ansible.builtin. prefix for modules
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
Mathieu Gauthier-Pilote
parent
819344f577
commit
cdcb2271db
|
|
@ -2,17 +2,17 @@
|
|||
# tasks file for mastodon install
|
||||
|
||||
- name: Install main system dependencies
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: "{{ mastodon_system_dep }}"
|
||||
update_cache: yes
|
||||
|
||||
- name: Install npm on Debian 12
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: npm
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Install corepack via npm on Debian 12
|
||||
shell: npm install -g corepack
|
||||
ansible.builtin.shell: npm install -g corepack
|
||||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Fix permissions for corepack
|
||||
|
|
@ -24,17 +24,17 @@
|
|||
when: ansible_distribution_major_version is version('12', '>=')
|
||||
|
||||
- name: Enable yarn (via corepack)
|
||||
shell: "corepack enable; yarn set version classic"
|
||||
ansible.builtin.shell: "corepack enable; yarn set version classic"
|
||||
|
||||
- name: Add PostgreSQL user
|
||||
postgresql_user:
|
||||
community.postgresql.postgresql_user:
|
||||
name: "{{ mastodon_db_user }}"
|
||||
password: "{{ mastodon_db_password }}"
|
||||
role_attr_flags: CREATEDB
|
||||
become_user: postgres
|
||||
|
||||
- name: Add UNIX account
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: "{{ mastodon_service }}"
|
||||
shell: /bin/bash
|
||||
# umask: "0022" nécessite ansible-core 2.12
|
||||
|
|
@ -47,7 +47,7 @@
|
|||
- rbenv_ruby_version: "{{ mastodon_ruby_version }}"
|
||||
|
||||
- name: Clone Mastodon repo (git)
|
||||
git:
|
||||
ansible.builtin.git:
|
||||
repo: "{{ mastodon_git_url }}"
|
||||
dest: "~/mastodon/"
|
||||
version: "{{ mastodon_git_version | default(omit) }}"
|
||||
|
|
@ -58,24 +58,24 @@
|
|||
|
||||
- block:
|
||||
- name: Install bundler
|
||||
shell: ". ~/.profile && gem install bundler --no-document"
|
||||
ansible.builtin.shell: ". ~/.profile && gem install bundler --no-document"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Install gem dependencies
|
||||
shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}"
|
||||
ansible.builtin.shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Install javascript dependencies
|
||||
shell: ". ~/.profile && yarn install --pure-lockfile"
|
||||
ansible.builtin.shell: ". ~/.profile && yarn install --pure-lockfile"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- name: Template .env.production configuration file
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "env.j2"
|
||||
dest: "~{{ mastodon_service }}/mastodon/.env.production"
|
||||
owner: "{{ mastodon_service }}"
|
||||
|
|
@ -83,7 +83,7 @@
|
|||
mode: "0640"
|
||||
|
||||
- name: Check if secrets need to be generated or not
|
||||
shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production"
|
||||
ansible.builtin.shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
|
@ -92,41 +92,41 @@
|
|||
|
||||
- block:
|
||||
- name: Generate secret for SECRET_KEY_BASE
|
||||
shell: '. ~/.profile && sed -i -r "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$(RAILS_ENV=production bundle exec rake secret)/" .env.production'
|
||||
ansible.builtin.shell: '. ~/.profile && sed -i -r "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$(RAILS_ENV=production bundle exec rake secret)/" .env.production'
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Generate secret for OTP_SECRET
|
||||
shell: '. ~/.profile && sed -i -r "s/OTP_SECRET=/OTP_SECRET=$(RAILS_ENV=production bundle exec rake secret)/" .env.production'
|
||||
ansible.builtin.shell: '. ~/.profile && sed -i -r "s/OTP_SECRET=/OTP_SECRET=$(RAILS_ENV=production bundle exec rake secret)/" .env.production'
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Generate secret for VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
|
||||
shell: . ~/.profile && RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key > vapid.tmp | head -1 | cut -c 19-
|
||||
ansible.builtin.shell: . ~/.profile && RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key > vapid.tmp | head -1 | cut -c 19-
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Read VAPID_PRIVATE_KEY secret from temp file
|
||||
shell: "cat vapid.tmp | head -1 | cut -c 19-"
|
||||
ansible.builtin.shell: "cat vapid.tmp | head -1 | cut -c 19-"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
register: app_vapid_private_key
|
||||
- name: Read VAPID_PUBLIC_KEY secret from temp file
|
||||
shell: "cat vapid.tmp | tail -1 | cut -c 18-"
|
||||
ansible.builtin.shell: "cat vapid.tmp | tail -1 | cut -c 18-"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
register: app_vapid_public_key
|
||||
- name: Delete secrets temp file
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "~/mastodon/vapid.tmp"
|
||||
state: absent
|
||||
- name: Write app_vapid_private_key to production .env file
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: "~/mastodon/.env.production"
|
||||
regexp: '^VAPID_PRIVATE_KEY='
|
||||
line: "VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key.stdout }}"
|
||||
- name: Write app_vapid_public_key to production .env file
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: "~/mastodon/.env.production"
|
||||
regexp: '^VAPID_PUBLIC_KEY='
|
||||
line: "VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key.stdout }}"
|
||||
|
|
@ -134,14 +134,14 @@
|
|||
when: "secrets.rc == 1"
|
||||
|
||||
- name: Check if mastodon database is already present or not
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
psql -lqt | cut -d \| -f 1 | grep -qw {{ mastodon_service }}_production
|
||||
become_user: postgres
|
||||
register: db_present
|
||||
failed_when: "db_present.rc == 2"
|
||||
|
||||
- name: Setup database schema if database not already present
|
||||
shell: ". ~/.profile && RAILS_ENV=production SAFETY_ASSURED=1 bundle exec rails db:setup"
|
||||
ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production SAFETY_ASSURED=1 bundle exec rails db:setup"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
|
|
@ -149,14 +149,14 @@
|
|||
when: "db_present.rc == 1"
|
||||
|
||||
- name: Precompile assets
|
||||
shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile"
|
||||
ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- name: Adjust permissions of files in public folder
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "~/mastodon/public"
|
||||
state: directory
|
||||
mode: 'o=rX'
|
||||
|
|
@ -164,27 +164,27 @@
|
|||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- name: Add systemd target
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "mastodon.target.j2"
|
||||
dest: "/etc/systemd/system/{{ mastodon_service }}.target"
|
||||
|
||||
- name: Add systemd web unit
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "mastodon-web.service.j2"
|
||||
dest: "/etc/systemd/system/{{ mastodon_service }}-web.service"
|
||||
|
||||
- name: Add systemd sidekiq unit
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "mastodon-sidekiq.service.j2"
|
||||
dest: "/etc/systemd/system/{{ mastodon_service }}-sidekiq.service"
|
||||
|
||||
- name: Add systemd streaming unit
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "mastodon-streaming.service.j2"
|
||||
dest: "/etc/systemd/system/{{ mastodon_service }}-streaming.service"
|
||||
|
||||
- name: Enable systemd units
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ item }}"
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
|
@ -195,51 +195,51 @@
|
|||
- "{{ mastodon_service }}-streaming.service"
|
||||
|
||||
- name: Start services
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: "{{ mastodon_service }}.target"
|
||||
state: started
|
||||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
block:
|
||||
- name: Template vhost without SSL for successfull LE challengce
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "vhost.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ mastodon_service }}"
|
||||
- name: Enable temporary nginx vhost for LE
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ mastodon_service }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}"
|
||||
state: link
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
- name: Generate certificate with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }}
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }}
|
||||
when: ssl.stat.exists == false
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "vhost.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ mastodon_service }}"
|
||||
|
||||
- name: Enable nginx vhost for mastodon
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ mastodon_service }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}"
|
||||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
|
|
|||
|
|
@ -2,97 +2,97 @@
|
|||
# tasks file for mastodon upgrade
|
||||
|
||||
- name: Dump database to a file with compression
|
||||
postgresql_db:
|
||||
name: "{{ service }}_production"
|
||||
community.postgresql.postgresql_db:
|
||||
name: "{{ mastodon_service }}_production"
|
||||
state: dump
|
||||
target: "~/{{ service }}_production.sql.gz"
|
||||
target: "~/{{ mastodon_service }}_production.sql.gz"
|
||||
become_user: postgres
|
||||
|
||||
- name: Install Ruby for service user (rbenv)
|
||||
include_role:
|
||||
name: rbenv
|
||||
vars:
|
||||
- username: "{{ service }}"
|
||||
- rbenv_ruby_version: "{{ ruby_version }}"
|
||||
- username: "{{ mastodon_service }}"
|
||||
- rbenv_ruby_version: "{{ mastodon_ruby_version }}"
|
||||
|
||||
- name: Checkout (git)
|
||||
git:
|
||||
repo: "{{ git_url }}"
|
||||
ansible.builtin.git:
|
||||
repo: "{{ mastodon_git_url }}"
|
||||
dest: "~/mastodon/"
|
||||
version: "{{ git_version | default(omit) }}"
|
||||
version: "{{ mastodon_git_version | default(omit) }}"
|
||||
force: yes
|
||||
update: yes
|
||||
become_user: "{{ service }}"
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- block:
|
||||
- name: Install bundler
|
||||
shell: ". ~/.profile && gem install bundler --no-document"
|
||||
ansible.builtin.shell: ". ~/.profile && gem install bundler --no-document"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Install gem dependencies
|
||||
shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}"
|
||||
ansible.builtin.shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Install javascript dependencies
|
||||
shell: ". ~/.profile && yarn install --pure-lockfile"
|
||||
ansible.builtin.shell: ". ~/.profile && yarn install --pure-lockfile"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Upgrade browsers list db
|
||||
shell: ". ~/.profile && npx update-browserslist-db@latest"
|
||||
ansible.builtin.shell: ". ~/.profile && npx update-browserslist-db@latest"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Run database migrations, skipping post-deployment
|
||||
shell: ". ~/.profile && SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate"
|
||||
ansible.builtin.shell: ". ~/.profile && SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Precompile assets
|
||||
shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile"
|
||||
ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
- name: Adjust permissions of files in public folder
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "~/mastodon/public"
|
||||
state: directory
|
||||
mode: 'o=rX'
|
||||
recurse: true
|
||||
become_user: "{{ service }}"
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- name: Restart services
|
||||
service:
|
||||
name: "{{ service }}.target"
|
||||
ansible.builtin.service:
|
||||
name: "{{ mastodon_service }}.target"
|
||||
state: restarted
|
||||
|
||||
- name: Run database migrations, this time including post-deployment
|
||||
shell: ". ~/.profile && RAILS_ENV=production bundle exec rails db:migrate"
|
||||
ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails db:migrate"
|
||||
args:
|
||||
chdir: "~/mastodon"
|
||||
executable: /bin/bash # fails with /bin/sh
|
||||
become_user: "{{ service }}"
|
||||
become_user: "{{ mastodon_service }}"
|
||||
|
||||
- name: Restart services
|
||||
service:
|
||||
name: "{{ service }}.target"
|
||||
ansible.builtin.service:
|
||||
name: "{{ mastodon_service }}.target"
|
||||
state: restarted
|
||||
|
||||
- name: Define variable to skip next task by default
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
keep_db_dump: true
|
||||
|
||||
- name: Remove database dump
|
||||
file:
|
||||
path: "~/{{ service }}_production.sql.gz"
|
||||
ansible.builtin.file:
|
||||
path: "~/{{ mastodon_service }}_production.sql.gz"
|
||||
state: absent
|
||||
become_user: postgres
|
||||
when: keep_db_dump is undefined
|
||||
tags: clean
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
|
|
|||
Loading…
Reference in a new issue