diff --git a/data/ansible/deb_packages/gpg-gen-key.yaml b/data/ansible/deb_packages/gpg-gen-key.yaml index d6e11d8fc..14835d929 100644 --- a/data/ansible/deb_packages/gpg-gen-key.yaml +++ b/data/ansible/deb_packages/gpg-gen-key.yaml @@ -1,15 +1,15 @@ --- -- name: set defaut gpg options +- name: Set default gpg options become: true - template: + ansible.builtin.template: src: gpg.conf.j2 dest: "{{ gpg_home }}/.gnupg/gpg.conf" mode: "0600" owner: "{{ rootUser }}" -- name: copy default template for gpg key generation +- name: Copy default template for gpg key generation become: true - template: + ansible.builtin.template: src: gen-key-script dest: "{{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" mode: "0600" @@ -18,28 +18,34 @@ # Not sure what this task does, or if it's needed. - name: List available GPG secret keys become: true - shell: "gpg --list-secret-keys --keyid-format LONG" + ansible.builtin.command: "gpg --list-secret-keys --keyid-format LONG" # rng-tools might not be needed on newer kernel versions - name: Install rng-tools-debian become: true - apt: + ansible.builtin.apt: name: rng-tools-debian state: present ignore_errors: true +- name: Make sure /etc/default/rng-tools-debian exist + become: true + ansible.builtin.file: + path: /etc/default/rng-tools-debian + state: touch + - name: Add HRNGDEVICE=/dev/urandom so we can execute rngd become: true - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/rng-tools-debian line: HRNGDEVICE=/dev/urandom insertafter: last -- name: generate randomness +- name: Generate randomness become: true - shell: "sudo /etc/init.d/rng-tools-debian restart" + ansible.builtin.command: "sudo /etc/init.d/rng-tools-debian restart" ignore_errors: true -- name: generate gpg key +- name: Generate gpg key become: true - shell: "sudo gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" + ansible.builtin.command: "sudo gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" diff --git a/data/ansible/deb_packages/gpg.yaml b/data/ansible/deb_packages/gpg.yaml index a2023ff12..337409239 100644 --- a/data/ansible/deb_packages/gpg.yaml +++ b/data/ansible/deb_packages/gpg.yaml @@ -1,43 +1,47 @@ --- - name: Restart gpg-agent become: true - shell: "gpgconf --kill all" + ansible.builtin.command: "gpgconf --kill all" - name: Ensure .gnupg config directory exists with right permissions become: true - file: dest={{ gpg_home }}/.gnupg state=directory mode=0700 owner="{{ rootUser }}" + ansible.builtin.file: + dest: "{{ gpg_home }}/.gnupg" + state: directory + mode: "0700" + owner: "{{ rootUser }}" -## Note: matching on realname or email doesn't allow to create multiple keys. alternative? -- name: check existing secret key - shell: "gpg --list-secret-keys | grep '{{ gpg_realname }}'" +# Note: matching on realname or email doesn't allow to create multiple keys. alternative? +- name: Check existing secret key + ansible.builtin.shell: "gpg --list-secret-keys | grep '{{ gpg_realname }}'" changed_when: false ignore_errors: true - become: yes + become: true become_user: "{{ rootUser }}" register: gpgkeys - name: Check expired keys - become: yes - shell: "gpg --list-keys {{ gpg_realname }} | grep 'expired'" - ignore_errors: yes + become: true + ansible.builtin.shell: "gpg --list-keys {{ gpg_realname }} | grep 'expired'" + ignore_errors: true failed_when: false register: gpgExpKeys when: gpgkeys.stdout_lines|length > 0 - name: Update expired - become: yes - shell: 'printf "expire\n{{ gpg_expire }}\nsave\n" | gpg --batch --command-fd 0 --status-fd=2 --edit-key {{ gpg_realname }}' + become: true + ansible.builtin.shell: 'printf "expire\n{{ gpg_expire }}\nsave\n" | gpg --batch --command-fd 0 --status-fd=2 --edit-key {{ gpg_realname }}' when: gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0 -- include_tasks: gpg-gen-key.yaml +- ansible.builtin.include_tasks: gpg-gen-key.yaml when: gpgkeys.stdout_lines|length < 1 -- name: get user armored public key +- name: Get user armored public key become: true - shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" + ansible.builtin.command: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0) - name: After export move the key to /var/packages become: true - shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" + ansible.builtin.command: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0) diff --git a/data/ansible/deb_packages/main.yaml b/data/ansible/deb_packages/main.yaml index e2e13e142..576b12bd3 100644 --- a/data/ansible/deb_packages/main.yaml +++ b/data/ansible/deb_packages/main.yaml @@ -1,9 +1,6 @@ --- - hosts: apt vars: - cgrates_dir: "/home/{{ user }}/go/src/github.com/cgrates/cgrates" - cgrates_branch: "v0.10" - gpg_home: "/root" gpg_realname: "CGRateS" gpg_useremail: "cgrates@itsyscom.com" @@ -14,8 +11,6 @@ rootUser: root - customPath: "{{ lookup('env','PATH') }}:/home/{{ user }}/go/bin:/usr/local/go/bin:{{ ansible_env.PATH }}" - dependencies: - build-essential - cowbuilder @@ -35,204 +30,199 @@ - codename: bullseye version: 11 - remote_user: "{{ user }}" tasks: - name: Install dependencies - become: yes - apt: name={{ dependencies }} state=present + become: true + ansible.builtin.apt: + name: "{{ dependencies }}" + state: present - name: Configure reprepro - import_tasks: reprepro.yaml + ansible.builtin.import_tasks: reprepro.yaml - name: Generate GPG Key - import_tasks: gpg.yaml + ansible.builtin.import_tasks: gpg.yaml - name: Check if NGINX needs to be configured become: true - shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" + ansible.builtin.shell: "ls /etc/nginx/sites-enabled | grep 'apt.cgrates.org.vhost'" ignore_errors: true register: nginxConfig - name: Configure NGINX server - include_tasks: nginx.yaml - when: nginxConfig.stdout_lines|length < 1 + ansible.builtin.include_tasks: nginx.yaml + when: nginxConfig.stdout_lines | length < 1 - name: Enable and start nginx - systemd: + ansible.builtin.systemd: name: nginx state: started - masked: no - enabled: yes + masked: false + enabled: true - name: Install Go - import_role: + ansible.builtin.import_role: name: ../roles/go + vars: + go_clean_build_cache: true + go_clean_modcache: true - name: Create chroots - become: yes - command: "cowbuilder --create --distribution {{ item.codename }} --architecture amd64 --basepath /var/cache/pbuilder/base-{{ item.codename }}+go.cow --mirror http://deb.debian.org/debian --components main" + become: true + ansible.builtin.command: >- + cowbuilder --create --distribution {{ item.codename }} --architecture amd64 + --basepath /var/cache/pbuilder/base-{{ item.codename }}+go.cow + --mirror http://deb.debian.org/debian --components main args: creates: "/var/cache/pbuilder/base-{{ item.codename }}+go.cow" with_items: "{{ distributions }}" - name: Check Go tarball - stat: + ansible.builtin.stat: path: "/usr/local/src/{{ go_tarball }}" register: downloaded_go_tarball - name: Download Go tarball - become: yes - get_url: + become: true + ansible.builtin.get_url: url: "{{ go_download_url }}" dest: "/usr/local/src/{{ go_tarball }}" checksum: "sha256:{{ go_checksum }}" + mode: "0644" when: not downloaded_go_tarball.stat.exists - name: Install Go in chroots - become: yes - unarchive: + become: true + ansible.builtin.unarchive: src: "/usr/local/src/{{ go_tarball }}" dest: "/var/cache/pbuilder/base-{{ item.codename }}+go.cow/usr/local" - copy: no + copy: false creates: "/var/cache/pbuilder/base-{{ item.codename }}+go.cow/usr/local/go" with_items: "{{ distributions }}" - name: Customize .bashrc in chroots become: true - template: + ansible.builtin.template: src: bashrc.j2 dest: "/var/cache/pbuilder/base-{{ item.codename }}+go.cow/root/.bashrc" mode: "0644" - owner: "root" - group: "root" + owner: root + group: root with_items: "{{ distributions }}" - name: Customize .pbuilderrc - template: + ansible.builtin.template: src: pbuilderrc.j2 dest: "/home/{{ user }}/.pbuilderrc" mode: "0644" - name: Check update timestamp - stat: + ansible.builtin.stat: path: "/var/cache/pbuilder/update-timestamp" register: update_timestamp - name: Update chroots - become: yes - command: "cowbuilder --update --basepath /var/cache/pbuilder/base-{{ item.codename }}+go.cow" + become: true + ansible.builtin.command: "cowbuilder --update --basepath /var/cache/pbuilder/base-{{ item.codename }}+go.cow" with_items: "{{ distributions }}" when: not update_timestamp.stat.exists or update_timestamp.stat.mtime <= (ansible_date_time.epoch | int - 86400) register: update_chroots - name: Update timestamp - become: yes - file: - path: "/var/cache/pbuilder/update-timestamp" + become: true + ansible.builtin.file: + path: /var/cache/pbuilder/update-timestamp state: touch + mode: "0644" when: update_chroots.changed ########################################################################################################################### ########################################################################################################################### - # Install CGRateS - - name: create cgrates directory - file: - state: directory - mode: "u=rwx,go=rx" - owner: "{{ user }}" - group: "{{ user }}" - dest: "{{ cgrates_dir }}" + # + - name: Set up cgrates + ansible.builtin.import_role: + name: ../../roles/cgrates + vars: + cgrates_bin_path: "" + cgrates_dbs: [] + cgrates_dependencies: [] - - name: git clone cgrates - git: - repo: https://github.com/cgrates/cgrates.git - dest: "{{ cgrates_dir }}" - update: yes - force: yes - version: "{{ cgrates_branch }}" - - - name: clean go cache - shell: "go clean --cache" + - name: Sync the go mod with vendor + ansible.builtin.command: + cmd: go mod vendor + chdir: "{{ cgrates_dir }}" environment: - PATH: "{{ customPath }}" + PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin" - - name: clean go modcache - shell: "go clean --modcache" - environment: - PATH: "{{ customPath }}" - - - name: sync the go mod with vendor - shell: "go mod vendor" - environment: - PATH: "{{ customPath }}" + - name: Get current Git tag + command: "git tag -l --points-at HEAD" args: chdir: "{{ cgrates_dir }}" - - - name: build cgrates - shell: "sh {{ cgrates_dir }}/build.sh" - environment: - PATH: "{{ customPath }}" - args: - chdir: "{{ cgrates_dir }}" - - - name: symbol link - become: yes - file: - src: "{{ cgrates_dir }}/data" - dest: "/usr/share/cgrates" - state: link - - - name: get git tag - shell: "git tag -l --points-at HEAD" - args: - chdir: "{{ cgrates_dir }}" - register: gitTagVar + register: git_tag_result ########################################################################################################################### ########################################################################################################################### - # Generate package - - name: Generate packages - command: 'env "DISTRIBUTION={{ item.codename }}" make -C packages deb' - args: - chdir: "{{ cgrates_dir }}" - with_items: "{{ distributions }}" + - block: + - name: Generate packages + ansible.builtin.command: 'env "DISTRIBUTION={{ item.codename }}" make -C packages deb' + args: + chdir: "{{ cgrates_dir }}" + with_items: "{{ distributions }}" - - name: Check if the packages were generated - shell: "ls /home/{{ user }}/go/src/github.com/cgrates | grep -E 'cgrates(-dbgsym)?_'" - ignore_errors: true - register: packagesVar + - name: Find generated package files + ansible.builtin.find: + paths: "/home/{{ user }}/go/src/github.com/cgrates" + patterns: + - cgrates_* + - cgrates-dbgsym_* + file_type: file + register: package_files - - name: Move the files to /var/packages/debian/incoming - become: yes - command: mv {{item}} /var/packages/debian/incoming/ - args: - chdir: "/home/{{ user }}/go/src/github.com/cgrates" - when: packagesVar.stdout_lines|length > 0 - with_items: "{{ packagesVar.stdout_lines }}" + - name: Move package files to incoming directory + become: true + ansible.builtin.command: mv {{ item.path }} /var/packages/debian/incoming/ + args: + creates: "/var/packages/debian/incoming/{{ item.path | basename }}" + removes: "{{ item.path }}" + with_items: "{{ package_files.files }}" + when: package_files.matched > 0 - - name: Get the name of the deb files - shell: "ls /var/packages/debian/incoming/ | grep -E '.(build|buildinfo|changes|deb|debian.tar.*|dsc|orig.*.tar.*)$'" - register: packageFileNames + - name: Include the packages with reprepro + become: true + ansible.builtin.shell: + cmd: >- + reprepro -Vb . --ignore=wrongdistribution include + {{ cgrates_branch }}-{{ item.codename }} + /var/packages/debian/incoming/*~deb{{ item.version }}u1_amd64.changes + chdir: /var/packages/debian + with_items: "{{ distributions }}" + when: cgrates_branch == 'master' or git_tag_result.stdout_lines | length > 0 - - name: Include the packages with reprepro - become: yes - shell: reprepro -Vb . --ignore=wrongdistribution include {{ cgrates_branch }}-{{ item.codename }} /var/packages/debian/incoming/*~deb{{ item.version }}u1_amd64.changes - args: - chdir: /var/packages/debian - with_items: "{{ distributions }}" - when: cgrates_branch == "master" or gitTagVar.stdout_lines|length > 0 + - name: Copy the file to PKG server + ansible.builtin.command: "scp /var/packages/debian/incoming/{{ item.path | basename }} {{ pkgAddr }}:/tmp/" + with_items: "{{ package_files.files }}" - - name: Copy the file to PKG server - shell: "scp /var/packages/debian/incoming/{{ item }} {{ pkgAddr }}:/tmp/" - args: - chdir: /var/packages/debian/incoming/ - with_items: "{{ packageFileNames.stdout_lines }}" + always: + - name: Clean the incoming folder + become: true + ansible.builtin.file: + path: /var/packages/debian/incoming + state: absent - - name: Clean the incoming folder - become: yes - shell: "rm /var/packages/debian/incoming/*" - args: - chdir: /var/packages/debian + - name: Check for leftover package files + ansible.builtin.find: + paths: "/home/{{ user }}/go/src/github.com/cgrates" + patterns: + - cgrates_* + - cgrates-dbgsym_* + file_type: file + register: leftover_files + + - name: Remove leftover package files + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + with_items: "{{ leftover_files.files }}" - hosts: pkg vars: @@ -245,15 +235,15 @@ version: 11 tasks: - name: Add user to www-data group - become: yes - user: + become: true + ansible.builtin.user: name: "{{ user }}" groups: "{{ nginx_user }}" - append: yes + append: true - name: Create directory - become: yes - file: + become: true + ansible.builtin.file: path: /var/packages/deb/{{ cgrates_branch }}/{{ item.codename }} state: directory mode: "0775" @@ -262,32 +252,32 @@ with_items: "{{ distributions }}" - name: Remove symlink from current deb package - file: + ansible.builtin.file: path: /var/packages/deb/{{ cgrates_branch }}/{{ item.codename }}/cgrates_current_amd64.deb state: absent with_items: "{{ distributions }}" - when: cgrates_branch == "master" or hostvars['apt']['gitTagVar'].stdout_lines|length > 0 + when: cgrates_branch == "master" or hostvars['apt']['git_tag_result'].stdout_lines | length > 0 - name: Move the new .orig.tar.gz to /var/packages/deb - become: yes - shell: "mv /tmp/cgrates*.orig*.tar.* /var/packages/deb/{{ cgrates_branch }}/" + become: true + ansible.builtin.shell: "mv /tmp/cgrates*.orig*.tar.* /var/packages/deb/{{ cgrates_branch }}/" - name: Move the new package to /var/packages/deb - become: yes - shell: "mv /tmp/cgrates*~deb{{ item.version }}u1* /var/packages/deb/{{ cgrates_branch }}/{{ item.codename }}/" + become: true + ansible.builtin.shell: "mv /tmp/cgrates*~deb{{ item.version }}u1* /var/packages/deb/{{ cgrates_branch }}/{{ item.codename }}/" with_items: "{{ distributions }}" - name: Find all package files - become: yes - find: + become: true + ansible.builtin.find: path: "/var/packages/deb/{{ cgrates_branch }}/" patterns: "*.deb" - recurse: yes + recurse: true register: package_files - name: Set ownership and permissions for moved files - become: yes - file: + become: true + ansible.builtin.file: path: "{{ item.path }}" owner: "{{ nginx_user }}" group: "{{ nginx_user }}" @@ -295,25 +285,25 @@ loop: "{{ package_files.files }}" - name: Find package files per distribution - become: yes - find: - path: "/var/packages/deb/{{ cgrates_branch }}/{{ item.codename }}/" + become: true + ansible.builtin.find: + path: /var/packages/deb/{{ cgrates_branch }}/{{ item.codename }}/ patterns: "cgrates_*_amd64.deb" with_items: "{{ distributions }}" register: distribution_package_files - when: cgrates_branch == "master" or hostvars['apt']['gitTagVar'].stdout_lines|length > 0 + when: cgrates_branch == "master" or hostvars['apt']['git_tag_result'].stdout_lines|length > 0 - - set_fact: + - ansible.builtin.set_fact: latest_file: "{{ item.files | sort(attribute='mtime', reverse=true) | first }}" with_items: "{{ distribution_package_files.results }}" register: latest_files - when: cgrates_branch == "master" or hostvars['apt']['gitTagVar'].stdout_lines|length > 0 + when: cgrates_branch == "master" or hostvars['apt']['git_tag_result'].stdout_lines | length > 0 - name: Create the new symlink cgrates_current_amd64.deb - become: yes - file: + become: true + ansible.builtin.file: src: "{{ item.ansible_facts.latest_file.path }}" - dest: /var/packages/deb/{{ cgrates_branch }}/{{ item.item.item.codename }}/cgrates_current_amd64.deb + dest: "/var/packages/deb/{{ cgrates_branch }}/{{ item.item.item.codename }}/cgrates_current_amd64.deb" state: link with_items: "{{ latest_files.results }}" - when: cgrates_branch == "master" or hostvars['apt']['gitTagVar'].stdout_lines|length > 0 + when: cgrates_branch == "master" or hostvars['apt']['git_tag_result'].stdout_lines | length > 0 diff --git a/data/ansible/deb_packages/nginx.yaml b/data/ansible/deb_packages/nginx.yaml index 6279c5982..c27668427 100644 --- a/data/ansible/deb_packages/nginx.yaml +++ b/data/ansible/deb_packages/nginx.yaml @@ -1,7 +1,7 @@ --- - name: Add apt.cgrates.vhost in nginx become: true - template: + ansible.builtin.template: src: nginx.conf.j2 dest: "/etc/nginx/sites-available/apt.cgrates.org.vhost" mode: '0600' @@ -9,11 +9,11 @@ - name: Create a symlink for apt.cgrates.org become: true - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/apt.cgrates.org.vhost" dest: "/etc/nginx/sites-enabled/apt.cgrates.org.vhost" state: link - name: Restart the nginx so the change take effects become: true - shell: "/etc/init.d/nginx reload" \ No newline at end of file + ansible.builtin.command: "/etc/init.d/nginx reload" diff --git a/data/ansible/deb_packages/reprepro.yaml b/data/ansible/deb_packages/reprepro.yaml index a3a8bdc0d..84da2f84d 100644 --- a/data/ansible/deb_packages/reprepro.yaml +++ b/data/ansible/deb_packages/reprepro.yaml @@ -1,25 +1,25 @@ --- - name: Check if /var/packages/debian directory exists become: true - file: + ansible.builtin.file: path: /var/packages/debian state: directory - name: Check if /var/packages/debian/conf directory exists become: true - file: + ansible.builtin.file: path: /var/packages/debian/conf state: directory - name: Check if /var/packages/debian/incoming directory exists become: true - file: + ansible.builtin.file: path: /var/packages/debian/incoming state: directory - name: Add distributions file in reprepro become: true - template: + ansible.builtin.template: src: distributions.conf.j2 dest: "/var/packages/debian/conf/distributions" mode: '0600' @@ -27,7 +27,7 @@ - name: Add distributions file in reprepro become: true - template: + ansible.builtin.template: src: options.conf.j2 dest: "/var/packages/debian/conf/options" mode: '0600' @@ -35,9 +35,9 @@ - name: Create override.testing file become: true - copy: + ansible.builtin.copy: content: "" dest: /var/packages/debian/conf/override.testing - force: no + force: false group: root owner: root