From 1a4ab527f4faf7d365b905d35005bf5765884b21 Mon Sep 17 00:00:00 2001 From: TeoV Date: Sun, 1 Sep 2019 14:26:57 +0300 Subject: [PATCH] Update ansible for packages to be executed as normal user( no need root to be configured for ssh) --- data/ansible/packages/distributions.conf.j2 | 22 +++++++++ data/ansible/packages/go.yaml | 28 ++++++++++++ data/ansible/packages/gpg-gen-key.yaml | 35 ++++++++++++--- data/ansible/packages/gpg.yaml | 5 ++- data/ansible/packages/main.yaml | 50 +++++++++++++++------ data/ansible/packages/nginx.yaml | 5 ++- data/ansible/packages/options.conf.j2 | 3 ++ data/ansible/packages/reprepro.yaml | 33 +++++++------- 8 files changed, 143 insertions(+), 38 deletions(-) create mode 100644 data/ansible/packages/distributions.conf.j2 create mode 100644 data/ansible/packages/options.conf.j2 diff --git a/data/ansible/packages/distributions.conf.j2 b/data/ansible/packages/distributions.conf.j2 new file mode 100644 index 000000000..eda6f03f1 --- /dev/null +++ b/data/ansible/packages/distributions.conf.j2 @@ -0,0 +1,22 @@ +{{ ansible_managed | comment }} +Origin: apt.cgrates.org +Label: apt.cgrates.org +Suite: stable +Codename: debian +Architectures: amd64 +Components: main +Description: CGRateS APT repository +SignWith: yes +DebOverride: override.testing +DscOverride: override.testing + +Origin: apt.cgrates.org +Label: apt.cgrates.org +Suite: nightly +Codename: nightly +Architectures: amd64 +Components: main +Description: CGRateS APT Nightly repository +SignWith: yes +DebOverride: override.testing +DscOverride: override.testing diff --git a/data/ansible/packages/go.yaml b/data/ansible/packages/go.yaml index d7531502e..042f54f6b 100644 --- a/data/ansible/packages/go.yaml +++ b/data/ansible/packages/go.yaml @@ -56,6 +56,34 @@ group: root mode: 'u=rw,go=r' +- name: Export GOROOT for root + become: yes + lineinfile: + path: ~/.bashrc + line: export GOROOT='{{ golang_install_dir }}' + insertafter: last + +- name: Add GOROOT to PATH for root + become: yes + lineinfile: + path: ~/.bashrc + line: export PATH=$PATH:$GOROOT/bin + insertafter: last + +- name: Export GOPATH for root + become: yes + lineinfile: + path: ~/.bashrc + line: export GOPATH='{{ golang_gopath }}' + insertafter: last + +- name: Add GOPATH to PATH for root + become: yes + lineinfile: + path: ~/.bashrc + line: export PATH=$PATH:$GOPATH/bin + insertafter: last + - name: Export GOROOT lineinfile: path: ~/.bashrc diff --git a/data/ansible/packages/gpg-gen-key.yaml b/data/ansible/packages/gpg-gen-key.yaml index 3851f5f09..b13eb01f1 100644 --- a/data/ansible/packages/gpg-gen-key.yaml +++ b/data/ansible/packages/gpg-gen-key.yaml @@ -1,30 +1,51 @@ --- - name: set defaut gpg options + become: true template: src: gpg.conf.j2 dest: "{{ gpg_home }}/.gnupg/gpg.conf" mode: '0600' - owner: "{{ gpg_generator_user }}" + owner: "{{ rootUser }}" - name: copy default template for gpg key generation + become: true template: src: gen-key-script - dest: "{{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }}" + dest: "{{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" mode: '0600' - owner: "{{ gpg_generator_user }}" + owner: "{{ rootUser }}" - name: create some required file + become: true shell: "gpg --list-secret-keys --keyid-format LONG" +- name: When starting fresh we need to make sure we have rng-tools + become: true + apt: + name: rng-tools + state: present + ignore_errors: true + +- name: Add HRNGDEVICE=/dev/urandom so we can execute rngd + become: true + lineinfile: + path: /etc/default/rng-tools + line: HRNGDEVICE=/dev/urandom + insertafter: last + - name: generate randomness - shell: "sudo rngd -r /dev/urandom" + become: true + shell: "sudo /etc/init.d/rng-tools restart" ignore_errors: true - name: generate gpg key - shell: "gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }}" + become: true + shell: "sudo gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" - name: get user armored public key - shell: "gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" + become: true + shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" - name: After export move the key to /var/packages - shell: "mv {{ gpg_pubkeyfileexport }} /var/packages" \ No newline at end of file + become: true + shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" \ No newline at end of file diff --git a/data/ansible/packages/gpg.yaml b/data/ansible/packages/gpg.yaml index 34289b11a..05124a09a 100644 --- a/data/ansible/packages/gpg.yaml +++ b/data/ansible/packages/gpg.yaml @@ -1,6 +1,7 @@ --- - name: Ensure .gnupg config directory exists with right permissions - file: dest={{ gpg_home }}/.gnupg state=directory mode=0700 owner="{{ gpg_generator_user }}" + become: true + file: dest={{ gpg_home }}/.gnupg state=directory mode=0700 owner="{{ rootUser }}" ## Note: matching on realname or email doesn't allow to create multiple keys. alternative? - name: check existing secret key @@ -8,7 +9,7 @@ changed_when: false ignore_errors: true become: yes - become_user: "{{ gpg_generator_user }}" + become_user: "{{ rootUser }}" register: gpgkeys - include: gpg-gen-key.yaml diff --git a/data/ansible/packages/main.yaml b/data/ansible/packages/main.yaml index 8d56312db..7c3114550 100644 --- a/data/ansible/packages/main.yaml +++ b/data/ansible/packages/main.yaml @@ -23,9 +23,7 @@ ############################################################### ##################### GPG Vars ############################# ############################################################### - gpg_generator_user: "root" gpg_home: "/root" - gpg_user: "root" gpg_realname: "CGRateS" gpg_useremail: "cgrates@itsyscom.com" gpg_pubkeyfileexport: "apt.cgrates.org.gpg.key" @@ -34,32 +32,41 @@ gpg_subkeylength: 2048 gpg_expire: 360 - remote_user: root + rootUser : root + + customPath: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" + + remote_user: cgrates tasks: ########################################################################################################################### ########################################################################################################################### # install dependencies - name: Install build-essential + become: true apt: name: build-essential state: present - name: Install the git + become: true apt: name: git state: present - name: Install devscripts + become: true apt: name: devscripts state: present - name: Install reprepro + become: true apt: name: reprepro state: present - name: Install NGINX server + become: true apt: name: nginx state: present @@ -73,6 +80,7 @@ include: gpg.yaml - name: Check if NGINX needs to be configured + become: true shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" ignore_errors: true register: nginxConfig @@ -96,15 +104,16 @@ - name: Install golang include: go.yaml -# Install Glide - name: install glide - command: go get -u github.com/Masterminds/glide - become_user: "{{ gouser }}" + shell: go get -u github.com/Masterminds/glide + environment: + PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin" ########################################################################################################################### ########################################################################################################################### # Install CGRateS - name: create cgrates directory + become: yes file: state: directory mode: 'u=rwx,go=rx' @@ -122,17 +131,27 @@ become: yes become_user: "{{ gouser }}" +# Before installing glide make sure vendor don't exist + - name: Remove vendor + shell: "sudo rm -rf {{ cgrates_dir }}/vendor" + ignore_errors: true + - name: glide install - command: "{{ golang_gopath }}/bin/glide install" + shell: '{{ golang_gopath }}/bin/glide install' + environment: + PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin" args: chdir: '{{ cgrates_dir }}' - name: build cgrates - command: 'sh {{ cgrates_dir }}/build.sh' + shell: "sh {{ cgrates_dir }}/build.sh" + environment: + PATH: "{{ lookup('env','PATH') }}:{{ golang_gopath }}/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" args: chdir: '{{ cgrates_dir }}' - name: symbol link + become: yes file: src: "{{ cgrates_dir }}/data" dest: "/usr/share/cgrates" @@ -140,17 +159,20 @@ ########################################################################################################################### ########################################################################################################################### # Generate package -# - name: Generate package -# command: 'make deb' -# args: -# chdir: '{{ cgrates_dir }}/packages' + - name: Generate package + become: yes + command: 'sudo env "PATH={{ customPath }}" make deb' + args: + chdir: '{{ cgrates_dir }}/packages' - name: Check if the package was generated - shell: "ls {{ golang_gopath }}/src/github.com/cgrates | grep 'cgrates_'" + become: yes + shell: "sudo ls {{ golang_gopath }}/src/github.com/cgrates | grep 'cgrates_'" ignore_errors: true register: packageVar - name: Move the files to /var/packages/debian/incoming + become: yes command: sudo mv {{item}} /var/packages/debian/incoming/ args: chdir: '{{ golang_gopath }}/src/github.com/cgrates' @@ -158,11 +180,13 @@ with_items: '{{ packageVar.stdout_lines }}' - name : Get the name of the changes file + become: yes shell : "sudo ls /var/packages/debian/incoming/ | grep '.changes'" register: changesFileNames # Include the package with reprepro - name : Include the package with reprepro + become: yes command: sudo reprepro -A amd64 -Vb . include nightly /var/packages/debian/incoming/{{ item }} args : chdir: /var/packages/debian diff --git a/data/ansible/packages/nginx.yaml b/data/ansible/packages/nginx.yaml index 6d9580243..6279c5982 100644 --- a/data/ansible/packages/nginx.yaml +++ b/data/ansible/packages/nginx.yaml @@ -1,16 +1,19 @@ --- - name: Add apt.cgrates.vhost in nginx + become: true template: src: nginx.conf.j2 dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost" mode: '0600' - owner: "{{ gpg_generator_user }}" + owner: "{{ rootUser }}" - name: Create a symlink for apt.cgrates.org + become: true file: src: "/etc/nginx/sites-available/apt.cgrates.org.vhost" dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost" state: link - name: Restart the nginx so the change take effects + become: true shell: "/etc/init.d/nginx reload" \ No newline at end of file diff --git a/data/ansible/packages/options.conf.j2 b/data/ansible/packages/options.conf.j2 new file mode 100644 index 000000000..6187384eb --- /dev/null +++ b/data/ansible/packages/options.conf.j2 @@ -0,0 +1,3 @@ +{{ ansible_managed | comment }} +verbose +basedir /var/packages/debian diff --git a/data/ansible/packages/reprepro.yaml b/data/ansible/packages/reprepro.yaml index c63ec4e29..a3a8bdc0d 100644 --- a/data/ansible/packages/reprepro.yaml +++ b/data/ansible/packages/reprepro.yaml @@ -1,37 +1,40 @@ --- - name: Check if /var/packages/debian directory exists + become: true file: path: /var/packages/debian state: directory - name: Check if /var/packages/debian/conf directory exists + become: true file: path: /var/packages/debian/conf state: directory - name: Check if /var/packages/debian/incoming directory exists + become: true file: path: /var/packages/debian/incoming state: directory +- name: Add distributions file in reprepro + become: true + template: + src: distributions.conf.j2 + dest: "/var/packages/debian/conf/distributions" + mode: '0600' + owner: "{{ rootUser }}" -- name: Create distributions file - copy: - content: "Origin: apt.cgrates.org\nLabel: apt.cgrates.org\nSuite: stable\nCodename: debian\nArchitectures: amd64\nComponents: main\nDescription: CGRateS APT repository\nSignWith: yes\nDebOverride: override.testing\nDscOverride: override.testing\n\nOrigin: apt.cgrates.org\nLabel: apt.cgrates.org\nSuite: nightly\nCodename: nightly\nArchitectures: amd64\nComponents: main\nDescription: CGRateS APT Nightly repository\nSignWith: yes\nDebOverride: override.testing\nDscOverride: override.testing\n" - dest: /var/packages/debian/conf/distributions - force: no - group: root - owner: root - -- name: Create options file - copy: - content: "verbose\nbasedir /var/packages/debian" - dest: /var/packages/debian/conf/options - force: no - group: root - owner: root +- name: Add distributions file in reprepro + become: true + template: + src: options.conf.j2 + dest: "/var/packages/debian/conf/options" + mode: '0600' + owner: "{{ rootUser }}" - name: Create override.testing file + become: true copy: content: "" dest: /var/packages/debian/conf/override.testing