adding more flexibility on passwords and cleaning up tags and become

35b3b3e5 · popi · bf2b93b3 · 35b3b3e5 · 35b3b3e5 · 35b3b3e5
Commit 35b3b3e5 authored Sep 11, 2018 by popi
5 changed files
--- a/roles/nodejs/tasks/main.yml
+++ b/roles/nodejs/tasks/main.yml
@@ -2,7 +2,6 @@
 # tasks file for nodejs_debian

 - name: download nodeJS 8
-  become: true
  become_user: "{{ app_user }}"
  shell: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
  changed_when: False

--- a/roles/peertube/defaults/main.yml
+++ b/roles/peertube/defaults/main.yml
 ---
 # defaults file for peertube

-## SMTP optional variables
+## SMTP optional variables. If unset, PeerTube will not be able to send
+## email notifications.
 #smtp:
 #  smtp_hostname: null
 #  smtp_port: 465 
@@ -10,3 +11,13 @@
 #  smtp_tls: true
 #  smtp_ca_file: null
 #  smtp_email_admin: admin@example.com
+
+## For serious handling of passwords, you should use ansible-vault
+## If not defined, a random password will be generated and set up in 
+# ./pgsql.credentials
+#postgresql_password: "super-secret"
+
+## PeerTube OS user password
+## If not defined, a random password will be generated and set up in 
+# ./peertube.credentials
+#peertube_password: "top-secret"
--- a/roles/peertube/tasks/config.yml
+++ b/roles/peertube/tasks/config.yml
 ---

-#- name: set up main config file
-#  tags: config
-#  blockinfile:
-#    marker: '# ANSIBLE {mark} FQDN'
-#    block: |
-      
 - name: set up main config file
-  tags: config
  template:
    src: production.j2
    dest: /var/www/peertube/config/production.yaml
@@ -16,7 +9,6 @@
    mode: 0600

 - name: set up nginx config file (behind reverse proxy)
-  tags: config
  template:
    src: nginx-behind-reverse.j2
    dest:  /etc/nginx/sites-available/peertube
@@ -25,7 +17,6 @@
    mode: 0644

 - name: create symbolic link to sites-enable for nginx config file
-  tags: config
  file:
    state: link
    src: /etc/nginx/sites-available/peertube
@@ -33,7 +24,6 @@
  notify: reload nginx
    
 - name: set up systemd service unit for peertube
-  tags: config
  copy:
    remote_src: yes
    src: /var/www/peertube/peertube-latest/support/systemd/peertube.service
@@ -44,7 +34,6 @@
  notify: reload systemd

 - name: set up service unit peertube on startup
-  tags: config
  systemd:
    enabled: yes
    name: peertube
@@ -59,6 +48,6 @@
        $ sudo journalctl -feu peertube

        Once the testing period is over and all is well, consider lowering log level to warning.
-  tags: config, info
+  tags: info
  
 ...
--- a/roles/peertube/tasks/install.yml
+++ b/roles/peertube/tasks/install.yml
@@ -2,7 +2,6 @@
 # tasks file for peertube

 - name: install packages
-  tags: install
  apt:
    name: "{{ item }}"
    state: present
@@ -13,32 +12,28 @@
    - vim

 - name: create app user {{ app_user }}
-  tags: install
  user: 
    name: "{{ app_user }}"
    comment: "For app {{ app_user }}"
    groups: sudo
-    password: "{{lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % '{{ app_user }}' )}}"
+    password: "{{ peertube_password | default(lookup('password', './%s.credentials.txt chars=ascii_letters,digits' % '{{ app_user }}' ))}}"
    update_password: on_create
    home: /var/www/peertube
    createhome: yes
    shell: /bin/bash

 - name: install nodeJS for Debian
-  tags: install
  import_role:      
    name: nodejs
  vars: 
    nodejs_user: "{{ app_user }}"

 - name: install yarn gpg key for repository
-  tags: install
  apt_key:
    url: "https://dl.yarnpkg.com/debian/pubkey.gpg"
    state: present

 - name: set up yarn repository
-  tags: install
  lineinfile:
    line: "deb https://dl.yarnpkg.com/debian/ stable main" 
    regexp: '^deb https://dl.yarnpkg.com'
@@ -49,14 +44,12 @@
    create: yes

 - name: install yarn package
-  tags: install
  apt:
    update_cache: yes
    name: yarn
    state: present

 - name: install remaining packages
-  tags: install
  apt:
    name: "{{ item }}"
    state: present
@@ -73,7 +66,6 @@
    - python-psycopg2
 
 - name: request ffmpeg and g++ versions
-  tags: install
  shell: "ffmpeg -version && g++ -v 2>&1"
  register: pkg_version
  changed_when: False
@@ -81,33 +73,28 @@
 - name: check (DO CHECK) versions installed are recent enough
  debug:
    msg: "ffmpeg should be >= 3.x \n g++ should be >- 5.x"
-  tags: install

 - name: display ffmpeg and g++ versions
  debug: var=pkg_version.stdout_lines
-  tags: install

 - name: set up postgres DB
-  tags: install, pg
-  become: true
+  tags: pg
  become_user: postgres
  postgresql_db:
    name: peertube_prod
    login_user: postgres

 - name: set up postgres User
-  tags: install, pg
-  become: true
+  tags: pg
  become_user: postgres
  postgresql_user:
    name: peertube
-    password: "{{ lookup('password', '~/%s.credentials.txt chars=ascii_letters,digits' % 'pgsql_user' )}}"
+    password: "{{ postgresql_password | default(lookup('password', './%s.credentials.txt chars=ascii_letters,digits' % 'pgsql')) }}"
    db: peertube_prod
    login_user: postgres

 - name: set up pgsql extensions
-  tags: install, pg
-  become: true
+  tags: pg
  become_user: postgres
  postgresql_ext:
    db: peertube_prod
@@ -118,7 +105,6 @@
    - unaccent

 - name: create required directories
-  tags: install
  file:
    state: directory
    path: /var/www/peertube/{{ item }}
@@ -130,19 +116,19 @@
    - versions

 - name: determine latest version
-  tags: install, unzip
+  tags: unzip
  shell: curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4
  register: last_version
  changed_when: False

 - name: set version variable
-  tags: install, unzip
+  tags: unzip
  set_fact:
    peer_version: "{{ custom_version | default(last_version.stdout) }}"

 ## As per install doc, we have to use some gymnastic with zip file
 - name: download and extract archive
-  tags: install, unzip
+  tags: unzip
  unarchive:
    creates: /var/www/peertube/versions/peertube-{{ peer_version }}
    dest: /var/www/peertube/versions/
@@ -153,8 +139,6 @@
    
 ## Not working, as the zip file adds some required 'dist' folders that are missing in tag
 #- name: git clone latest version of peertube
-#  tags: install#
-#  become: true
 #  become_user: "{{ app_user }}"
 #  git:
 #    clone: yes
@@ -163,14 +147,12 @@
 #    version: "{{ peer_version }}"

 - name: create link to latest
-  tags: install
  file:
    state: link
    src: /var/www/peertube/versions/peertube-{{ peer_version }}
    dest: /var/www/peertube/peertube-latest

 - name: ensure all belongs to {{ app_user }}
-  tags: install
  file:
    state: directory 
    recurse: yes
@@ -180,10 +162,7 @@
    path: /var/www/peertube/peertube-latest

 - name: install peertube
-  tags: install
-  become: true
-  become_user: "{{ app_user }}"
-  shell: cd /var/www/peertube/peertube-latest && yarn install --production --pure-lockfile
+  shell: cd /var/www/peertube/peertube-latest && sudo -u {{ app_user }} yarn install --production --pure-lockfile
  changed_when: False

 - name: Installation is finished, configuration is left to the user
@@ -194,5 +173,5 @@
        Please not that 'certbot' was NOT installed (not required if you are using a reverse proxy for your web apps).

        Next is to set up a minimum working configuration..."
-  tags: install, info
+  tags: info
 ...
--- a/roles/peertube/tasks/main.yml
+++ b/roles/peertube/tasks/main.yml
 ---

 - import_tasks: install.yml
+  tags: install
 - import_tasks: config.yml
+  tags: config

 ...