: scale
|
||||||
|
- width: 640
|
||||||
|
height: 480
|
||||||
|
method: scale
|
||||||
|
- width: 800
|
||||||
|
height: 600
|
||||||
|
method: scale
|
||||||
|
url_preview_enabled: true
|
||||||
|
url_preview_ip_range_blacklist:
|
||||||
|
- '127.0.0.0/8'
|
||||||
|
- '10.0.0.0/8'
|
||||||
|
- '172.16.0.0/12'
|
||||||
|
- '192.168.0.0/16'
|
||||||
|
- '100.64.0.0/10'
|
||||||
|
- '169.254.0.0/16'
|
||||||
|
- '::1/128'
|
||||||
|
- 'fe80::/64'
|
||||||
|
- 'fc00::/7'
|
||||||
|
url_preview_url_blacklist:
|
||||||
|
- username: '*'
|
||||||
|
- netloc: 'google.com'
|
||||||
|
- netloc: '*.google.com'
|
||||||
|
- netloc: 'twitter.com'
|
||||||
|
- netloc: '*.twitter.com'
|
||||||
|
- netloc: 't.co'
|
||||||
|
- netloc: '*.t.co'
|
||||||
|
max_spider_size: "10M"
|
||||||
|
enable_registration: False
|
||||||
|
registration_shared_secret: >
|
||||||
|
"{{ registration_shared_secret_file.content | b64decode }}"
|
||||||
|
form_secret: "{{ form_secret_file.content | b64decode }}"
|
||||||
|
bcrypt_rounds: 12
|
||||||
|
allow_guest_access: False
|
||||||
|
trusted_third_party_id_servers:
|
||||||
|
- matrix.org
|
||||||
|
- vector.im
|
||||||
|
autocreate_auto_join_rooms: true
|
||||||
|
enable_metrics: False
|
||||||
|
report_stats: "{{ matrix_synapse_report_stats }}"
|
||||||
|
room_invite_state_types:
|
||||||
|
- "m.room.join_rules"
|
||||||
|
- "m.room.canonical_alias"
|
||||||
|
- "m.room.avatar"
|
||||||
|
- "m.room.name"
|
||||||
|
app_service_config_files: []
|
||||||
|
track_appservice_user_ips: False
|
||||||
|
macaroon_secret_key: "{{ macaroon_file.content | b64decode }}"
|
||||||
|
expire_access_token: False
|
||||||
|
signing_key_path: "{{ matrix_synapse_signing_key_path }}"
|
||||||
|
old_signing_keys: {}
|
||||||
|
key_refresh_interval: "1d" # 1 Day.
|
||||||
|
# TODO: More servers should be added
|
||||||
|
perspectives:
|
||||||
|
servers:
|
||||||
|
"matrix.org":
|
||||||
|
verify_keys:
|
||||||
|
"ed25519:auto":
|
||||||
|
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
||||||
|
password_config:
|
||||||
|
enabled: true
|
||||||
|
push:
|
||||||
|
include_content: false
|
||||||
|
enable_group_creation: true
|
||||||
|
alias_creation_rules:
|
||||||
|
- user_id: "*"
|
||||||
|
alias: "*"
|
||||||
|
action: allow
|
11
setup.yml
Normal file
11
setup.yml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- synapse
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.pip
|
||||||
|
|
||||||
|
- import_playbook: postgres.yml
|
||||||
|
# todo: create synapse user
|
||||||
|
- import_playbook: synapse.yml
|
29
synapse.yml
Normal file
29
synapse.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
- hosts: synapse
|
||||||
|
# todo: create user for synapse
|
||||||
|
vars:
|
||||||
|
# matrix_synapse_version: "v1.3.1"
|
||||||
|
# localhosts causes certificate generation bugs
|
||||||
|
# matrix_server_name: localhost
|
||||||
|
matrix_server_name: dev
|
||||||
|
matrix_synapse_deployment_method: pip
|
||||||
|
matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
|
||||||
|
matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key"
|
||||||
|
|
||||||
|
|
||||||
|
matrix_synapse_pg_host: localhost
|
||||||
|
matrix_synapse_pg_user: "{{ synapse_dbuser }}"
|
||||||
|
matrix_synapse_pg_pass: "{{ synapse_dbpw }}"
|
||||||
|
matrix_synapse_pg_db: "{{ synapse_dbname }}"
|
||||||
|
matrix_synapse_report_stats: false # Report stats to matrix.org?
|
||||||
|
|
||||||
|
matrix_synapse_extra_config: # no_tls:true disables port 8448
|
||||||
|
no_tls: true
|
||||||
|
# If false:
|
||||||
|
# matrix_synapse_tls_cert: ""
|
||||||
|
# matrix_synapse_tls_key: ""
|
||||||
|
|
||||||
|
# pre_tasks:
|
||||||
|
# tasks:
|
||||||
|
roles:
|
||||||
|
- synapse
|
@ -1,70 +0,0 @@
|
|||||||
# This compose file is compatible with Compose itself, it might need some
|
|
||||||
# adjustments to run properly with stack.
|
|
||||||
|
|
||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
{# matrix_synapse_version: "v1.5.1-py3"
|
|
||||||
# matrix_synapse_version: "v1.5.1"
|
|
||||||
matrix_server_name: matrix-sonic-beta.local
|
|
||||||
|
|
||||||
|
|
||||||
matrix_synapse_pg_host: synapse-postgres
|
|
||||||
matrix_synapse_pg_user: ""
|
|
||||||
matrix_synapse_pg_pass: ""
|
|
||||||
matrix_synapse_pg_db: " #}
|
|
||||||
synapse:
|
|
||||||
{# build:
|
|
||||||
context: ../..
|
|
||||||
dockerfile: docker/Dockerfile #}
|
|
||||||
image: "docker.io/matrixdotorg/synapse: {{ matrix_synapse_version }}"
|
|
||||||
# Since synapse does not retry to connect to the database, restart upon
|
|
||||||
# failure
|
|
||||||
restart: unless-stopped
|
|
||||||
# See the readme for a full documentation of the environment settings
|
|
||||||
environment:
|
|
||||||
- SYNAPSE_CONFIG_PATH={{ matrix_synapse_config_path }}
|
|
||||||
volumes:
|
|
||||||
# You may either store all the files in a local folder
|
|
||||||
- ./matrix-config:/etc/matrix-synapse
|
|
||||||
- ./files:/data
|
|
||||||
# .. or you may split this between different storage points
|
|
||||||
# - ./files:/data
|
|
||||||
# - /path/to/ssd:/data/uploads
|
|
||||||
# - /path/to/large_hdd:/data/media
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
# In order to expose Synapse, remove one of the following, you might for
|
|
||||||
# instance expose the TLS port directly:
|
|
||||||
ports:
|
|
||||||
- 8008:8008/tcp
|
|
||||||
labels:
|
|
||||||
{# # The following lines are valid for Traefik version 1.x:
|
|
||||||
- traefik.enable=true
|
|
||||||
- traefik.frontend.rule=Host:my.matrix.Host
|
|
||||||
- traefik.port=8008
|
|
||||||
# Alternatively, for Traefik version 2.0:
|
|
||||||
- traefik.enable=true
|
|
||||||
- traefik.http.routers.http-synapse.entryPoints=http
|
|
||||||
- traefik.http.routers.http-synapse.rule=Host(`my.matrix.host`)
|
|
||||||
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
|
|
||||||
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
|
|
||||||
- traefik.http.routers.http-synapse.middlewares=https_redirect
|
|
||||||
- traefik.http.routers.https-synapse.entryPoints=https
|
|
||||||
- traefik.http.routers.https-synapse.rule=Host(`my.matrix.host`)
|
|
||||||
- traefik.http.routers.https-synapse.service=synapse
|
|
||||||
- traefik.http.routers.https-synapse.tls=true
|
|
||||||
- traefik.http.services.synapse.loadbalancer.server.port=8008
|
|
||||||
- traefik.http.routers.https-synapse.tls.certResolver=le-ssl #}
|
|
||||||
|
|
||||||
db:
|
|
||||||
image: docker.io/postgres:10-alpine
|
|
||||||
# Change that password, of course!
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER={{ matrix_synapse_db_name }}
|
|
||||||
- POSTGRES_PASSWORD={{ matrix_synapse_pg_pass }}
|
|
||||||
volumes:
|
|
||||||
# You may store the database tables in a local folder..
|
|
||||||
- ./schemas:/var/lib/postgresql/data
|
|
||||||
# .. or store them on some high performance storage for better results
|
|
||||||
# - /path/to/ssd/storage:/var/lib/postgresql/data
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
1
website.yml
Normal file
1
website.yml
Normal file
@ -0,0 +1 @@
|
|||||||
|
# Static site deployment with Hugo?
|
Loading…
Reference in New Issue
Block a user