From 4d83592e916e9751e4550d49705ded816fa4854c Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 1 Feb 2022 09:45:29 +0100 Subject: [PATCH 1/6] [add] Yunohost backup --- roles/yunohost/.travis.yml | 29 ++++++++++ roles/yunohost/README.md | 38 ++++++++++++ roles/yunohost/defaults/main.yml | 2 + roles/yunohost/handlers/main.yml | 2 + roles/yunohost/meta/main.yml | 52 +++++++++++++++++ roles/yunohost/tasks/backup.yml | 7 +++ roles/yunohost/tasks/main.yml | 37 ++++++++++++ .../templates/yunohost_backup_restic.j2 | 58 +++++++++++++++++++ roles/yunohost/tests/inventory | 2 + roles/yunohost/tests/test.yml | 5 ++ roles/yunohost/vars/main.yml | 2 + 11 files changed, 234 insertions(+) create mode 100644 roles/yunohost/.travis.yml create mode 100644 roles/yunohost/README.md create mode 100644 roles/yunohost/defaults/main.yml create mode 100644 roles/yunohost/handlers/main.yml create mode 100644 roles/yunohost/meta/main.yml create mode 100644 roles/yunohost/tasks/backup.yml create mode 100644 roles/yunohost/tasks/main.yml create mode 100644 roles/yunohost/templates/yunohost_backup_restic.j2 create mode 100644 roles/yunohost/tests/inventory create mode 100644 roles/yunohost/tests/test.yml create mode 100644 roles/yunohost/vars/main.yml diff --git a/roles/yunohost/.travis.yml b/roles/yunohost/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/roles/yunohost/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/yunohost/README.md b/roles/yunohost/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/roles/yunohost/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/yunohost/defaults/main.yml b/roles/yunohost/defaults/main.yml new file mode 100644 index 00000000..eef27f8d --- /dev/null +++ b/roles/yunohost/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for yunohost diff --git a/roles/yunohost/handlers/main.yml b/roles/yunohost/handlers/main.yml new file mode 100644 index 00000000..f97e4382 --- /dev/null +++ b/roles/yunohost/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for yunohost diff --git a/roles/yunohost/meta/main.yml b/roles/yunohost/meta/main.yml new file mode 100644 index 00000000..c572acc9 --- /dev/null +++ b/roles/yunohost/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/yunohost/tasks/backup.yml b/roles/yunohost/tasks/backup.yml new file mode 100644 index 00000000..7c2010e0 --- /dev/null +++ b/roles/yunohost/tasks/backup.yml @@ -0,0 +1,7 @@ +--- + +- name: "template for yunohost backup " + template: + src: yunohost_backup_restic.j2 + dest: "{{ backup_item_dir }}/20-restic-{{ app_instance_id }}.sh" + mode: 0640 diff --git a/roles/yunohost/tasks/main.yml b/roles/yunohost/tasks/main.yml new file mode 100644 index 00000000..edb8a83a --- /dev/null +++ b/roles/yunohost/tasks/main.yml @@ -0,0 +1,37 @@ +--- + +- name: Install requirements + apt: + name: + - git + - dialog + state: present + +- name: Test if Yunohost is already installed + stat: path=/etc/yunohost/installed + register: yunohost_file_install + +- name: Install Yunohost + block: + - name: Download install script + get_url: + url: "{{ yunohost.install_script_url }}" + dest: /tmp/install_yunohost.sh + mode: 700 + - name: Launch script + command: /tmp/install_yunohost.sh -a + - name: Launch postinsstall + shell: " + yunohost tools postinstall \ + --domain {{ yunohost.main_domain }} \ + --password {{ yunohost.admin_password }} \ + --ignore-dyndns + " + - name: Run diagnosis # Required to install certificates + shell: yunohost diagnosis run + - name: Install certificates + shell: yunohost domain cert-install {{ yunohost.main_domain }} + when: yunohost_file_install.stat.exists == False + +- name: Restic backups + include: backup.yml \ No newline at end of file diff --git a/roles/yunohost/templates/yunohost_backup_restic.j2 b/roles/yunohost/templates/yunohost_backup_restic.j2 new file mode 100644 index 00000000..42016d43 --- /dev/null +++ b/roles/yunohost/templates/yunohost_backup_restic.j2 @@ -0,0 +1,58 @@ +#!/bin/bash +when = everyday at {{ backup_data_service_conf_time | mandatory }} + +set -e +set -u +set -o pipefail + +RESTIC='/usr/local/bin/restic' +export RESTIC_PASSWORD="{{ restic_password }}" + +export RESTIC_REPOSITORY="sftp:{{ st_h_box_host }}:srv/{{ ansible_hostname }}-restic" + +run_cmd_with_backoff_retry_without_exit() { + MAX_TRY=2 + try=0 + while ! "$@" + do + if [[ ${try} -ge ${MAX_TRY} ]] + then + printf "All snapshots reading attempts have failed!\n" + return 1 + fi + ((try++)) + printf "Reading snapshots failed trying again in 10 seconds [%s/%s]\n" "${try}" "${MAX_TRY}" + sleep 5 + done +} + +run_cmd_with_backoff_retry() { + MAX_TRY=10 + try=0 + while ! "$@" + do + if [[ ${try} -ge ${MAX_TRY} ]] + then + printf "All backup attempts have failed!\n" + exit 1 + fi + ((try++)) + printf "Backup failed trying again in 10 seconds [%s/%s]\n" "${try}" "${MAX_TRY}" + sleep 10 + done +} + +echo -e "\n`date` - Checking repository is initialized...\n" +run_cmd_with_backoff_retry_without_exit $RESTIC snapshots || run_cmd_with_backoff_retry $RESTIC init + +sudo yunohost backup delete backup_dayly +sudo yunohost backup create --system --apps -n backup_dayly + +run_cmd_with_backoff_retry $RESTIC backup --tag yunohost /home/yunohost.backup/archives/backup_dayly.tar +run_cmd_with_backoff_retry $RESTIC backup --tag yunohost /home/yunohost.backup/archives/backup_dayly.info.json + +echo -e "\n`date` - Running forget and prune...\n" + +$RESTIC forget --prune --tag {{ app_instance_id }} --keep-daily {{ restic_data_keep_daily|default(7) }} --keep-weekly {{ restic_data_keep_weekly|default(4) }} --keep-monthly {{ restic_data_keep_monthly|default(12) }} --keep-yearly {{ restic_data_keep_yearly|default(3) }} --keep-tag to-keep + +echo -e "\n`date` - Backup finished.\n" diff --git a/roles/yunohost/tests/inventory b/roles/yunohost/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/roles/yunohost/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/yunohost/tests/test.yml b/roles/yunohost/tests/test.yml new file mode 100644 index 00000000..f0982285 --- /dev/null +++ b/roles/yunohost/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - yunohost diff --git a/roles/yunohost/vars/main.yml b/roles/yunohost/vars/main.yml new file mode 100644 index 00000000..fb39c5db --- /dev/null +++ b/roles/yunohost/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for yunohost -- GitLab From 73119cefb91b01c3fa301cc49501557e3e5f1801 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 1 Feb 2022 12:37:11 +0100 Subject: [PATCH 2/6] =?UTF-8?q?[fix]=20backups=20+=20d=C3=A9but=20install?= =?UTF-8?q?=20app?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/yunohost/tasks/backup.yml | 65 +++++++++++++++++++ roles/yunohost/tasks/main.yml | 7 +- roles/yunohost/tasks/monitoring.yml | 56 ++++++++++++++++ roles/yunohost_app_install/.travis.yml | 29 +++++++++ roles/yunohost_app_install/README.md | 38 +++++++++++ roles/yunohost_app_install/defaults/main.yml | 2 + roles/yunohost_app_install/handlers/main.yml | 2 + roles/yunohost_app_install/meta/main.yml | 52 +++++++++++++++ roles/yunohost_app_install/tasks/install.yml | 0 roles/yunohost_app_install/tasks/main.yml | 9 +++ .../yunohost_app_install/tasks/uninstall.yml | 0 roles/yunohost_app_install/tasks/upgrade.yml | 0 roles/yunohost_app_install/tests/inventory | 2 + roles/yunohost_app_install/tests/test.yml | 5 ++ roles/yunohost_app_install/vars/main.yml | 2 + 15 files changed, 267 insertions(+), 2 deletions(-) create mode 100644 roles/yunohost/tasks/monitoring.yml create mode 100644 roles/yunohost_app_install/.travis.yml create mode 100644 roles/yunohost_app_install/README.md create mode 100644 roles/yunohost_app_install/defaults/main.yml create mode 100644 roles/yunohost_app_install/handlers/main.yml create mode 100644 roles/yunohost_app_install/meta/main.yml create mode 100644 roles/yunohost_app_install/tasks/install.yml create mode 100644 roles/yunohost_app_install/tasks/main.yml create mode 100644 roles/yunohost_app_install/tasks/uninstall.yml create mode 100644 roles/yunohost_app_install/tasks/upgrade.yml create mode 100644 roles/yunohost_app_install/tests/inventory create mode 100644 roles/yunohost_app_install/tests/test.yml create mode 100644 roles/yunohost_app_install/vars/main.yml diff --git a/roles/yunohost/tasks/backup.yml b/roles/yunohost/tasks/backup.yml index 7c2010e0..acfceeb1 100644 --- a/roles/yunohost/tasks/backup.yml +++ b/roles/yunohost/tasks/backup.yml @@ -1,7 +1,72 @@ --- +- name: "user for master backup" + user: + name: "{{ backup_master_user }}" + tags: + - backup + +- name: "public key in authorized keys for master backup" + authorized_key: + user: "{{ backup_master_user }}" + state: present + key: "{{ lookup('file', lookup('env','HOME') + '/{{ master_backup_key_file }}' + '.pub') }}" + tags: + - backup + +- name: 'set reportsuccess to no' + lineinfile: + path: "/etc/backupninja.conf" + regexp: '^reportsuccess' + line: 'reportsuccess = no' + state: present + tags: + - backup + +- name: 'set reportinfo to yes' + lineinfile: + path: "/etc/backupninja.conf" + regexp: '^reportinfo' + line: 'reportinfo = yes' + state: present + tags: + - backup + +- name: "backup production directory {{ backup_prod_dir }}" + file: + state: directory + path: "{{ backup_prod_dir }}" + tags: + - backup + +- name: "backup template day" + template: + src: backup.day.j2 + dest: "{{ backup_item_dir }}/50-day.sh" + mode: 0640 + tags: + - backup + +- name: "backup template month" + template: + src: backup.month.j2 + dest: "{{ backup_item_dir }}/50-month.sh" + mode: 0640 + tags: + - backup + +- name: "backup template {{ base_prod_options }}" + template: + src: opt_backup_day.j2 + dest: "{{ backup_item_dir }}/20-prod-opt.sh" + mode: 0640 + tags: + - backup + - name: "template for yunohost backup " template: src: yunohost_backup_restic.j2 dest: "{{ backup_item_dir }}/20-restic-{{ app_instance_id }}.sh" mode: 0640 + tags: + - backup diff --git a/roles/yunohost/tasks/main.yml b/roles/yunohost/tasks/main.yml index edb8a83a..365cffca 100644 --- a/roles/yunohost/tasks/main.yml +++ b/roles/yunohost/tasks/main.yml @@ -31,7 +31,10 @@ shell: yunohost diagnosis run - name: Install certificates shell: yunohost domain cert-install {{ yunohost.main_domain }} - when: yunohost_file_install.stat.exists == False + when: yunohost_file_install.stat.exists == False and system_os == "yunohost" - name: Restic backups - include: backup.yml \ No newline at end of file + include: backup.yml + +- name: Monitoring + include: monitoring.yml \ No newline at end of file diff --git a/roles/yunohost/tasks/monitoring.yml b/roles/yunohost/tasks/monitoring.yml new file mode 100644 index 00000000..c1b1cef5 --- /dev/null +++ b/roles/yunohost/tasks/monitoring.yml @@ -0,0 +1,56 @@ +--- + + - name: 'set monit cycle to {{ monit_cycle_duration }} seconds' + lineinfile: + path: "/etc/monit/monitrc" + regexp: "^[\t ]*set daemon" + line: "set daemon {{ monit_cycle_duration }} start delay {{ monit_start_delay }}" + state: present + notify: reload monit base server + tags: + - monit + + - name: "base configuration for system monitoring - single partition" + template: + src: "monit.conf.single.j2" + dest: "/etc/monit/conf.d/base.conf" + when: not data_partition + notify: reload monit base server + tags: + - monit + + - name: "base configuration for system monitoring - dual partition" + template: + src: "monit.conf.dual.j2" + dest: "/etc/monit/conf.d/base.conf" + when: data_partition + notify: reload monit base server + tags: + - monit + + - name: "cron stop monit for backup" + cron: + name: "stop monit" + hour: "{{ backup_monit_stop_hour }}" + minute: "{{ backup_monit_stop_minute }}" + job: "/bin/systemctl stop monit.service" + tags: + - monit + + - name: "cron start monit after backup" + cron: + name: "start monit" + hour: "{{ backup_monit_start_hour | mandatory }}" + minute: "{{ backup_monit_start_minute | mandatory }}" + job: "/bin/systemctl start monit.service" + tags: + - monit + + - name: "cron start monit anyway" + cron: + name: "start monit anyway" + hour: "{{ monit_start_anyway_hour | mandatory }}" + minute: "{{ monit_start_anyway_minute | mandatory }}" + job: "/bin/systemctl start monit.service >/dev/null 2>&1" + tags: + - monit diff --git a/roles/yunohost_app_install/.travis.yml b/roles/yunohost_app_install/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/roles/yunohost_app_install/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/yunohost_app_install/README.md b/roles/yunohost_app_install/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/roles/yunohost_app_install/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/yunohost_app_install/defaults/main.yml b/roles/yunohost_app_install/defaults/main.yml new file mode 100644 index 00000000..d4790fda --- /dev/null +++ b/roles/yunohost_app_install/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for yunohost_app_install diff --git a/roles/yunohost_app_install/handlers/main.yml b/roles/yunohost_app_install/handlers/main.yml new file mode 100644 index 00000000..74469041 --- /dev/null +++ b/roles/yunohost_app_install/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for yunohost_app_install diff --git a/roles/yunohost_app_install/meta/main.yml b/roles/yunohost_app_install/meta/main.yml new file mode 100644 index 00000000..c572acc9 --- /dev/null +++ b/roles/yunohost_app_install/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/yunohost_app_install/tasks/install.yml b/roles/yunohost_app_install/tasks/install.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/yunohost_app_install/tasks/main.yml b/roles/yunohost_app_install/tasks/main.yml new file mode 100644 index 00000000..a124cb30 --- /dev/null +++ b/roles/yunohost_app_install/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- import_tasks: install.yml + when: app_run in ['install', 'reinstall'] + +- import_tasks: upgrade.yml + when: app_run == 'upgrade' + +- import_tasks: uninstall.yml + when: app_run == 'uninstall' \ No newline at end of file diff --git a/roles/yunohost_app_install/tasks/uninstall.yml b/roles/yunohost_app_install/tasks/uninstall.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/yunohost_app_install/tasks/upgrade.yml b/roles/yunohost_app_install/tasks/upgrade.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/yunohost_app_install/tests/inventory b/roles/yunohost_app_install/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/roles/yunohost_app_install/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/yunohost_app_install/tests/test.yml b/roles/yunohost_app_install/tests/test.yml new file mode 100644 index 00000000..84b994f4 --- /dev/null +++ b/roles/yunohost_app_install/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - yunohost_app_install diff --git a/roles/yunohost_app_install/vars/main.yml b/roles/yunohost_app_install/vars/main.yml new file mode 100644 index 00000000..5c206c3f --- /dev/null +++ b/roles/yunohost_app_install/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for yunohost_app_install -- GitLab From 6dbd5b550bd041acf11ebe2bb9829496f078dacb Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 2 Feb 2022 17:14:07 +0100 Subject: [PATCH 3/6] [wip] Ajout du monitoring --- roles/yunohost/tasks/main.yml | 15 +++++++++++++-- roles/yunohost/tasks/monitoring.yml | 24 ++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/roles/yunohost/tasks/main.yml b/roles/yunohost/tasks/main.yml index 365cffca..317dac88 100644 --- a/roles/yunohost/tasks/main.yml +++ b/roles/yunohost/tasks/main.yml @@ -1,9 +1,18 @@ --- -- name: Install requirements +- name: "base packages" + apt: + name: "{{ base_package }}" + state: present + loop: "{{ base_packages_list }}" + loop_control: + loop_var: base_package + tags: + - apt + +- name: Install dialog missing apt: name: - - git - dialog state: present @@ -18,8 +27,10 @@ url: "{{ yunohost.install_script_url }}" dest: /tmp/install_yunohost.sh mode: 700 + - name: Launch script command: /tmp/install_yunohost.sh -a + - name: Launch postinsstall shell: " yunohost tools postinstall \ diff --git a/roles/yunohost/tasks/monitoring.yml b/roles/yunohost/tasks/monitoring.yml index c1b1cef5..e2ef2488 100644 --- a/roles/yunohost/tasks/monitoring.yml +++ b/roles/yunohost/tasks/monitoring.yml @@ -1,5 +1,29 @@ --- + - name: "ensure presence of {{ base_prod_options }}/http_check/" + file: + path: "{{ base_prod_options }}/http_check/" + state: directory + + - name: "http check facility {{ base_prod_options }}/http_check//http_check.py" + template: + src: "http_check.py.j2" + dest: "{{ base_prod_options }}/http_check/http_check.py" + mode: "755" + register: monit_conf + + - name: "monitoring configuration for {{ app_domain }}" + template: + src: "app_monit.j2" + dest: "/etc/monit/conf.d/{{ app_instance_id }}.conf" + register: monit_conf + + - name: reload monit + service: + name: monit + state: reloaded + when: monit_conf.changed + - name: 'set monit cycle to {{ monit_cycle_duration }} seconds' lineinfile: path: "/etc/monit/monitrc" -- GitLab From 666b58b1e7cc9b0f679d6fc208e3bffbfca29175 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 9 Feb 2022 11:06:58 +0100 Subject: [PATCH 4/6] [fix] Yunohost backup --- roles/yunohost/tasks/backup.yml | 101 ++++++++++---------------------- roles/yunohost/tasks/main.yml | 11 +++- 2 files changed, 40 insertions(+), 72 deletions(-) diff --git a/roles/yunohost/tasks/backup.yml b/roles/yunohost/tasks/backup.yml index acfceeb1..130d5dbb 100644 --- a/roles/yunohost/tasks/backup.yml +++ b/roles/yunohost/tasks/backup.yml @@ -1,72 +1,33 @@ --- -- name: "user for master backup" - user: - name: "{{ backup_master_user }}" - tags: - - backup - -- name: "public key in authorized keys for master backup" - authorized_key: - user: "{{ backup_master_user }}" - state: present - key: "{{ lookup('file', lookup('env','HOME') + '/{{ master_backup_key_file }}' + '.pub') }}" - tags: - - backup - -- name: 'set reportsuccess to no' - lineinfile: - path: "/etc/backupninja.conf" - regexp: '^reportsuccess' - line: 'reportsuccess = no' - state: present - tags: - - backup - -- name: 'set reportinfo to yes' - lineinfile: - path: "/etc/backupninja.conf" - regexp: '^reportinfo' - line: 'reportinfo = yes' - state: present - tags: - - backup - -- name: "backup production directory {{ backup_prod_dir }}" - file: - state: directory - path: "{{ backup_prod_dir }}" - tags: - - backup - -- name: "backup template day" - template: - src: backup.day.j2 - dest: "{{ backup_item_dir }}/50-day.sh" - mode: 0640 - tags: - - backup - -- name: "backup template month" - template: - src: backup.month.j2 - dest: "{{ backup_item_dir }}/50-month.sh" - mode: 0640 - tags: - - backup - -- name: "backup template {{ base_prod_options }}" - template: - src: opt_backup_day.j2 - dest: "{{ backup_item_dir }}/20-prod-opt.sh" - mode: 0640 - tags: - - backup - -- name: "template for yunohost backup " - template: - src: yunohost_backup_restic.j2 - dest: "{{ backup_item_dir }}/20-restic-{{ app_instance_id }}.sh" - mode: 0640 - tags: - - backup + - name: "user for master backup" + user: + name: "{{ backup_master_user }}" + tags: + - backup + + - name: 'set reportsuccess to no' + lineinfile: + path: "/etc/backupninja.conf" + regexp: '^reportsuccess' + line: 'reportsuccess = no' + state: present + tags: + - backup + + - name: 'set reportinfo to yes' + lineinfile: + path: "/etc/backupninja.conf" + regexp: '^reportinfo' + line: 'reportinfo = yes' + state: present + tags: + - backup + + - name: "backup template day" + template: + src: yunohost_backup_restic.j2 + dest: "{{ backup_item_dir }}/70-day-restic.sh" + mode: 0640 + tags: + - backup diff --git a/roles/yunohost/tasks/main.yml b/roles/yunohost/tasks/main.yml index 317dac88..28ca0f02 100644 --- a/roles/yunohost/tasks/main.yml +++ b/roles/yunohost/tasks/main.yml @@ -44,8 +44,15 @@ shell: yunohost domain cert-install {{ yunohost.main_domain }} when: yunohost_file_install.stat.exists == False and system_os == "yunohost" +- name: Monitoring + include_role: + name: base_server + tasks_from: base_monitoring + +- name: Storage box configuration + import_role: + name: base_server + - name: Restic backups include: backup.yml -- name: Monitoring - include: monitoring.yml \ No newline at end of file -- GitLab From 52f105da8ff584c82231467eca308cb398809230 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Wed, 9 Feb 2022 14:50:49 +0100 Subject: [PATCH 5/6] [fix] Yunohost Backup --- roles/yunohost/tasks/backup.yml | 6 ++++++ roles/yunohost/tasks/main.yml | 10 +++++----- roles/yunohost/templates/yunohost_backup_restic.j2 | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/roles/yunohost/tasks/backup.yml b/roles/yunohost/tasks/backup.yml index 130d5dbb..c676d9b0 100644 --- a/roles/yunohost/tasks/backup.yml +++ b/roles/yunohost/tasks/backup.yml @@ -1,5 +1,11 @@ --- + - import_role: + name: install_restic + tags: + - install_restic + + - name: "user for master backup" user: name: "{{ backup_master_user }}" diff --git a/roles/yunohost/tasks/main.yml b/roles/yunohost/tasks/main.yml index 28ca0f02..adb15414 100644 --- a/roles/yunohost/tasks/main.yml +++ b/roles/yunohost/tasks/main.yml @@ -44,14 +44,14 @@ shell: yunohost domain cert-install {{ yunohost.main_domain }} when: yunohost_file_install.stat.exists == False and system_os == "yunohost" -- name: Monitoring - include_role: - name: base_server - tasks_from: base_monitoring +#- name: Monitoring +# include_role: +# name: base_server +# tasks_from: base_monitoring - name: Storage box configuration import_role: - name: base_server + name: _storage_box_init - name: Restic backups include: backup.yml diff --git a/roles/yunohost/templates/yunohost_backup_restic.j2 b/roles/yunohost/templates/yunohost_backup_restic.j2 index 42016d43..c24b133b 100644 --- a/roles/yunohost/templates/yunohost_backup_restic.j2 +++ b/roles/yunohost/templates/yunohost_backup_restic.j2 @@ -53,6 +53,6 @@ run_cmd_with_backoff_retry $RESTIC backup --tag yunohost /home/yunohost.backup/a echo -e "\n`date` - Running forget and prune...\n" -$RESTIC forget --prune --tag {{ app_instance_id }} --keep-daily {{ restic_data_keep_daily|default(7) }} --keep-weekly {{ restic_data_keep_weekly|default(4) }} --keep-monthly {{ restic_data_keep_monthly|default(12) }} --keep-yearly {{ restic_data_keep_yearly|default(3) }} --keep-tag to-keep +$RESTIC forget --prune --tag yunohost --keep-daily {{ restic_data_keep_daily|default(7) }} --keep-weekly {{ restic_data_keep_weekly|default(4) }} --keep-monthly {{ restic_data_keep_monthly|default(12) }} --keep-yearly {{ restic_data_keep_yearly|default(3) }} --keep-tag to-keep echo -e "\n`date` - Backup finished.\n" -- GitLab From bc828640c02290f14a3ca4fa8a7c665bc2cabb4c Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 19 Dec 2022 16:17:22 +0100 Subject: [PATCH 6/6] remove for instance installation of ynh app through ansible --- roles/yunohost_app_install/.travis.yml | 29 ----------- roles/yunohost_app_install/README.md | 38 -------------- roles/yunohost_app_install/defaults/main.yml | 2 - roles/yunohost_app_install/handlers/main.yml | 2 - roles/yunohost_app_install/meta/main.yml | 52 ------------------- roles/yunohost_app_install/tasks/install.yml | 0 roles/yunohost_app_install/tasks/main.yml | 9 ---- .../yunohost_app_install/tasks/uninstall.yml | 0 roles/yunohost_app_install/tasks/upgrade.yml | 0 roles/yunohost_app_install/tests/inventory | 2 - roles/yunohost_app_install/tests/test.yml | 5 -- roles/yunohost_app_install/vars/main.yml | 2 - 12 files changed, 141 deletions(-) delete mode 100644 roles/yunohost_app_install/.travis.yml delete mode 100644 roles/yunohost_app_install/README.md delete mode 100644 roles/yunohost_app_install/defaults/main.yml delete mode 100644 roles/yunohost_app_install/handlers/main.yml delete mode 100644 roles/yunohost_app_install/meta/main.yml delete mode 100644 roles/yunohost_app_install/tasks/install.yml delete mode 100644 roles/yunohost_app_install/tasks/main.yml delete mode 100644 roles/yunohost_app_install/tasks/uninstall.yml delete mode 100644 roles/yunohost_app_install/tasks/upgrade.yml delete mode 100644 roles/yunohost_app_install/tests/inventory delete mode 100644 roles/yunohost_app_install/tests/test.yml delete mode 100644 roles/yunohost_app_install/vars/main.yml diff --git a/roles/yunohost_app_install/.travis.yml b/roles/yunohost_app_install/.travis.yml deleted file mode 100644 index 36bbf620..00000000 --- a/roles/yunohost_app_install/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/yunohost_app_install/README.md b/roles/yunohost_app_install/README.md deleted file mode 100644 index 225dd44b..00000000 --- a/roles/yunohost_app_install/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/yunohost_app_install/defaults/main.yml b/roles/yunohost_app_install/defaults/main.yml deleted file mode 100644 index d4790fda..00000000 --- a/roles/yunohost_app_install/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for yunohost_app_install diff --git a/roles/yunohost_app_install/handlers/main.yml b/roles/yunohost_app_install/handlers/main.yml deleted file mode 100644 index 74469041..00000000 --- a/roles/yunohost_app_install/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for yunohost_app_install diff --git a/roles/yunohost_app_install/meta/main.yml b/roles/yunohost_app_install/meta/main.yml deleted file mode 100644 index c572acc9..00000000 --- a/roles/yunohost_app_install/meta/main.yml +++ /dev/null @@ -1,52 +0,0 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/yunohost_app_install/tasks/install.yml b/roles/yunohost_app_install/tasks/install.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/yunohost_app_install/tasks/main.yml b/roles/yunohost_app_install/tasks/main.yml deleted file mode 100644 index a124cb30..00000000 --- a/roles/yunohost_app_install/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- import_tasks: install.yml - when: app_run in ['install', 'reinstall'] - -- import_tasks: upgrade.yml - when: app_run == 'upgrade' - -- import_tasks: uninstall.yml - when: app_run == 'uninstall' \ No newline at end of file diff --git a/roles/yunohost_app_install/tasks/uninstall.yml b/roles/yunohost_app_install/tasks/uninstall.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/yunohost_app_install/tasks/upgrade.yml b/roles/yunohost_app_install/tasks/upgrade.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/yunohost_app_install/tests/inventory b/roles/yunohost_app_install/tests/inventory deleted file mode 100644 index 878877b0..00000000 --- a/roles/yunohost_app_install/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/roles/yunohost_app_install/tests/test.yml b/roles/yunohost_app_install/tests/test.yml deleted file mode 100644 index 84b994f4..00000000 --- a/roles/yunohost_app_install/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - yunohost_app_install diff --git a/roles/yunohost_app_install/vars/main.yml b/roles/yunohost_app_install/vars/main.yml deleted file mode 100644 index 5c206c3f..00000000 --- a/roles/yunohost_app_install/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for yunohost_app_install -- GitLab