From cdcb2271db9e103e4bf4f6937e5cf69889bcf466 Mon Sep 17 00:00:00 2001 From: Mathieu Gauthier-Pilote Date: Fri, 24 May 2024 09:50:41 -0400 Subject: [PATCH] ansible.builtin. prefix for modules --- webapps/mastodon/tasks/main.yml | 78 +++++++++++++++--------------- webapps/mastodon/tasks/upgrade.yml | 54 ++++++++++----------- 2 files changed, 66 insertions(+), 66 deletions(-) diff --git a/webapps/mastodon/tasks/main.yml b/webapps/mastodon/tasks/main.yml index d08f306f..1f1cf6a3 100644 --- a/webapps/mastodon/tasks/main.yml +++ b/webapps/mastodon/tasks/main.yml @@ -2,17 +2,17 @@ # tasks file for mastodon install - name: Install main system dependencies - apt: + ansible.builtin.apt: name: "{{ mastodon_system_dep }}" update_cache: yes - name: Install npm on Debian 12 - apt: + ansible.builtin.apt: name: npm when: ansible_distribution_major_version is version('12', '>=') - name: Install corepack via npm on Debian 12 - shell: npm install -g corepack + ansible.builtin.shell: npm install -g corepack when: ansible_distribution_major_version is version('12', '>=') - name: Fix permissions for corepack @@ -24,17 +24,17 @@ when: ansible_distribution_major_version is version('12', '>=') - name: Enable yarn (via corepack) - shell: "corepack enable; yarn set version classic" + ansible.builtin.shell: "corepack enable; yarn set version classic" - name: Add PostgreSQL user - postgresql_user: + community.postgresql.postgresql_user: name: "{{ mastodon_db_user }}" password: "{{ mastodon_db_password }}" role_attr_flags: CREATEDB become_user: postgres - name: Add UNIX account - user: + ansible.builtin.user: name: "{{ mastodon_service }}" shell: /bin/bash # umask: "0022" nécessite ansible-core 2.12 @@ -47,7 +47,7 @@ - rbenv_ruby_version: "{{ mastodon_ruby_version }}" - name: Clone Mastodon repo (git) - git: + ansible.builtin.git: repo: "{{ mastodon_git_url }}" dest: "~/mastodon/" version: "{{ mastodon_git_version | default(omit) }}" @@ -58,24 +58,24 @@ - block: - name: Install bundler - shell: ". ~/.profile && gem install bundler --no-document" + ansible.builtin.shell: ". ~/.profile && gem install bundler --no-document" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Install gem dependencies - shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}" + ansible.builtin.shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Install javascript dependencies - shell: ". ~/.profile && yarn install --pure-lockfile" + ansible.builtin.shell: ". ~/.profile && yarn install --pure-lockfile" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh become_user: "{{ mastodon_service }}" - name: Template .env.production configuration file - template: + ansible.builtin.template: src: "env.j2" dest: "~{{ mastodon_service }}/mastodon/.env.production" owner: "{{ mastodon_service }}" @@ -83,7 +83,7 @@ mode: "0640" - name: Check if secrets need to be generated or not - shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production" + ansible.builtin.shell: "grep -P SECRET_KEY_BASE=[[:alnum:]]{128} .env.production" args: chdir: "~/mastodon" become_user: "{{ mastodon_service }}" @@ -92,41 +92,41 @@ - block: - name: Generate secret for SECRET_KEY_BASE - shell: '. ~/.profile && sed -i -r "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$(RAILS_ENV=production bundle exec rake secret)/" .env.production' + ansible.builtin.shell: '. ~/.profile && sed -i -r "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$(RAILS_ENV=production bundle exec rake secret)/" .env.production' args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Generate secret for OTP_SECRET - shell: '. ~/.profile && sed -i -r "s/OTP_SECRET=/OTP_SECRET=$(RAILS_ENV=production bundle exec rake secret)/" .env.production' + ansible.builtin.shell: '. ~/.profile && sed -i -r "s/OTP_SECRET=/OTP_SECRET=$(RAILS_ENV=production bundle exec rake secret)/" .env.production' args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Generate secret for VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY - shell: . ~/.profile && RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key > vapid.tmp | head -1 | cut -c 19- + ansible.builtin.shell: . ~/.profile && RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key > vapid.tmp | head -1 | cut -c 19- args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Read VAPID_PRIVATE_KEY secret from temp file - shell: "cat vapid.tmp | head -1 | cut -c 19-" + ansible.builtin.shell: "cat vapid.tmp | head -1 | cut -c 19-" args: chdir: "~/mastodon" register: app_vapid_private_key - name: Read VAPID_PUBLIC_KEY secret from temp file - shell: "cat vapid.tmp | tail -1 | cut -c 18-" + ansible.builtin.shell: "cat vapid.tmp | tail -1 | cut -c 18-" args: chdir: "~/mastodon" register: app_vapid_public_key - name: Delete secrets temp file - file: + ansible.builtin.file: path: "~/mastodon/vapid.tmp" state: absent - name: Write app_vapid_private_key to production .env file - lineinfile: + ansible.builtin.lineinfile: path: "~/mastodon/.env.production" regexp: '^VAPID_PRIVATE_KEY=' line: "VAPID_PRIVATE_KEY={{ mastodon_app_vapid_private_key.stdout }}" - name: Write app_vapid_public_key to production .env file - lineinfile: + ansible.builtin.lineinfile: path: "~/mastodon/.env.production" regexp: '^VAPID_PUBLIC_KEY=' line: "VAPID_PUBLIC_KEY={{ mastodon_app_vapid_public_key.stdout }}" @@ -134,14 +134,14 @@ when: "secrets.rc == 1" - name: Check if mastodon database is already present or not - shell: | + ansible.builtin.shell: | psql -lqt | cut -d \| -f 1 | grep -qw {{ mastodon_service }}_production become_user: postgres register: db_present failed_when: "db_present.rc == 2" - name: Setup database schema if database not already present - shell: ". ~/.profile && RAILS_ENV=production SAFETY_ASSURED=1 bundle exec rails db:setup" + ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production SAFETY_ASSURED=1 bundle exec rails db:setup" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh @@ -149,14 +149,14 @@ when: "db_present.rc == 1" - name: Precompile assets - shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile" + ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh become_user: "{{ mastodon_service }}" - name: Adjust permissions of files in public folder - file: + ansible.builtin.file: path: "~/mastodon/public" state: directory mode: 'o=rX' @@ -164,27 +164,27 @@ become_user: "{{ mastodon_service }}" - name: Add systemd target - template: + ansible.builtin.template: src: "mastodon.target.j2" dest: "/etc/systemd/system/{{ mastodon_service }}.target" - name: Add systemd web unit - template: + ansible.builtin.template: src: "mastodon-web.service.j2" dest: "/etc/systemd/system/{{ mastodon_service }}-web.service" - name: Add systemd sidekiq unit - template: + ansible.builtin.template: src: "mastodon-sidekiq.service.j2" dest: "/etc/systemd/system/{{ mastodon_service }}-sidekiq.service" - name: Add systemd streaming unit - template: + ansible.builtin.template: src: "mastodon-streaming.service.j2" dest: "/etc/systemd/system/{{ mastodon_service }}-streaming.service" - name: Enable systemd units - systemd: + ansible.builtin.systemd: name: "{{ item }}" enabled: yes daemon_reload: yes @@ -195,51 +195,51 @@ - "{{ mastodon_service }}-streaming.service" - name: Start services - service: + ansible.builtin.service: name: "{{ mastodon_service }}.target" state: started - name: Check if SSL certificate is present and register result - stat: + ansible.builtin.stat: path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) block: - name: Template vhost without SSL for successfull LE challengce - template: + ansible.builtin.template: src: "vhost.j2" dest: "/etc/nginx/sites-available/{{ mastodon_service }}" - name: Enable temporary nginx vhost for LE - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ mastodon_service }}" dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }} + ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ mastodon_domains |first }} when: ssl.stat.exists == false - name: (Re)check if SSL certificate is present and register result - stat: + ansible.builtin.stat: path: "/etc/letsencrypt/live/{{ mastodon_domains |first }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL - template: + ansible.builtin.template: src: "vhost.j2" dest: "/etc/nginx/sites-available/{{ mastodon_service }}" - name: Enable nginx vhost for mastodon - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ mastodon_service }}" dest: "/etc/nginx/sites-enabled/{{ mastodon_service }}" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded diff --git a/webapps/mastodon/tasks/upgrade.yml b/webapps/mastodon/tasks/upgrade.yml index d1b8c57a..97e4f42b 100644 --- a/webapps/mastodon/tasks/upgrade.yml +++ b/webapps/mastodon/tasks/upgrade.yml @@ -2,97 +2,97 @@ # tasks file for mastodon upgrade - name: Dump database to a file with compression - postgresql_db: - name: "{{ service }}_production" + community.postgresql.postgresql_db: + name: "{{ mastodon_service }}_production" state: dump - target: "~/{{ service }}_production.sql.gz" + target: "~/{{ mastodon_service }}_production.sql.gz" become_user: postgres - name: Install Ruby for service user (rbenv) include_role: name: rbenv vars: - - username: "{{ service }}" - - rbenv_ruby_version: "{{ ruby_version }}" + - username: "{{ mastodon_service }}" + - rbenv_ruby_version: "{{ mastodon_ruby_version }}" - name: Checkout (git) - git: - repo: "{{ git_url }}" + ansible.builtin.git: + repo: "{{ mastodon_git_url }}" dest: "~/mastodon/" - version: "{{ git_version | default(omit) }}" + version: "{{ mastodon_git_version | default(omit) }}" force: yes update: yes - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - block: - name: Install bundler - shell: ". ~/.profile && gem install bundler --no-document" + ansible.builtin.shell: ". ~/.profile && gem install bundler --no-document" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Install gem dependencies - shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}" + ansible.builtin.shell: ". ~/.profile && bundle install --deployment --without development test -j{{ ansible_processor_count }}" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Install javascript dependencies - shell: ". ~/.profile && yarn install --pure-lockfile" + ansible.builtin.shell: ". ~/.profile && yarn install --pure-lockfile" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Upgrade browsers list db - shell: ". ~/.profile && npx update-browserslist-db@latest" + ansible.builtin.shell: ". ~/.profile && npx update-browserslist-db@latest" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Run database migrations, skipping post-deployment - shell: ". ~/.profile && SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate" + ansible.builtin.shell: ". ~/.profile && SKIP_POST_DEPLOYMENT_MIGRATIONS=true RAILS_ENV=production bundle exec rails db:migrate" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Precompile assets - shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile" + ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails assets:precompile" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - name: Adjust permissions of files in public folder - file: + ansible.builtin.file: path: "~/mastodon/public" state: directory mode: 'o=rX' recurse: true - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - name: Restart services - service: - name: "{{ service }}.target" + ansible.builtin.service: + name: "{{ mastodon_service }}.target" state: restarted - name: Run database migrations, this time including post-deployment - shell: ". ~/.profile && RAILS_ENV=production bundle exec rails db:migrate" + ansible.builtin.shell: ". ~/.profile && RAILS_ENV=production bundle exec rails db:migrate" args: chdir: "~/mastodon" executable: /bin/bash # fails with /bin/sh - become_user: "{{ service }}" + become_user: "{{ mastodon_service }}" - name: Restart services - service: - name: "{{ service }}.target" + ansible.builtin.service: + name: "{{ mastodon_service }}.target" state: restarted - name: Define variable to skip next task by default - set_fact: + ansible.builtin.set_fact: keep_db_dump: true - name: Remove database dump - file: - path: "~/{{ service }}_production.sql.gz" + ansible.builtin.file: + path: "~/{{ mastodon_service }}_production.sql.gz" state: absent become_user: postgres when: keep_db_dump is undefined tags: clean - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded