From 456a83c9d2da74a38aaac65a6aff24dfac3f20e4 Mon Sep 17 00:00:00 2001 From: TeoV Date: Fri, 30 Aug 2019 15:43:24 +0300 Subject: [PATCH] Add ansible for configuring for generating packages --- data/ansible/packages/gen-key-script | 13 +++ data/ansible/packages/go.yaml | 81 ++++++++++++++ data/ansible/packages/golang.sh.j2 | 12 +++ data/ansible/packages/gpg-gen-key.yaml | 30 ++++++ data/ansible/packages/gpg.conf.j2 | 5 + data/ansible/packages/gpg.yaml | 15 +++ data/ansible/packages/main.yaml | 143 +++++++++++++++++++++++++ data/ansible/packages/nginx.conf.j2 | 22 ++++ data/ansible/packages/nginx.yaml | 16 +++ data/ansible/packages/reprepro.yaml | 43 ++++++++ 10 files changed, 380 insertions(+) create mode 100644 data/ansible/packages/gen-key-script create mode 100644 data/ansible/packages/go.yaml create mode 100644 data/ansible/packages/golang.sh.j2 create mode 100644 data/ansible/packages/gpg-gen-key.yaml create mode 100644 data/ansible/packages/gpg.conf.j2 create mode 100644 data/ansible/packages/gpg.yaml create mode 100644 data/ansible/packages/main.yaml create mode 100644 data/ansible/packages/nginx.conf.j2 create mode 100644 data/ansible/packages/nginx.yaml create mode 100644 data/ansible/packages/reprepro.yaml diff --git a/data/ansible/packages/gen-key-script b/data/ansible/packages/gen-key-script new file mode 100644 index 000000000..e1ad3c585 --- /dev/null +++ b/data/ansible/packages/gen-key-script @@ -0,0 +1,13 @@ +{{ ansible_managed | comment }} +%echo Generating a basic OpenPGP key +%no-protection +Key-Type: RSA +Key-Length: {{ gpg_keylength }} +Subkey-Type: RSA +Subkey-Length: {{ 2048 }} +Name-Real: {{ gpg_realname }} +Name-Email: {{ gpg_useremail }} +Expire-Date: {{ gpg_expire }} +%no-ask-passphrase +%commit +%echo done \ No newline at end of file diff --git a/data/ansible/packages/go.yaml b/data/ansible/packages/go.yaml new file mode 100644 index 000000000..d7531502e --- /dev/null +++ b/data/ansible/packages/go.yaml @@ -0,0 +1,81 @@ +--- +- name: create gopath directory + file: + state: directory + mode: 'u=rwx,go=rx' + dest: '{{ golang_gopath }}' + +- name: create download directory + file: + state: directory + mode: 'u=rwx,go=rx' + dest: '{{ golang_download_dir }}' + +- name: download Go language SDK + get_url: + url: '{{ golang_mirror }}/{{ golang_redis_filename }}' + dest: '{{ golang_download_dir }}/{{ golang_redis_filename }}' + mode: 'u=rw,go=r' + +- name: create Go language SDK installation directory + become: yes + file: + state: directory + owner: root + group: root + mode: 'u=rwx,go=rx' + dest: '{{ golang_install_dir }}' + +- name: install Go language SDK + become: yes + unarchive: + src: '{{ golang_download_dir }}/{{ golang_redis_filename }}' + remote_src: yes + extra_opts: '--strip-components=1' + dest: '{{ golang_install_dir }}' + owner: root + group: root + creates: '{{ golang_install_dir }}/bin' + +# Set Go language SDK environment variables +- name: make sure /etc/profile.d exists + become: yes + file: + path: /etc/profile.d + state: directory + owner: root + group: root + mode: 'u=rwx,go=rx' + +- name: export Go language SDK environment variables + become: yes + template: + src: golang.sh.j2 + dest: /etc/profile.d/golang.sh + owner: root + group: root + mode: 'u=rw,go=r' + +- name: Export GOROOT + lineinfile: + path: ~/.bashrc + line: export GOROOT='{{ golang_install_dir }}' + insertafter: last + +- name: Add GOROOT to PATH + lineinfile: + path: ~/.bashrc + line: export PATH=$PATH:$GOROOT/bin + insertafter: last + +- name: Export GOPATH + lineinfile: + path: ~/.bashrc + line: export GOPATH='{{ golang_gopath }}' + insertafter: last + +- name: Add GOPATH to PATH + lineinfile: + path: ~/.bashrc + line: export PATH=$PATH:$GOPATH/bin + insertafter: last \ No newline at end of file diff --git a/data/ansible/packages/golang.sh.j2 b/data/ansible/packages/golang.sh.j2 new file mode 100644 index 000000000..7bfc41c2e --- /dev/null +++ b/data/ansible/packages/golang.sh.j2 @@ -0,0 +1,12 @@ + +#!/bin/sh + +{{ ansible_managed | comment('plain') }} + +export GOROOT='{{ golang_install_dir }}' +export PATH=$PATH:$GOROOT/bin + +{% if golang_gopath not in (None, '') %} +export GOPATH="{{ golang_gopath }}" +export PATH=$PATH:$GOPATH/bin +{% endif %} \ No newline at end of file diff --git a/data/ansible/packages/gpg-gen-key.yaml b/data/ansible/packages/gpg-gen-key.yaml new file mode 100644 index 000000000..3851f5f09 --- /dev/null +++ b/data/ansible/packages/gpg-gen-key.yaml @@ -0,0 +1,30 @@ +--- +- name: set defaut gpg options + template: + src: gpg.conf.j2 + dest: "{{ gpg_home }}/.gnupg/gpg.conf" + mode: '0600' + owner: "{{ gpg_generator_user }}" + +- name: copy default template for gpg key generation + template: + src: gen-key-script + dest: "{{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }}" + mode: '0600' + owner: "{{ gpg_generator_user }}" + +- name: create some required file + shell: "gpg --list-secret-keys --keyid-format LONG" + +- name: generate randomness + shell: "sudo rngd -r /dev/urandom" + ignore_errors: true + +- name: generate gpg key + shell: "gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }}" + +- name: get user armored public key + shell: "gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" + +- name: After export move the key to /var/packages + shell: "mv {{ gpg_pubkeyfileexport }} /var/packages" \ No newline at end of file diff --git a/data/ansible/packages/gpg.conf.j2 b/data/ansible/packages/gpg.conf.j2 new file mode 100644 index 000000000..38d375f03 --- /dev/null +++ b/data/ansible/packages/gpg.conf.j2 @@ -0,0 +1,5 @@ +{{ ansible_managed | comment }} +# Prioritize stronger algorithms for new keys. +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed +# Use a stronger digest than the default SHA1 for certifications. +cert-digest-algo SHA512 diff --git a/data/ansible/packages/gpg.yaml b/data/ansible/packages/gpg.yaml new file mode 100644 index 000000000..34289b11a --- /dev/null +++ b/data/ansible/packages/gpg.yaml @@ -0,0 +1,15 @@ +--- +- name: Ensure .gnupg config directory exists with right permissions + file: dest={{ gpg_home }}/.gnupg state=directory mode=0700 owner="{{ gpg_generator_user }}" + +## Note: matching on realname or email doesn't allow to create multiple keys. alternative? +- name: check existing secret key + shell: "gpg --list-secret-keys | grep '{{ gpg_realname }}'" + changed_when: false + ignore_errors: true + become: yes + become_user: "{{ gpg_generator_user }}" + register: gpgkeys + +- include: gpg-gen-key.yaml + when: gpgkeys.stdout_lines|length < 1 diff --git a/data/ansible/packages/main.yaml b/data/ansible/packages/main.yaml new file mode 100644 index 000000000..b55719648 --- /dev/null +++ b/data/ansible/packages/main.yaml @@ -0,0 +1,143 @@ +--- +- hosts: all + vars: + ############################################################### + ##################### Golang Vars ############################# + ############################################################### + # Go language SDK version number + golang_version: '1.12.7' + # Mirror to download the Go language SDK redistributable package from + golang_mirror: 'https://storage.googleapis.com/golang' + # Base installation directory the Go language SDK distribution + golang_install_dir: '/usr/local/go' + # Directory to store files downloaded for Go language SDK installation + golang_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" + # Location for GOPATH environment variable + golang_gopath: "/home/{{ gouser }}/go" + # Filename of Go language SDK redistributable package + golang_redis_filename: 'go{{ golang_version }}.linux-amd64.tar.gz' + + ############################################################### + # CGRateS location + cgrates_dir: "{{ golang_gopath }}/src/github.com/cgrates/cgrates" + ############################################################### + ##################### GPG Vars ############################# + ############################################################### + gpg_generator_user: "root" + gpg_home: "/root" + gpg_user: "root" + gpg_realname: "CGRateS" + gpg_useremail: "cgrates@itsyscom.com" + gpg_pubkeyfileexport: "apt.cgrates.org.gpg.key" + + gpg_keylength: 2048 + gpg_subkeylength: 2048 + gpg_expire: 360 + + remote_user: root + tasks: + +########################################################################################################################### + +########################################################################################################################### +# install dependencies + - name: Install build-essential + apt: + name: build-essential + state: present + + - name: Install the git + apt: + name: git + state: present + + - name: Install devscripts + apt: + name: devscripts + state: present + + - name: Install reprepro + apt: + name: reprepro + state: present + + - name: Install NGINX server + apt: + name: nginx + state: present + + - name: Config reprepro + include: reprepro.yaml + + - name: Generate GPG Key + include: gpg.yaml + + - name: Check if NGINX needs to be configured + shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" + ignore_errors: true + register: nginxConfig + + - debug: var=nginxConfig + + - name: Configure NGINX server + include: nginx.yaml + when: nginxConfig.stdout_lines|length < 1 + +########################################################################################################################### + +########################################################################################################################### + # install golang + - name: install unarchive dependencies (zypper) + become: yes + zypper: + name: + - gzip + - tar + state: present + when: ansible_pkg_mgr == 'zypper' + + - name: Install golang + include: go.yaml + + # glide + - name: install glide + command: go get -u github.com/Masterminds/glide + become_user: "{{ gouser }}" +########################################################################################################################### + +########################################################################################################################### +# install cgrates + - name: create cgrates directory + file: + state: directory + mode: 'u=rwx,go=rx' + owner: "{{ gouser }}" + group: "{{ gouser }}" + dest: '{{ cgrates_dir }}' + become_user: "{{ gouser }}" + + - name: git clone cgrates + git: + repo: https://github.com/cgrates/cgrates.git + dest: '{{ cgrates_dir }}' + become: yes + become_user: "{{ gouser }}" + + - name: glide install + command: "{{ golang_gopath }}/bin/glide install" + args: + chdir: '{{ cgrates_dir }}' + + - name: build cgrates + command: 'sh {{ cgrates_dir }}/build.sh' + args: + chdir: '{{ cgrates_dir }}' + + - name: symbol link + file: + src: "{{ cgrates_dir }}/data" + dest: "/usr/share/cgrates" + state: link +########################################################################################################################### + +########################################################################################################################### diff --git a/data/ansible/packages/nginx.conf.j2 b/data/ansible/packages/nginx.conf.j2 new file mode 100644 index 000000000..8f0b30be2 --- /dev/null +++ b/data/ansible/packages/nginx.conf.j2 @@ -0,0 +1,22 @@ +{{ ansible_managed | comment }} +server { + listen 80; + server_name apt.cgrates.org; + + access_log /var/log/nginx/packages-error.log; + error_log /var/log/nginx/packages-error.log; + + location / { + root /var/packages; + index index.html; + autoindex on; + } + + location ~ /(.*)/conf { + deny all; + } + + location ~ /(.*)/db { + deny all; + } +} \ No newline at end of file diff --git a/data/ansible/packages/nginx.yaml b/data/ansible/packages/nginx.yaml new file mode 100644 index 000000000..6d9580243 --- /dev/null +++ b/data/ansible/packages/nginx.yaml @@ -0,0 +1,16 @@ +--- +- name: Add apt.cgrates.vhost in nginx + template: + src: nginx.conf.j2 + dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost" + mode: '0600' + owner: "{{ gpg_generator_user }}" + +- name: Create a symlink for apt.cgrates.org + file: + src: "/etc/nginx/sites-available/apt.cgrates.org.vhost" + dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost" + state: link + +- name: Restart the nginx so the change take effects + shell: "/etc/init.d/nginx reload" \ No newline at end of file diff --git a/data/ansible/packages/reprepro.yaml b/data/ansible/packages/reprepro.yaml new file mode 100644 index 000000000..34fdbc783 --- /dev/null +++ b/data/ansible/packages/reprepro.yaml @@ -0,0 +1,43 @@ +--- +- name: Check if /var/packages/debian directory exists + file: + path: /var/packages/debian + state: directory + +- name: Check if /var/packages/debian/conf directory exists + file: + path: /var/packages/debian/conf + state: directory + +- name: Check if /var/packages/debian/incoming directory exists + file: + path: /var/packages/debian/incoming + state: directory + + +- name: Create distributions file + copy: + content: "Origin: apt.cgrates.org\nLabel: apt.cgrates.org\nSuite: stable\nCodename: debian\nArchitectures: amd64\nComponents: main\nDescription: CGRateS APT repository\nSignWith: yes\nDebOverride: override.testing\nDscOverride: override.testing\n\nOrigin: apt.cgrates.org\nLabel: apt.cgrates.org\nSuite: nightly\nCodename: nightly\nArchitectures: amd64\nComponents: main\nDescription: CGRateS APT Nightly repository\nSignWith: yes\nDebOverride: override.testing\nDscOverride: override.testing\n" + dest: /var/packages/debian/conf/distributions + force: no + group: root + owner: root + mode: 0555 + +- name: Create options file + copy: + content: "verbose\nbasedir /var/packages/debian" + dest: /var/packages/debian/conf/options + force: no + group: root + owner: root + mode: 0555 + +- name: Create override.testing file + copy: + content: "" + dest: /var/packages/debian/conf/override.testing + force: no + group: root + owner: root + mode: 0555