From b49bd3620b18da6e087467c9911cae9a55daf47c Mon Sep 17 00:00:00 2001 From: Hadrien Patte Date: Sun, 3 Mar 2019 19:06:33 +0100 Subject: [PATCH 01/22] Feat: add ansible-lint to the CI pipeline Signed-off-by: Hadrien Patte --- .gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4cf864e..5af274e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,14 @@ --- image: quay.io/ansible/molecule:2.19 +stages: + - lint + yamllint: + stage: lint script: yamllint -c .yamllint.yml . + +ansible-lint: + stage: lint + script: ansible-lint *.yml ... From 5c5195cc2ca8a44633c3913c3a643019997fb35a Mon Sep 17 00:00:00 2001 From: Hadrien Patte Date: Sun, 3 Mar 2019 19:13:22 +0100 Subject: [PATCH 02/22] Fix: use systemd instead of command module Signed-off-by: Hadrien Patte --- roles/codimd/handlers/main.yml | 3 ++- roles/etherpad/handlers/main.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/codimd/handlers/main.yml b/roles/codimd/handlers/main.yml index 4dccff2..ffb2bfc 100644 --- a/roles/codimd/handlers/main.yml +++ b/roles/codimd/handlers/main.yml @@ -9,4 +9,5 @@ # Reload systemd daemons when a service file changes - name: Reload systemd daemons - command: systemctl daemon-reload + systemd: + daemon_reload: true diff --git a/roles/etherpad/handlers/main.yml b/roles/etherpad/handlers/main.yml index ac3842d..46a7fd8 100644 --- a/roles/etherpad/handlers/main.yml +++ b/roles/etherpad/handlers/main.yml @@ -1,4 +1,5 @@ --- # Reload systemd daemons when a service file changes - name: Reload systemd daemons - command: systemctl daemon-reload + systemd: + daemon_reload: true From 4555ca782b46ce04301a9e7d629f8176867cf78f Mon Sep 17 00:00:00 2001 From: Hadrien Patte Date: Sun, 3 Mar 2019 19:15:15 +0100 Subject: [PATCH 03/22] Feat: update ansible-lint to version 4.0.0 Signed-off-by: Hadrien Patte --- .gitlab-ci.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5af274e..e11bdbf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,14 +1,18 @@ --- -image: quay.io/ansible/molecule:2.19 +image: python:3.6 stages: - lint yamllint: stage: lint - script: yamllint -c .yamllint.yml . + script: + - pip install yamllint==1.15.0 + - yamllint -c .yamllint.yml . ansible-lint: stage: lint - script: ansible-lint *.yml + script: + - pip install ansible-lint==4.0.0 + - ansible-lint *.yml ... From b55a2ee047d19985d8fb78f710fa052c9de23ce3 Mon Sep 17 00:00:00 2001 From: Hadrien Patte Date: Sun, 3 Mar 2019 19:28:57 +0100 Subject: [PATCH 04/22] Fix: add a retry statement to remote package tasks Signed-off-by: Hadrien Patte --- roles/baseconfig/tasks/apt-listchanges.yml | 3 +++ roles/baseconfig/tasks/main.yml | 3 +++ roles/baseconfig/tasks/molly-guard.yml | 3 +++ roles/codimd/tasks/0_apt_dependencies.yml | 3 +++ roles/dokuwiki/tasks/main.yml | 3 +++ roles/etherpad/tasks/0_apt_dependencies.yml | 3 +++ roles/ldap-client/tasks/0_install_ldap.yml | 3 +++ roles/ldap-client/tasks/1_group_security.yml | 3 +++ roles/ldap-replica/tasks/main.yml | 3 +++ roles/matrix-mxisd/tasks/main.yml | 3 +++ roles/matrix-riot/tasks/main.yml | 12 ++++++++++++ roles/matrix-synapse/tasks/main.yml | 3 +++ roles/nginx-reverse-proxy/tasks/main.yml | 3 +++ upgrade.yml | 3 +++ 14 files changed, 51 insertions(+) diff --git a/roles/baseconfig/tasks/apt-listchanges.yml b/roles/baseconfig/tasks/apt-listchanges.yml index 56925b2..ddfebb7 100644 --- a/roles/baseconfig/tasks/apt-listchanges.yml +++ b/roles/baseconfig/tasks/apt-listchanges.yml @@ -6,6 +6,9 @@ name: apt-listchanges state: present update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Send email when there is something new - name: Configure apt-listchanges diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 27fbd03..807c20d 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -19,6 +19,9 @@ - tree # create a graphical tree of files - ipython # better Python shell - acl # for Ansible become support + register: apt_result + retries: 3 + until: apt_result is succeeded # Pimp my server - name: Customize motd diff --git a/roles/baseconfig/tasks/molly-guard.yml b/roles/baseconfig/tasks/molly-guard.yml index bee8e12..b444b73 100644 --- a/roles/baseconfig/tasks/molly-guard.yml +++ b/roles/baseconfig/tasks/molly-guard.yml @@ -6,6 +6,9 @@ name: molly-guard state: present update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Always ask for hostname - name: Configure molly-guard diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index 158c59e..95dec86 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -21,3 +21,6 @@ - npm - build-essential - zlib1g-dev # uws module + register: apt_result + retries: 3 + until: apt_result is succeeded diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 0da632d..4e1722f 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -24,3 +24,6 @@ apt: name: dokuwiki update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded diff --git a/roles/etherpad/tasks/0_apt_dependencies.yml b/roles/etherpad/tasks/0_apt_dependencies.yml index 4c8d341..c5995f1 100644 --- a/roles/etherpad/tasks/0_apt_dependencies.yml +++ b/roles/etherpad/tasks/0_apt_dependencies.yml @@ -21,3 +21,6 @@ - git - nodejs - npm + register: apt_result + retries: 3 + until: apt_result is succeeded diff --git a/roles/ldap-client/tasks/0_install_ldap.yml b/roles/ldap-client/tasks/0_install_ldap.yml index 79ceb18..16552a0 100644 --- a/roles/ldap-client/tasks/0_install_ldap.yml +++ b/roles/ldap-client/tasks/0_install_ldap.yml @@ -9,6 +9,9 @@ - nslcd - libnss-ldapd - libpam-ldapd + register: apt_result + retries: 3 + until: apt_result is succeeded # Reduce LDAP load # For the moment it is broken on Stretch when using PHP7.3 diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml index 40435d6..c40b466 100644 --- a/roles/ldap-client/tasks/1_group_security.yml +++ b/roles/ldap-client/tasks/1_group_security.yml @@ -11,6 +11,9 @@ package: name: sudo state: present + register: package_result + retries: 3 + until: package_result is succeeded # Set sudo group - name: Configure sudoers diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml index 5face6d..4ad968e 100644 --- a/roles/ldap-replica/tasks/main.yml +++ b/roles/ldap-replica/tasks/main.yml @@ -5,6 +5,9 @@ name: slapd state: present update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # What is written after is really not a nice way to install a schema # because the LDAP is being flushed away always... diff --git a/roles/matrix-mxisd/tasks/main.yml b/roles/matrix-mxisd/tasks/main.yml index d58dc22..fae2a84 100644 --- a/roles/matrix-mxisd/tasks/main.yml +++ b/roles/matrix-mxisd/tasks/main.yml @@ -2,6 +2,9 @@ - name: Install mxisd apt: deb: https://github.com/kamax-matrix/mxisd/releases/download/v{{ mxisd_version }}/mxisd_{{ mxisd_version }}_all.deb + register: apt_result + retries: 3 + until: apt_result is succeeded - name: Configure mxisd template: diff --git a/roles/matrix-riot/tasks/main.yml b/roles/matrix-riot/tasks/main.yml index 007a449..04be56f 100644 --- a/roles/matrix-riot/tasks/main.yml +++ b/roles/matrix-riot/tasks/main.yml @@ -4,6 +4,9 @@ apt: name: apt-transport-https update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Add the repository into source list - name: Configure riot repository @@ -15,17 +18,26 @@ apt_key: url: https://riot.im/packages/debian/repo-key.asc id: E019645248E8F4A1 + register: apt_key_result + retries: 3 + until: apt_key_result is succeeded # Install riot - name: Install riot-web apt: name: riot-web update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Install nginx - name: Install nginx apt: name: nginx + register: apt_result + retries: 3 + until: apt_result is succeeded # Configure nginx - name: Configure nginx diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 06e44bc..565bc80 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -4,6 +4,9 @@ name: matrix-synapse update_cache: true default_release: stretch-backports + register: apt_result + retries: 3 + until: apt_result is succeeded - name: Configure matrix-synapse template: diff --git a/roles/nginx-reverse-proxy/tasks/main.yml b/roles/nginx-reverse-proxy/tasks/main.yml index d7a93ee..9ecd403 100644 --- a/roles/nginx-reverse-proxy/tasks/main.yml +++ b/roles/nginx-reverse-proxy/tasks/main.yml @@ -4,6 +4,9 @@ apt: name: nginx update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Install sites - name: Configure NGINX sites diff --git a/upgrade.yml b/upgrade.yml index f5fbbef..7b28ebe 100644 --- a/upgrade.yml +++ b/upgrade.yml @@ -9,3 +9,6 @@ upgrade: dist update_cache: true cache_valid_time: 86400 # one day + register: apt_result + retries: 3 + until: apt_result is succeeded From 563d9658ed9901e18e183b09bcf7481dafd5d43d Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 15:10:17 +0100 Subject: [PATCH 05/22] Add newline at end of 0_apt_dependencies.yml in CodiMD role --- roles/codimd/tasks/0_apt_dependencies.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index c3a45a9..0bf26ad 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -28,4 +28,5 @@ register: apt_result retries: 3 until: apt_result is succeeded - - yarn \ No newline at end of file + - yarn + From f347daa40830f06e5b0641c3dbf4b6fa3963c897 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 15:12:58 +0100 Subject: [PATCH 06/22] Use systemd module rather than command --- roles/matrix-appservice-discord/handlers/main.yml | 3 ++- roles/matrix-appservice-irc/handlers/main.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-appservice-discord/handlers/main.yml b/roles/matrix-appservice-discord/handlers/main.yml index ac3842d..46a7fd8 100644 --- a/roles/matrix-appservice-discord/handlers/main.yml +++ b/roles/matrix-appservice-discord/handlers/main.yml @@ -1,4 +1,5 @@ --- # Reload systemd daemons when a service file changes - name: Reload systemd daemons - command: systemctl daemon-reload + systemd: + daemon_reload: true diff --git a/roles/matrix-appservice-irc/handlers/main.yml b/roles/matrix-appservice-irc/handlers/main.yml index ac3842d..46a7fd8 100644 --- a/roles/matrix-appservice-irc/handlers/main.yml +++ b/roles/matrix-appservice-irc/handlers/main.yml @@ -1,4 +1,5 @@ --- # Reload systemd daemons when a service file changes - name: Reload systemd daemons - command: systemctl daemon-reload + systemd: + daemon_reload: true From 1274ec4be4d16717e2d4e71fa166363ed93652ed Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 15:30:49 +0100 Subject: [PATCH 07/22] Fix last line of CodiMD apt dep --- roles/codimd/tasks/0_apt_dependencies.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index 0bf26ad..cbf03cb 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -29,4 +29,3 @@ retries: 3 until: apt_result is succeeded - yarn - From 4ebaa4f36f2a7d6b9f84b1b9e192e082f6d06e60 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 15:39:11 +0100 Subject: [PATCH 08/22] Add retries to APT modules in Matrix Appservices --- roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml | 3 +++ roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml b/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml index 40fbbce..04288e5 100644 --- a/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml +++ b/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml @@ -18,3 +18,6 @@ - nodejs - npm - build-essential + register: apt_result + retries: 3 + until: apt_result is succeeded diff --git a/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml b/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml index 40fbbce..04288e5 100644 --- a/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml +++ b/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml @@ -18,3 +18,6 @@ - nodejs - npm - build-essential + register: apt_result + retries: 3 + until: apt_result is succeeded From af81b41e83a2c837c18b82ba904dde2c2e72e199 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 17:44:42 +0100 Subject: [PATCH 09/22] Use NPM module for matrix-appservice-irc --- roles/codimd/tasks/main.yml | 2 +- roles/matrix-appservice-discord/tasks/main.yml | 2 +- roles/matrix-appservice-irc/tasks/main.yml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml index 4e80f3c..0e7e49f 100644 --- a/roles/codimd/tasks/main.yml +++ b/roles/codimd/tasks/main.yml @@ -16,7 +16,7 @@ notify: Build front-end for CodiMD # Setup dependencies and configs -- name: Install CodiMD depedencies +- name: Install CodiMD dependencies command: NODE_ENV="production" bin/setup args: chdir: /var/local/codimd/codimd diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml index a625a00..e3ed0b1 100644 --- a/roles/matrix-appservice-discord/tasks/main.yml +++ b/roles/matrix-appservice-discord/tasks/main.yml @@ -15,7 +15,7 @@ become_user: matrix-appservice-discord # Setup dependencies -- name: Install matrix-appservice-discord depedencies +- name: Install matrix-appservice-discord dependencies command: npm ci args: chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml index 0f03d5b..298efa4 100644 --- a/roles/matrix-appservice-irc/tasks/main.yml +++ b/roles/matrix-appservice-irc/tasks/main.yml @@ -14,10 +14,10 @@ become_user: matrix-appservice-irc # Setup dependencies -- name: Install matrix-appservice-irc depedencies - command: npm install - args: - chdir: /var/local/matrix-appservice-irc/matrix-appservice-irc +- name: Install matrix-appservice-irc dependencies + npm: + path: /var/local/matrix-appservice-irc/matrix-appservice-irc + production: true become: true become_user: matrix-appservice-irc From b56ae303356a8ce21aa7aad7ba36896fdb8613cd Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 17:49:48 +0100 Subject: [PATCH 10/22] Use YARN module from Ansible 2.7 --- README.md | 7 +++++++ roles/codimd/tasks/main.yml | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d91d960..56689f6 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,12 @@ # Playbook et rôles Ansible d'Aurore +Ces politiques de déployement nécessite Ansible 2.7 ou plus récent. +Le paquet dans Debian Buster est suffisamment à jour, sinon vous pouvez l'obtenir de la façon suivante : + +```bash +pip3 install --user ansible +``` + ## Exécution d'un playbook Pour appliquer le playbook `base.yml` : diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml index 0e7e49f..7ea0069 100644 --- a/roles/codimd/tasks/main.yml +++ b/roles/codimd/tasks/main.yml @@ -17,9 +17,9 @@ # Setup dependencies and configs - name: Install CodiMD dependencies - command: NODE_ENV="production" bin/setup - args: - chdir: /var/local/codimd/codimd + yarn: + path: /var/local/codimd/codimd + production: true become: true become_user: codimd From 53b67acb07165f64e4ec0bbe539b40f2d6a9376a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 17:53:12 +0100 Subject: [PATCH 11/22] Fix a error due to previous merge --- roles/codimd/tasks/0_apt_dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index cbf03cb..2b73378 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -25,7 +25,7 @@ - nodejs - npm - build-essential + - yarn register: apt_result retries: 3 until: apt_result is succeeded - - yarn From 84263d7712803522b1eeab29bbe28f5d7f8b7aa0 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 18:02:29 +0100 Subject: [PATCH 12/22] Do not use depreciated loop with APT --- roles/baseconfig/tasks/main.yml | 7 ++----- roles/codimd/tasks/0_apt_dependencies.yml | 14 ++++++-------- roles/etherpad/tasks/0_apt_dependencies.yml | 14 ++++++-------- roles/ldap-client/tasks/0_install_ldap.yml | 10 ++++------ .../tasks/0_apt_dependencies.yml | 12 +++++------- .../tasks/0_apt_dependencies.yml | 12 +++++------- 6 files changed, 28 insertions(+), 41 deletions(-) diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index 807c20d..447b046 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -3,11 +3,7 @@ - name: Install basic tools when: ansible_os_family == "Debian" apt: - name: "{{ packages }}" - state: present - update_cache: true - vars: - packages: + name: - bash-completion # for bash users - zsh # alternative shell - sudo # to gain root access @@ -19,6 +15,7 @@ - tree # create a graphical tree of files - ipython # better Python shell - acl # for Ansible become support + update_cache: true register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index 2b73378..3e30b80 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -17,15 +17,13 @@ # Install CodiMD dependencies - name: Install required packages apt: - name: "{{ item }}" - state: present + name: + - git + - nodejs + - npm + - build-essential + - yarn update_cache: true - with_items: - - git - - nodejs - - npm - - build-essential - - yarn register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/etherpad/tasks/0_apt_dependencies.yml b/roles/etherpad/tasks/0_apt_dependencies.yml index c5995f1..e36321b 100644 --- a/roles/etherpad/tasks/0_apt_dependencies.yml +++ b/roles/etherpad/tasks/0_apt_dependencies.yml @@ -12,15 +12,13 @@ # Install EtherPad dependencies - name: Install required packages apt: - name: "{{ item }}" - state: present + name: + - build-essential + - curl + - git + - nodejs + - npm update_cache: true - with_items: - - build-essential - - curl - - git - - nodejs - - npm register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/ldap-client/tasks/0_install_ldap.yml b/roles/ldap-client/tasks/0_install_ldap.yml index 16552a0..5905d4a 100644 --- a/roles/ldap-client/tasks/0_install_ldap.yml +++ b/roles/ldap-client/tasks/0_install_ldap.yml @@ -2,13 +2,11 @@ # Install LDAP client packages - name: Install LDAP client packages apt: - name: "{{ item }}" - state: present + name: + - nslcd + - libnss-ldapd + - libpam-ldapd update_cache: true - with_items: - - nslcd - - libnss-ldapd - - libpam-ldapd register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml b/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml index 04288e5..d61dd10 100644 --- a/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml +++ b/roles/matrix-appservice-discord/tasks/0_apt_dependencies.yml @@ -10,14 +10,12 @@ - name: Install required packages apt: - name: "{{ item }}" - state: present + name: + - git + - nodejs + - npm + - build-essential update_cache: true - with_items: - - git - - nodejs - - npm - - build-essential register: apt_result retries: 3 until: apt_result is succeeded diff --git a/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml b/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml index 04288e5..d61dd10 100644 --- a/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml +++ b/roles/matrix-appservice-irc/tasks/0_apt_dependencies.yml @@ -10,14 +10,12 @@ - name: Install required packages apt: - name: "{{ item }}" - state: present + name: + - git + - nodejs + - npm + - build-essential update_cache: true - with_items: - - git - - nodejs - - npm - - build-essential register: apt_result retries: 3 until: apt_result is succeeded From b9d5601e368ac721814d7e314abe457d0517fb0f Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 18:10:35 +0100 Subject: [PATCH 13/22] Remove useless PRODUCTION var for webpack CodiMD --- roles/codimd/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/codimd/handlers/main.yml b/roles/codimd/handlers/main.yml index 0f565f3..08525df 100644 --- a/roles/codimd/handlers/main.yml +++ b/roles/codimd/handlers/main.yml @@ -2,7 +2,7 @@ # Build front-end bundle # This can take very long and requires > 2GB of RAM - name: Build front-end for CodiMD - command: NODE_ENV="production" yarn run build + command: yarn run build args: chdir: /var/local/codimd/codimd become: true From 4b5631e60b2110e8a08030ddc22afd3d105cb8a1 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 18:12:55 +0100 Subject: [PATCH 14/22] Retry 3 times npm and yarn --- roles/codimd/tasks/main.yml | 3 +++ roles/matrix-appservice-irc/tasks/main.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml index 7ea0069..f3b349f 100644 --- a/roles/codimd/tasks/main.yml +++ b/roles/codimd/tasks/main.yml @@ -22,6 +22,9 @@ production: true become: true become_user: codimd + register: yarn_result + retries: 3 + until: yarn_result is succeeded # Connection to database - name: Connect CodiMD to PostgreSQL db diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml index 298efa4..4025fc7 100644 --- a/roles/matrix-appservice-irc/tasks/main.yml +++ b/roles/matrix-appservice-irc/tasks/main.yml @@ -20,6 +20,9 @@ production: true become: true become_user: matrix-appservice-irc + register: npm_result + retries: 3 + until: npm_result is succeeded # Configure - name: Configure matrix-appservice-irc From 16ca4956dce7e0e165e78754f85c84c97acc7bd9 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 11 Mar 2019 18:15:17 +0100 Subject: [PATCH 15/22] Make EtherPad default text shorter --- roles/etherpad/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml index a6dea45..dae8ab9 100644 --- a/roles/etherpad/tasks/main.yml +++ b/roles/etherpad/tasks/main.yml @@ -32,7 +32,7 @@ with_dict: title: " \"title\": \"Etherpad Aurore\"," dbType: " \"dbType\" : \"postgres\"," - defaultPadText: " \"defaultPadText\" : \"Bienvenue sur l'EtherPad d'Aurore !\\n\\nCe pad est synchronisé avec les autres utilisateur·rice·s présent·e·s sur cette page.\\n\"," + defaultPadText: " \"defaultPadText\" : \"Bienvenue sur l'EtherPad d'Aurore !\\n\\nCe pad est public.\\n\"," lang: " \"lang\": \"fr-fr\"" # Service file From dd19efaecd9bd7cbae248e9fa6b42c310ec19c0a Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 07:47:07 +0100 Subject: [PATCH 16/22] Do not download rest_auth_provider.py --- matrix.yml | 1 - .../files/rest_auth_provider.py | 178 ++++++++++++++++++ roles/matrix-synapse/tasks/main.yml | 4 +- 3 files changed, 180 insertions(+), 3 deletions(-) create mode 100644 roles/matrix-synapse/files/rest_auth_provider.py diff --git a/matrix.yml b/matrix.yml index 971ceab..797215b 100644 --- a/matrix.yml +++ b/matrix.yml @@ -3,7 +3,6 @@ - hosts: synapse.adm.auro.re vars: mxisd_version: 1.3.1 - synapse_rest_auth_url: https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py roles: - debian-backports - matrix-synapse diff --git a/roles/matrix-synapse/files/rest_auth_provider.py b/roles/matrix-synapse/files/rest_auth_provider.py new file mode 100644 index 0000000..1d582d9 --- /dev/null +++ b/roles/matrix-synapse/files/rest_auth_provider.py @@ -0,0 +1,178 @@ +# -*- coding: utf-8 -*- +# +# REST endpoint Authentication module for Matrix synapse +# Copyright (C) 2017 Maxime Dor +# +# https://max.kamax.io/ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# + +import logging +from twisted.internet import defer +import requests +import json + +logger = logging.getLogger(__name__) + +class RestAuthProvider(object): + + def __init__(self, config, account_handler): + self.account_handler = account_handler + + if not config.endpoint: + raise RuntimeError('Missing endpoint config') + + self.endpoint = config.endpoint + self.regLower = config.regLower + self.config = config + + logger.info('Endpoint: %s', self.endpoint) + logger.info('Enforce lowercase username during registration: %s', self.regLower) + + @defer.inlineCallbacks + def check_password(self, user_id, password): + logger.info("Got password check for " + user_id) + data = {'user':{'id':user_id, 'password':password}} + r = requests.post(self.endpoint + '/_matrix-internal/identity/v1/check_credentials', json = data) + r.raise_for_status() + r = r.json() + if not r["auth"]: + reason = "Invalid JSON data returned from REST endpoint" + logger.warning(reason) + raise RuntimeError(reason) + + auth = r["auth"] + if not auth["success"]: + logger.info("User not authenticated") + defer.returnValue(False) + + localpart = user_id.split(":", 1)[0][1:] + logger.info("User %s authenticated", user_id) + + registration = False + if not (yield self.account_handler.check_user_exists(user_id)): + logger.info("User %s does not exist yet, creating...", user_id) + + if localpart != localpart.lower() and self.regLower: + logger.info('User %s was cannot be created due to username lowercase policy', localpart) + defer.returnValue(False) + + user_id, access_token = (yield self.account_handler.register(localpart=localpart)) + registration = True + logger.info("Registration based on REST data was successful for %s", user_id) + else: + logger.info("User %s already exists, registration skipped", user_id) + + if auth["profile"]: + logger.info("Handling profile data") + profile = auth["profile"] + + store = yield self.account_handler.hs.get_profile_handler().store + if "display_name" in profile and ((registration and self.config.setNameOnRegister) or (self.config.setNameOnLogin)): + display_name = profile["display_name"] + logger.info("Setting display name to '%s' based on profile data", display_name) + yield store.set_profile_displayname(localpart, display_name) + else: + logger.info("Display name was not set because it was not given or policy restricted it") + + if (self.config.updateThreepid): + if "three_pids" in profile: + logger.info("Handling 3PIDs") + for threepid in profile["three_pids"]: + medium = threepid["medium"].lower() + address = threepid["address"].lower() + logger.info("Looking for 3PID %s:%s in user profile", medium, address) + + validated_at = self.account_handler.hs.get_clock().time_msec() + if not (yield store.get_user_id_by_threepid(medium, address)): + logger.info("3PID is not present, adding") + yield store.user_add_threepid( + user_id, + medium, + address, + validated_at, + validated_at + ) + else: + logger.info("3PID is present, skipping") + else: + logger.info("3PIDs were not updated due to policy") + else: + logger.info("No profile data") + + defer.returnValue(True) + + @staticmethod + def parse_config(config): + # verify config sanity + _require_keys(config, ["endpoint"]) + + class _RestConfig(object): + endpoint = '' + regLower = True + setNameOnRegister = True + setNameOnLogin = False + updateThreepid = True + + rest_config = _RestConfig() + rest_config.endpoint = config["endpoint"] + + try: + rest_config.regLower = config['policy']['registration']['username']['enforceLowercase'] + except TypeError: + # we don't care + pass + except KeyError: + # we don't care + pass + + try: + rest_config.setNameOnRegister = config['policy']['registration']['profile']['name'] + except TypeError: + # we don't care + pass + except KeyError: + # we don't care + pass + + try: + rest_config.setNameOnLogin = config['policy']['login']['profile']['name'] + except TypeError: + # we don't care + pass + except KeyError: + # we don't care + pass + + try: + rest_config.updateThreepid = config['policy']['all']['threepid']['update'] + except TypeError: + # we don't care + pass + except KeyError: + # we don't care + pass + + return rest_config + +def _require_keys(config, required): + missing = [key for key in required if key not in config] + if missing: + raise Exception( + "REST Auth enabled but missing required config values: {}".format( + ", ".join(missing) + ) + ) + diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 565bc80..196611f 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -25,8 +25,8 @@ notify: Restart matrix-synapse service - name: Install rest auth provider - get_url: - url: "{{ synapse_rest_auth_url }}" + copy: + src: rest_auth_provider.py dest: /usr/local/lib/python3.5/dist-packages/rest_auth_provider.py mode: 0755 notify: Restart matrix-synapse service From a8656251ab5649f6b1e01f59129964b4a6994a9c Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 07:48:09 +0100 Subject: [PATCH 17/22] Tab is useless in sudoers --- roles/ldap-client/tasks/1_group_security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap-client/tasks/1_group_security.yml index c40b466..13e3261 100644 --- a/roles/ldap-client/tasks/1_group_security.yml +++ b/roles/ldap-client/tasks/1_group_security.yml @@ -20,4 +20,4 @@ lineinfile: dest: /etc/sudoers regexp: "^%{{ sudo_group }}" - line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL" + line: "%{{ sudo_group }} ALL=(ALL:ALL) ALL" From 4a6da11837c923c8b5cdc233aed8e86434fd4901 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 16:34:35 +0100 Subject: [PATCH 18/22] Clean up EtherPad dep install --- roles/etherpad/tasks/main.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml index dae8ab9..62aa8d7 100644 --- a/roles/etherpad/tasks/main.yml +++ b/roles/etherpad/tasks/main.yml @@ -10,16 +10,32 @@ git: repo: https://github.com/ether/etherpad-lite.git dest: /var/local/etherpad/etherpad-lite - version: master + version: 1.7.5 become: true become_user: etherpad -# Installation script -# TODO: move this in a handler +# Installation script bin/installDeps.sh (1) +- name: Create node_modules directory + file: + path: /var/local/etherpad/etherpad-lite/node_modules + state: directory + become: true + become_user: etherpad + +# Installation script bin/installDeps.sh (2) +- name: Create symbolic link to EtherPad src + file: + src: /var/local/etherpad/etherpad-lite/src + dest: /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite + state: link + become: true + become_user: etherpad + +# Installation script bin/installDeps.sh (3) +# TODO --no-save - name: Install Etherpad dependencies - command: bin/installDeps.sh - args: - chdir: /var/local/etherpad/etherpad-lite + npm: + path: /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite become: true become_user: etherpad From cc489907984b8fee1ecf4b75c2d8ebcd889f4912 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 16:51:27 +0100 Subject: [PATCH 19/22] Use NPM module in matrix-appservice-discord --- roles/matrix-appservice-discord/tasks/main.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml index e3ed0b1..a43642b 100644 --- a/roles/matrix-appservice-discord/tasks/main.yml +++ b/roles/matrix-appservice-discord/tasks/main.yml @@ -15,18 +15,20 @@ become_user: matrix-appservice-discord # Setup dependencies +# May create issues with package-lock.json not in gitignore - name: Install matrix-appservice-discord dependencies - command: npm ci - args: - chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord + npm: + path: /var/local/matrix-appservice-discord/matrix-appservice-discord become: true become_user: matrix-appservice-discord # Typescript into javascript - name: Compile matrix-appservice-discord - command: npm run build + command: ./node_modules/.bin/tsc args: chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord + register: npm_build_result + changed_when: npm_build_result become: true become_user: matrix-appservice-discord From 431b063db7a27c8668027f99e6e23789dd1e2272 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 16:56:01 +0100 Subject: [PATCH 20/22] Maybe last fix for the CI --- roles/etherpad/tasks/main.yml | 9 ++++++--- roles/matrix-appservice-discord/tasks/main.yml | 3 +++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml index 62aa8d7..1e36ffe 100644 --- a/roles/etherpad/tasks/main.yml +++ b/roles/etherpad/tasks/main.yml @@ -25,9 +25,9 @@ # Installation script bin/installDeps.sh (2) - name: Create symbolic link to EtherPad src file: - src: /var/local/etherpad/etherpad-lite/src - dest: /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite - state: link + src: /var/local/etherpad/etherpad-lite/src + dest: /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite + state: link become: true become_user: etherpad @@ -38,6 +38,9 @@ path: /var/local/etherpad/etherpad-lite/node_modules/ep_etherpad-lite become: true become_user: etherpad + register: npm_result + retries: 3 + until: npm_result is succeeded # Configuration - name: Configure EtherPad diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml index a43642b..4461fe3 100644 --- a/roles/matrix-appservice-discord/tasks/main.yml +++ b/roles/matrix-appservice-discord/tasks/main.yml @@ -21,6 +21,9 @@ path: /var/local/matrix-appservice-discord/matrix-appservice-discord become: true become_user: matrix-appservice-discord + register: npm_result + retries: 3 + until: npm_result is succeeded # Typescript into javascript - name: Compile matrix-appservice-discord From 5dfd8eacc546a09322ac6928b1c3218b039e7c31 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 17:04:06 +0100 Subject: [PATCH 21/22] Replace 'yes' by 'true' --- roles/basesecurity/tasks/main.yml | 2 +- roles/codimd/tasks/1_user_group.yml | 4 ++-- roles/etherpad/tasks/1_user_group.yml | 4 ++-- roles/ldap-replica/tasks/main.yml | 2 +- roles/matrix-appservice-discord/tasks/1_user_group.yml | 4 ++-- roles/matrix-appservice-irc/tasks/1_user_group.yml | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml index 6b0f596..d21ad5e 100644 --- a/roles/basesecurity/tasks/main.yml +++ b/roles/basesecurity/tasks/main.yml @@ -22,4 +22,4 @@ - /usr/bin/chfn # With re2o - /bin/mount # Only root should mount - /bin/umount # Only root should umount - ignore_errors: yes # Sometimes file won't exist + ignore_errors: true # Sometimes file won't exist diff --git a/roles/codimd/tasks/1_user_group.yml b/roles/codimd/tasks/1_user_group.yml index 4d79ee0..8acc968 100644 --- a/roles/codimd/tasks/1_user_group.yml +++ b/roles/codimd/tasks/1_user_group.yml @@ -3,7 +3,7 @@ - name: Create CodiMD system group group: name: codimd - system: yes + system: true state: present # Security #2 @@ -13,7 +13,7 @@ group: codimd home: /var/local/codimd comment: CodiMD - system: yes + system: true state: present # Security #3 diff --git a/roles/etherpad/tasks/1_user_group.yml b/roles/etherpad/tasks/1_user_group.yml index 8c8110c..01c74ff 100644 --- a/roles/etherpad/tasks/1_user_group.yml +++ b/roles/etherpad/tasks/1_user_group.yml @@ -3,7 +3,7 @@ - name: Create EtherPad system group group: name: etherpad - system: yes + system: true state: present # Security #2 @@ -13,7 +13,7 @@ group: etherpad home: /var/local/etherpad comment: EtherPad - system: yes + system: true state: present # Security #3 diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml index 4ad968e..45f99c5 100644 --- a/roles/ldap-replica/tasks/main.yml +++ b/roles/ldap-replica/tasks/main.yml @@ -51,7 +51,7 @@ path: "{{ item }}" owner: openldap group: openldap - recurse: yes + recurse: true with_items: - '/var/lib/ldap' - '/etc/ldap/slapd.d' diff --git a/roles/matrix-appservice-discord/tasks/1_user_group.yml b/roles/matrix-appservice-discord/tasks/1_user_group.yml index 2fe23be..42cac54 100644 --- a/roles/matrix-appservice-discord/tasks/1_user_group.yml +++ b/roles/matrix-appservice-discord/tasks/1_user_group.yml @@ -3,7 +3,7 @@ - name: Create matrix-appservice-discord system group group: name: matrix-appservice-discord - system: yes + system: true state: present # Security #2 @@ -13,7 +13,7 @@ group: matrix-appservice-discord home: /var/local/matrix-appservice-discord comment: Matrix Appservice Discord - system: yes + system: true state: present # Security #3 diff --git a/roles/matrix-appservice-irc/tasks/1_user_group.yml b/roles/matrix-appservice-irc/tasks/1_user_group.yml index 1c5d507..4c28899 100644 --- a/roles/matrix-appservice-irc/tasks/1_user_group.yml +++ b/roles/matrix-appservice-irc/tasks/1_user_group.yml @@ -3,7 +3,7 @@ - name: Create matrix-appservice-irc system group group: name: matrix-appservice-irc - system: yes + system: true state: present # Security #2 @@ -13,7 +13,7 @@ group: matrix-appservice-irc home: /var/local/matrix-appservice-irc comment: Matrix Appservice IRC - system: yes + system: true state: present # Security #3 From bc1459bc514218f7db59279e1564a5928356420d Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Tue, 12 Mar 2019 17:22:39 +0100 Subject: [PATCH 22/22] Fix various yamllint warnings --- matrix.yml | 3 ++- roles/codimd/tasks/0_apt_dependencies.yml | 24 +++++++++++++++++++---- roles/etherpad/tasks/main.yml | 8 +++----- roles/matrix-mxisd/tasks/main.yml | 2 +- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/matrix.yml b/matrix.yml index 797215b..56e2a51 100644 --- a/matrix.yml +++ b/matrix.yml @@ -2,7 +2,8 @@ # Install Matrix Synapse on corresponding containers - hosts: synapse.adm.auro.re vars: - mxisd_version: 1.3.1 + mxisd_releases: https://github.com/kamax-matrix/mxisd/releases + mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" roles: - debian-backports - matrix-synapse diff --git a/roles/codimd/tasks/0_apt_dependencies.yml b/roles/codimd/tasks/0_apt_dependencies.yml index 3e30b80..2f40e50 100644 --- a/roles/codimd/tasks/0_apt_dependencies.yml +++ b/roles/codimd/tasks/0_apt_dependencies.yml @@ -9,10 +9,26 @@ dest: /etc/apt/preferences.d/nodejs mode: 0644 -# TODO -# apt-transport-https -# curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - -# echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list +# For HTTPS apt +- name: Install HTTPS apt + apt: + name: apt-transport-https + update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure the apt key + apt_key: + url: https://dl.yarnpkg.com/debian/pubkey.gpg + id: 1646B01B86E50310 + register: apt_key_result + retries: 3 + until: apt_key_result is succeeded + +- name: Configure Yarn repository + apt_repository: + repo: "deb https://dl.yarnpkg.com/debian/ stable main" # Install CodiMD dependencies - name: Install required packages diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml index 1e36ffe..9ccadc2 100644 --- a/roles/etherpad/tasks/main.yml +++ b/roles/etherpad/tasks/main.yml @@ -69,10 +69,8 @@ service: name: etherpad-lite state: started - enabled: True - -# La configuration de la clé `dbSettings` n'est pas encore automatisé ! + enabled: true # TODO-list -# * Configure admin user, logs -# Plugins : https://framacloud.org/fr/cultiver-son-jardin/etherpad.html#concernant-framapad +# La configuration de la clé `dbSettings` n'est pas encore automatisé ! +# * Configure logs diff --git a/roles/matrix-mxisd/tasks/main.yml b/roles/matrix-mxisd/tasks/main.yml index fae2a84..422243f 100644 --- a/roles/matrix-mxisd/tasks/main.yml +++ b/roles/matrix-mxisd/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install mxisd apt: - deb: https://github.com/kamax-matrix/mxisd/releases/download/v{{ mxisd_version }}/mxisd_{{ mxisd_version }}_all.deb + deb: "{{ mxisd_deb }}" register: apt_result retries: 3 until: apt_result is succeeded