tilderadio
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
4
0
Fork 0
Code Issues Releases Wiki Activity

Enhancement/ansible (#4977)

This commit is contained in:
Aurélien Maury 2022-01-13 01:38:44 +01:00 committed by GitHub
parent a00d06373f
commit 6b28f209b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 538 additions and 460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
.gitignore vendored
View File

@ -1,62 +0,0 @@
# Node Modules
node_modules
# Junk/cache files.
*Thumbs.db
tmp/cache/*---*
*.DS_Store
*.apdisk
.vagrant
.idea
/ubuntu-*-console.log
.phplint-cache
# Local development files.
/config/routes.dev.php
/env.ini
/app/env.ini
/app/.env
/azuracast.env
/util/fixtures/*
/util/fixtures/**/*
!/util/fixtures/.gitkeep
/util/local_ssl/*
!/util/local_ssl/.gitkeep
/web/static/yarn-error.log
/util/package_usage_report*
# Composer-generated content
/vendor/*
/vendor/**/*
!/vendor/.gitkeep
# NPM built content
/web/static/dist/*
/web/static/dist/**/*
!/web/static/dist/.gitkeep
/web/static/webpack_dist/*
/web/static/webpack_dist/**/*
!/web/static/webpack_dist/.gitkeep
/web/static/assets.json
/web/static/webpack.json
# Ansible deployment files
/ansible/
/util/ansible/deploy.retry
/util/ansible/update.retry
/tests/_output/*
# Docker files
/docker-compose.yml
/docker-compose.new.yml
/docker-compose.override.yml
/.env
# Backups
/*.tar.gz
/*.zip
# Plugins
/plugins/*
/plugins/**/*
!/plugins/.gitkeep

24
util/ansible/deploy.yml
View File

@ -1,21 +1,21 @@
---
- hosts: all
become: true
vars:
util_base : "{{ playbook_dir | dirname }}"
www_base : "{{ util_base | dirname }}"
app_base : "{{ www_base | dirname }}"
tmp_base : "{{ app_base }}/www_tmp"
app_env : "production"
update_mode : false
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
app_base: "{{ www_base | dirname }}"
tmp_base: "{{ app_base }}/www_tmp"
app_env: "production"
update_mode: false
dev_azuracast_user_password: "azuracast"
dev_mysql_user_password: "azuracast"
dev_azuracast_user_password : "azuracast"
dev_mysql_user_password : "azuracast"
environment:
DEBIAN_FRONTEND: noninteractive
environment :
DEBIAN_FRONTEND : noninteractive
roles :
roles:
- init
- azuracast-user
- azuracast-config

13
util/ansible/roles/azuracast-build/tasks/main.yml
View File

@ -16,21 +16,26 @@
- name: Pull Node Dependencies
become: true
become_user: azuracast
shell: npm ci
command: >-
npm ci
args:
chdir: "{{ www_base }}/frontend"
- name: Build AzuraCast Frontend Scripts
become: true
become_user: azuracast
shell: npm run build
command: >-
npm run build
args:
chdir: "{{ www_base }}/frontend"
- name: Set permissions of generated frontend content
shell: "{{ item }}"
with_items:
command: >-
{{ azuracast_build_perm_command }}
loop:
- "chown -R azuracast:www-data {{ www_base }}"
- "find {{ www_base }} -type d -exec chmod 755 {} \\;"
- "find {{ www_base }} -type f -exec chmod 644 {} \\;"
loop_control:
loop_var: azuracast_build_perm_command
# Note: Don't add warn: false here, it's incompatible with the earlier Ansibles used in 16.04/18.04.

53
util/ansible/roles/azuracast-config/tasks/main.yml
View File

@ -1,25 +1,42 @@
---
- name : Write environment configuration file
template : src=env.ini.j2 dest="{{ www_base }}/env.ini" owner=azuracast group=www-data mode=0644 force=no
- name: Write environment configuration file
template:
src: env.ini.j2
dest: "{{ www_base }}/env.ini"
owner: azuracast
group: www-data
mode: 0644
force: false
- name : Set up environment file
ini_file :
dest : "{{ www_base }}/env.ini"
section : "configuration"
option : "application_env"
value : "{{ app_env }}"
- name: Set up environment file
ini_file:
dest: "{{ www_base }}/env.ini"
section: "configuration"
option: "application_env"
value: "{{ app_env }}"
mode: 0644
- name : Set Permissions on Base App Folder
file : path="{{ item }}" state=directory owner=azuracast group=www-data
with_items :
- "{{ app_base }}"
- name: Set Permissions on Base App Folder
file:
path: "{{ app_base }}"
state: directory
owner: azuracast
group: www-data
mode: 0775
- name : Clear temp directory
file : path="{{ tmp_base }}" state=absent
- name: Clear temp directory
file:
path: "{{ tmp_base }}"
state: absent
- name : Create System Folders
file : path="{{ item }}" state=directory owner=azuracast group=www-data mode=0774
with_items :
- name: Create System Folders
file:
path: "{{ azuracast_config_sys_directory }}"
state: directory
owner: azuracast
group: www-data
mode: 0775
loop:
- "{{ tmp_base }}"
- "{{ tmp_base }}/proxies"
- "{{ app_base }}/stations"
@ -30,3 +47,5 @@
- "{{ app_base }}/servers/shoutcast2"
- "{{ app_base }}/servers/icecast2"
- "{{ app_base }}/uploads"
loop_control:
loop_var: azuracast_config_sys_directory

18
util/ansible/roles/azuracast-cron/tasks/main.yml
View File

@ -1,19 +1,23 @@
---
- name: Install cron-related packages
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
name:
- cron
- tmpreaper
- name: Generate Cron Template
template: src=azuracast_cron.j2 dest="{{ tmp_base }}/azuracast_cron" force=true
template:
src: azuracast_cron.j2
dest: "{{ tmp_base }}/azuracast_cron"
force: true
mode: 0644
- name: Install Cron file
shell: "crontab -u azuracast {{ tmp_base }}/azuracast_cron"
command: >-
crontab -u azuracast {{ tmp_base }}/azuracast_cron
notify: restart cron
- name: Clean up temp Cron file
file: path="{{ tmp_base }}/azuracast_cron" state=absent
file:
path: "{{ tmp_base }}/azuracast_cron"
state: absent

118
util/ansible/roles/azuracast-db-install/tasks/main.yml
View File

@ -1,67 +1,83 @@
---
- name : (Prod) Generate MariaDB User Password
command : pwgen 8 -sn 1
register : prod_mysql_user_password
when : app_env == "production"
- name: (Prod) Generate MariaDB User Password
command: pwgen 8 -sn 1
register: prod_mysql_user_password
when: app_env == "production"
- name : Assign User Password
set_fact :
mysql_user_password : "{{ prod_mysql_user_password.stdout if app_env == 'production' else dev_mysql_user_password }}"
- name: Assign User Password
set_fact:
mysql_user_password: "{{ prod_mysql_user_password.stdout if app_env == 'production' else dev_mysql_user_password }}"
- name : Add configuration
template : src=my.cnf.j2 dest=/etc/mysql/conf.d/my.cnf owner=root group=root mode=0644
- name: Add configuration
template: src=my.cnf.j2 dest=/etc/mysql/conf.d/my.cnf owner=root group=root mode=0644
- name : Add empty root .my.cnf (if none exists)
template : src=root_empty_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 force=no
- name: Add empty root .my.cnf (if none exists)
template: src=root_empty_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 force=no
- name : MariaDB Cleanup
command : 'mysql --defaults-extra-file=/root/.my.cnf -ne "{{ item }}"'
with_items :
- name: MariaDB Cleanup
command: >-
mysql --defaults-extra-file=/root/.my.cnf -ne "{{ azure_db_install_sql_cleanup_query }}"
loop:
- "DELETE FROM mysql.user WHERE User=''"
- "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
- "DROP DATABASE test"
- "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
changed_when : False
ignore_errors : True
loop_control:
loop_var: azure_db_install_sql_cleanup_query
changed_when: false
ignore_errors: true
# MySQL Secure Installation
- name : Set up AzuraCast database user
mysql_user :
name : azuracast
host : "localhost"
password : "{{ mysql_user_password }}"
priv : "azuracast.*:ALL,GRANT"
state : present
notify : send mysql notification
- name: Set up AzuraCast database user
mysql_user:
name: azuracast
host: "localhost"
password: "{{ mysql_user_password }}"
priv: "azuracast.*:ALL,GRANT"
state: present
notify: send mysql notification
- name : Add .my.cnf
template : src=user_my.cnf.j2 dest="{{ app_base }}/.my.cnf" owner=azuracast group=www-data mode=0644 force=yes
- name: Add .my.cnf
template:
src: user_my.cnf.j2
dest: "{{ app_base }}/.my.cnf"
owner: azuracast
group: www-data
mode: 0644
force: true
- name : Reload privilege tables
command : 'mysql --defaults-extra-file=/root/.my.cnf -ne "{{ item }}"'
with_items :
- "FLUSH PRIVILEGES"
changed_when : False
- name: Reload privilege tables
command: >-
mysql --defaults-extra-file=/root/.my.cnf -ne "FLUSH PRIVILEGES"
changed_when: false
# Create Database
- name : Create MySQL Database
mysql_db :
config_file : "/root/.my.cnf"
name : azuracast
state : present
collation : utf8mb4_unicode_ci
encoding : utf8mb4
register : azuracast_db_created
- name: Create MySQL Database
mysql_db:
config_file: "/root/.my.cnf"
name: azuracast
state: present
collation: utf8mb4_unicode_ci
encoding: utf8mb4
register: azuracast_db_created
- name : Set up environment file
ini_file :
dest : "{{ www_base }}/env.ini"
section : "configuration"
option : "{{ item.option }}"
value : "{{ item.value }}"
with_items :
- { option : 'MYSQL_HOST', value : 'localhost' }
- { option : 'MYSQL_PORT', value : '3306' }
- { option : 'MYSQL_USER', value : 'azuracast' }
- { option : 'MYSQL_DB', value : 'azuracast' }
- { option : 'MYSQL_PASSWORD', value : "{{ mysql_user_password }}" }
- name: Set up environment file
ini_file:
dest: "{{ www_base }}/env.ini"
section: "configuration"
option: "{{ azure_db_install_env_ini.option }}"
value: "{{ azure_db_install_env_ini.value }}"
mode: 0644
loop:
- option: 'MYSQL_HOST'
value: 'localhost'
- option: 'MYSQL_PORT'
value: '3306'
- option: 'MYSQL_USER'
value: 'azuracast'
- option: 'MYSQL_DB'
value: 'azuracast'
- option: 'MYSQL_PASSWORD'
value: "{{ mysql_user_password }}"
loop_control:
loop_var: azure_db_install_env_ini

7
util/ansible/roles/azuracast-radio/tasks/icecast.yml
View File

@ -2,8 +2,7 @@
- name: Install IceCast-KH-AC Dependencies
apt:
name: "{{ packages }}"
state: latest
install_recommends: no
install_recommends: false
vars:
packages:
- libxml2
@ -17,13 +16,13 @@
get_url:
url: https://github.com/AzuraCast/icecast-kh-ac/archive/2.4.0-kh13-ac2.tar.gz
dest: "{{ app_base }}/servers/icecast2/icecast2.tar.gz"
force: yes
force: true
- name: Extract IceCast-KH-AC Source
unarchive:
src: "{{ app_base }}/servers/icecast2/icecast2.tar.gz"
dest: "{{ app_base }}/servers/icecast2"
remote_src: yes
remote_src: true
mode: "u=rwx,g=rx,o=rx"
owner: "azuracast"
group: "www-data"

10
util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml
View File

@ -7,8 +7,7 @@
- name: Install Liquidsoap Dependencies
apt:
name: "{{ packages }}"
state: latest
install_recommends: no
install_recommends: false
vars:
packages:
- libao-dev
@ -53,8 +52,7 @@
- name: Install Optional Audio Plugins
apt:
name: "{{ packages }}"
state: latest
install_recommends: no
install_recommends: false
vars:
packages:
- frei0r-plugins-dev
@ -67,7 +65,7 @@
- name: Get the DPKG Architecture
shell: dpkg --print-architecture
register: dpkg_arch
ignore_errors: True
ignore_errors: true
- name: Install Liquidsoap
apt:
@ -78,4 +76,4 @@
src: "/usr/bin/liquidsoap"
dest: /usr/local/bin/liquidsoap
state: link
force: yes
force: true

19
util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml
View File

@ -7,13 +7,12 @@
- name: Add OPAM/OCaml Repository
apt_repository:
repo: "ppa:avsm/ppa"
update_cache: yes
update_cache: true
- name: Install Liquidsoap Dependencies
apt:
name: "{{ packages }}"
state: latest
install_recommends: no
install_recommends: false
vars:
packages:
- ffmpeg
@ -54,14 +53,20 @@
- name: Initialize OPAM
become_user: azuracast
shell: "opam init -a --disable-sandboxing --bare && opam switch create 4.12.0"
shell: >-
opam init -a --disable-sandboxing --bare
&& opam switch create 4.12.0
args:
chdir: "{{ app_base }}"
executable: "bash" # Fixes some possible hang issues.
executable: "bash" # Fixes some possible hang issues.
- name: Build and Install Liquidsoap and Dependencies
become_user: azuracast
shell: "opam install -y ladspa.0.2.0 ffmpeg.1.1.1 ffmpeg-avutil.1.1.1 ffmpeg-avcodec.1.1.1 ffmpeg-avdevice.1.1.1 ffmpeg-av.1.1.1 ffmpeg-avfilter.1.1.1 ffmpeg-swresample.1.1.1 ffmpeg-swscale.1.1.1 frei0r.0.1.2 samplerate.0.1.6 taglib.0.3.7 mad.0.5.0 faad.0.5.0 fdkaac.0.3.2 lame.0.3.5 vorbis.0.8.0 cry.0.6.5 flac.0.3.0 opus.0.2.0 dtools.0.4.4 duppy.0.9.2 ocurl.0.9.1 ssl liquidsoap.2.0.2"
shell: >-
opam install -y ladspa.0.2.0 ffmpeg.1.1.1 ffmpeg-avutil.1.1.1 ffmpeg-avcodec.1.1.1 ffmpeg-avdevice.1.1.1
ffmpeg-av.1.1.1 ffmpeg-avfilter.1.1.1 ffmpeg-swresample.1.1.1 ffmpeg-swscale.1.1.1 frei0r.0.1.2 samplerate.0.1.6
taglib.0.3.7 mad.0.5.0 faad.0.5.0 fdkaac.0.3.2 lame.0.3.5 vorbis.0.8.0 cry.0.6.5 flac.0.3.0 opus.0.2.0 dtools.0.4.4
duppy.0.9.2 ocurl.0.9.1 ssl liquidsoap.2.0.2
args:
chdir: "{{ app_base }}"
register: install_result
@ -82,4 +87,4 @@
src: "{{ app_base }}/.opam/4.12.0/bin/liquidsoap"
dest: /usr/local/bin/liquidsoap
state: link
force: yes
force: true

35
util/ansible/roles/azuracast-radio/tasks/main.yml
View File

@ -12,25 +12,22 @@
when:
- ansible_distribution_release == 'focal'
- name : Add Audiowaveform PPA
apt_repository :
repo : "ppa:chris-needham/ppa"
update_cache : yes
- name: Add Audiowaveform PPA
apt_repository:
repo: "ppa:chris-needham/ppa"
update_cache: true
- name : Install Audiowaveform
apt :
name : audiowaveform
state : latest
install_recommends : no
- name: Install Audiowaveform
apt:
name: audiowaveform
install_recommends: false
- name : Install Flac
apt :
name : flac
state : latest
install_recommends : no
- name: Install Flac
apt:
name: flac
install_recommends: false
- name : Install Vorbis-Tools
apt :
name : vorbis-tools
state : latest
install_recommends : no
- name: Install Vorbis-Tools
apt:
name: vorbis-tools
install_recommends: false

43
util/ansible/roles/azuracast-setup/tasks/main.yml
View File

@ -1,24 +1,31 @@
---
- name : Ensure update script continues to be executable
file : path="{{ item }}" state=touch mode="a+x"
with_items :
- name: Ensure update script continues to be executable
file:
path: "{{ azuracast_setup_update_script }}"
state: touch
mode: "a+x"
loop:
- "{{ www_base }}/update.sh"
- "{{ www_base }}/bin/console"
loop_control:
loop_var: azuracast_setup_update_script
- name : Run AzuraCast Setup (Install Mode)
become : true
become_user : azuracast
shell : php {{ www_base }}/bin/console azuracast:setup
when : update_mode|bool == false
- name: Run AzuraCast Setup (Install Mode)
become: true
become_user: azuracast
shell: >-
php {{ www_base }}/bin/console azuracast:setup
when: update_mode|bool
- name : Migrate Legacy Configuration (Update Mode)
become : true
become_user : azuracast
shell : php {{ www_base }}/bin/console azuracast:config:migrate
when : update_mode|bool == true
- name: Migrate Legacy Configuration (Update Mode)
become: true
become_user: azuracast
shell: >-
php {{ www_base }}/bin/console azuracast:config:migrate
when: update_mode|bool
- name : Run AzuraCast Setup (Update Mode)
become : true
become_user : azuracast
shell : php {{ www_base }}/bin/console azuracast:setup --update
when : update_mode|bool == true
- name: Run AzuraCast Setup (Update Mode)
become: true
become_user: azuracast
shell: php {{ www_base }}/bin/console azuracast:setup --update
when: update_mode|bool

6
util/ansible/roles/azuracast-user/handlers/main.yml
View File

@ -1,4 +1,6 @@
---
- name: send user notification
- name: Send user notification
debug:
msg: "A user account named 'azuracast' has been created. The password associated with this account is: {{ prod_azuracast_user_password.stdout }}"
msg: >-
A user account named 'azuracast' has been created. The password associated with this
account is: {{ prod_azuracast_user_password.stdout }}

46
util/ansible/roles/azuracast-user/tasks/main.yml
View File

@ -1,23 +1,31 @@
---
- name: Generate AzuraCast Password
command: pwgen 8 -sn 1
register: prod_azuracast_user_password
- name: Generate AzuraCast Password
command: >-
pwgen 8 -sn 1
register: prod_azuracast_user_password
- name: Create Groups
group: name="{{ item }}" state=present
with_items:
- www-data
- admin
- name: Create Groups
group:
name: "{{ azuracast_user_sys_group }}"
state: present
loop:
- www-data
- admin
loop_control:
loop_var: azuracast_user_sys_group
- name: Create AzuraCast User
user:
name: azuracast
home: "{{ app_base }}"
comment: "AzuraCast"
shell: /bin/bash
groups: 'sudo,admin,www-data'
password: "{{ prod_azuracast_user_password.stdout|password_hash('sha512') }}"
notify: send user notification
- name: Create AzuraCast User
user:
name: azuracast
home: "{{ app_base }}"
comment: "AzuraCast"
shell: /bin/bash
groups: 'sudo,admin,www-data'
password: "{{ prod_azuracast_user_password.stdout|password_hash('sha512') }}"
notify: send user notification
- name: Modify www-data User
user: name=www-data groups="azuracast" append=yes
- name: Modify www-data User
user:
name: www-data
groups: "azuracast"
append: true

7
util/ansible/roles/beanstalkd/tasks/main.yml
View File

@ -2,7 +2,10 @@
- name: Install Beanstalkd
apt:
name: beanstalkd
state: latest
- name: Extend default message size.
template: src=etc_default_beanstalkd.j2 dest=/etc/default/beanstalkd force=yes
template:
src: etc_default_beanstalkd.j2
dest: /etc/default/beanstalkd
force: true
mode: 0644

12
util/ansible/roles/composer/tasks/main.yml
View File

@ -1,8 +1,10 @@
---
- name: Install Composer
shell: curl -fsSL https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
shell: >-
curl -fsSL https://getcomposer.org/installer
| php -- --install-dir=/usr/bin --filename=composer
args:
warn: no
warn: false
- name: Clear existing vendor folder
file:
@ -28,7 +30,8 @@
- name: Install Composer Dependencies (Development)
become: true
become_user: azuracast
shell : composer install --ignore-platform-req=php
command: >-
composer install --ignore-platform-req=php
args:
chdir: "{{ www_base }}"
when: app_env == "development"
@ -36,7 +39,8 @@
- name: Install Composer Dependencies (Production)
become: true
become_user: azuracast
shell : composer install --ignore-platform-req=php --no-dev --optimize-autoloader
command: >-
composer install --ignore-platform-req=php --no-dev --optimize-autoloader
args:
chdir: "{{ www_base }}"
when: app_env == "production"

7
util/ansible/roles/debug-dump/tasks/main.yml
View File

@ -1,3 +1,6 @@
---
- name: Dump all vars
action: template src=dumpall.j2 dest="{{ app_base }}/ansible/vars.txt"
- name: Dump all vars
template:
src: dumpall.j2
dest: "{{ app_base }}/ansible/vars.txt"
mode: 0644

6
util/ansible/roles/influxdb/tasks/main.yml
View File

@ -3,11 +3,11 @@
service:
name: "influxdb"
state: stopped
ignore_errors: True
ignore_errors: true
- name: Remove InfluxDB if Present
apt:
name: "influxdb"
state: absent
force: yes
purge: yes
force: true
purge: true

50
util/ansible/roles/init/tasks/main.yml
View File

@ -1,38 +1,44 @@
---
- debug:
msg: "Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})"
- name: Running context
debug:
msg: >-
Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }}
{{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})"
- fail:
- name: Sanity check
fail:
msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu."
when: ansible_distribution != 'Ubuntu'
- fail:
- name: Sanity check
fail:
msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu 16.04, 18.04 or 20.04 LTS."
when:
when:
- ansible_distribution_release != 'bionic'
- ansible_distribution_release != 'xenial'
- ansible_distribution_release != 'focal'
- name: Add multiverse repository
apt_repository:
repo: "{{item}}"
update_cache: no
repo: "{{ init_repo_to_add }}"
update_cache: false
when:
- ansible_architecture == 'x86_64' or ansible_architecture == 'i386'
with_items:
- "deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}} multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}}-updates multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse"
loop:
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
loop_control:
loop_var: init_repo_to_add
- name: Update apt
apt:
update_cache: yes
update_cache: true
- name: Install system packages
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
- apt-transport-https
@ -49,30 +55,21 @@
- name: Install Focal Packages (20.04)
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
name:
- software-properties-common
- python3-pip
when: ansible_distribution_release == 'focal'
- name: Install Bionic Packages (18.04 only)
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
name:
- software-properties-common
- python-pip
when: ansible_distribution_release == 'bionic'
- name: Install Xenial Packages (16.04 only)
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
name:
- python-software-properties
- python-pip
when: ansible_distribution_release == 'xenial'
@ -80,4 +77,3 @@
- name: Update pip components
pip:
name: pip
state: latest

27
util/ansible/roles/mariadb/tasks/main.yml
View File

@ -1,16 +1,21 @@
---
- name : Update MariaDB Dependencies
shell : curl -sSL https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | bash -s -- --mariadb-server-version="mariadb-10.5"
- name: Update MariaDB Dependencies
shell: >-
curl -sSL https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
| bash -s -- --mariadb-server-version="mariadb-10.5"
- name : Install MariaDB
apt :
name : "{{ packages }}"
state : latest
update_cache : yes
vars :
packages :
- name: Install MariaDB
apt:
name: "{{ packages }}"
state: present
update_cache: true
vars:
packages:
- mariadb-server
- mariadb-client
- name : Start and enable service
service : name=mysql state=started enabled=yes
- name: Start and enable service
service:
name: mysql
state: started
enabled: true

127
util/ansible/roles/nginx/tasks/main.yml
View File

@ -1,73 +1,82 @@
---
- name: Uninstall web server packages that may conflict with nginx
apt:
name: "{{ packages }}"
state: absent
vars:
packages:
- apache2
- lighttpd
- name: Uninstall web server packages that may conflict with nginx
apt:
name:
- apache2
- lighttpd
state: absent
- name: Unhold nginx-related packages for updates
dpkg_selections:
name: "{{ item }}"
selection: install
with_items:
- "nginx"
- "nginx-common"
- "nginx-extras"
- name: Unhold nginx-related packages for updates
dpkg_selections:
name: "{{ nginx_pkg_select }}"
selection: install
loop:
- "nginx"
- "nginx-common"
- "nginx-extras"
loop_control:
loop_var: nginx_pkg_select
- name: Remove any older nginx
apt:
name: "{{ packages }}"
state: absent
purge: yes
vars:
packages:
- nginx
- nginx-common
- nginx-extras
- name: Remove any older nginx
apt:
name:
- nginx
- nginx-common
- nginx-extras
state: absent
purge: true
- name: Install nginx
apt:
name: "{{ packages }}"
state: latest
vars:
packages:
- name: Install nginx
apt:
name:
- nginx
- nginx-common
- nginx-extras
- name: Create nginx ssl directory
file: path="{{ item }}" state=directory owner=root group=root mode=0744
with_items:
- "/etc/nginx/ssl"
- name: Create nginx ssl directory
file:
path: "/etc/nginx/ssl"
state: directory
owner: root
group: root
mode: 0744
- name: Create self-signed SSL cert
command: openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -extensions v3_ca
args:
creates: /etc/nginx/ssl/server.crt
- name: Create self-signed SSL cert
command: >-
openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650
-keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -extensions v3_ca
args:
creates: /etc/nginx/ssl/server.crt
- name: Remove default nginx site symlink
file:
path: "/etc/nginx/sites-enabled/default"
state: absent
- name: Remove default nginx site symlink
file:
path: "/etc/nginx/sites-enabled/default"
state: absent
- name: Add nginx global config
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf force=yes backup=yes
- name: Add nginx global config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
force: true
backup: true
mode: 0644
- name: Add app-specific nginx site
template: src=default.j2 dest=/etc/nginx/sites-available/00-azuracast force=yes
- name: Add app-specific nginx site
template:
src: default.j2
dest: /etc/nginx/sites-available/00-azuracast
force: true
mode: 0644
- name: Link app-specific nginx site
file:
path: "/etc/nginx/sites-enabled/00-azuracast"
state: link
src: "/etc/nginx/sites-available/00-azuracast"
- name: Link app-specific nginx site
file:
path: "/etc/nginx/sites-enabled/00-azuracast"
state: link
src: "/etc/nginx/sites-available/00-azuracast"
- name: Turn sendfile off on nginx for local development
replace:
dest: /etc/nginx/nginx.conf
regexp: 'sendfile on;'
replace: 'sendfile off;'
when: app_env == "development"
- name: Turn sendfile off on nginx for local development
replace:
dest: /etc/nginx/nginx.conf
regexp: 'sendfile on;'
replace: 'sendfile off;'
when: app_env == "development"

32
util/ansible/roles/php/tasks/main.yml
View File

@ -2,7 +2,7 @@
- name: Add PHP PPA repository
apt_repository:
repo: "ppa:ondrej/php"
update_cache: yes
update_cache: true
- name: Remove Old PHP Libraries
apt:
@ -24,7 +24,7 @@
- name: "Install PHP {{ php_version }}"
apt:
name: "{{ packages }}"
state: latest
state: present
vars:
packages:
- "php{{ php_version }}-fpm"
@ -45,24 +45,30 @@
template:
src: fpmpool.j2
dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
force: True
force: true
mode: 0644
- name: Configure php-fpm php.ini
ini_file:
dest: "/etc/php/{{ php_version }}/fpm/php.ini"
section: PHP
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- { option: 'post_max_size', value: "50M" }
- { option: 'short_open_tag', value: "On" }
- { option: 'upload_max_filesize', value: "50M" }
option: "{{ php_init_option.option }}"
value: "{{ php_init_option.value }}"
mode: 0644
loop:
- option: "post_max_size"
value: "50M"
- option: "short_open_tag"
value: "On"
- option: "upload_max_filesize"
value: "50M"
loop_control:
loop_var: php_init_option
- name: Configure php-cli php.ini
ini_file:
dest: "/etc/php/{{ php_version }}/cli/php.ini"
section: PHP
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- { option: 'short_open_tag', value: "On" }
option: "short_open_tag"
value: "On"
mode: 0644

11
util/ansible/roles/redis/tasks/main.yml
View File

@ -2,19 +2,20 @@
- name: Add Redis PPA repository
apt_repository:
repo: "ppa:chris-lea/redis-server"
update_cache: yes
update_cache: true
- name: Install Redis
apt:
name: redis-server
state: latest
- name: Enable and restart all core services
service:
name: "{{ item }}"
enabled: yes
enabled: true
state: restarted
ignore_errors: True
with_items:
ignore_errors: true
loop:
- "redis-server"
- "redis"
loop_control:
loop_var: redis_service_to_restart

4
util/ansible/roles/services/tasks/main.yml
View File

@ -2,9 +2,9 @@
- name: Enable and restart all core services
service:
name: "{{ item }}"
enabled: yes
enabled: true
state: restarted
ignore_errors: True
ignore_errors: true
with_items:
- "mysql"
- "php8.1-fpm"

52
util/ansible/roles/supervisord/tasks/main.yml
View File

@ -1,26 +1,36 @@
---
- name: Install supervisord from repo
apt:
name: supervisor
state: latest
register: supervisord_install
- name: Install supervisord from repo
apt:
name: supervisor
register: supervisord_install
- name: Change supervisord configuration
template: src=supervisord.conf.j2 dest=/etc/supervisor/supervisord.conf force=yes
register: supervisord_conf
- name: Change supervisord configuration
template:
src: supervisord.conf.j2
dest: /etc/supervisor/supervisord.conf
force: true
mode: 0644
register: supervisord_conf
- name: Remove old core supervisord configuration
file:
path: /etc/supervisor/conf.d/core.conf
state: absent
register: supervisord_core
- name: Remove old core supervisord configuration
file:
path: /etc/supervisor/conf.d/core.conf
state: absent
register: supervisord_core
- name: Kill legacy radio processes (if upgrading from older version)
command: killall -q -9 icecast2 sc_serv liquidsoap
ignore_errors: true
when: supervisord_install.changed
- name: Kill legacy radio processes (if upgrading from older version)
command: >-
killall -q -9 icecast2 sc_serv liquidsoap
ignore_errors: true
when: supervisord_install.changed
- name: Trigger manual restart of supervisord (if not already running)
service: name=supervisor enabled=yes state=restarted
when: supervisord_install.changed or supervisord_conf.changed or supervisord_core.changed
ignore_errors: true
- name: Trigger manual restart of supervisord (if not already running)
service:
name: supervisor
enabled: true
state: restarted
when: >-
supervisord_install is changed
or supervisord_conf is changed
or supervisord_core is changed
ignore_errors: true

13
util/ansible/roles/ufw/tasks/main.yml
View File

@ -2,7 +2,6 @@
- name: Install UFW Firewall
apt:
name: ufw
state: latest
- name: UFW - Disable all other incoming by default
ufw:
@ -17,12 +16,14 @@
- name: UFW - Enable AzuraCast TCP Ports
ufw:
rule: allow
port: "{{ item }}"
port: "{{ ufw_allow_rule }}"
proto: tcp
with_items:
- 80
- 443
- '8000:8999'
loop:
- 80
- 443
- '8000:8999'
loop_control:
loop_var: ufw_allow_rule
- name: UFW - Enable SSH
ufw:

104
util/ansible/roles/uninstall/tasks/main.yml
View File

@ -1,58 +1,70 @@
---
- debug:
msg: "Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})"
- name: "Running context"
debug:
msg: >-
Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }}
{{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})
- name: Shut down all services
service:
name: "{{ item }}"
state: stopped
with_items:
- influxdb
- mysql
- php7.4-fpm
- nginx
- redis-server
- supervisor
ignore_errors: True
- name: "Shut down all services"
service:
name: "{{ uninstall_svc_to_stop }}"
state: stopped
loop:
- "influxdb"
- "mysql"
- "php7.4-fpm"
- "nginx"
- "redis-server"
- "supervisor"
loop_control:
loop_var: uninstall_svc_to_stop
ignore_errors: true
- name: Kill all processes owned by AzuraCast user
command: pkill -9 -u azuracast
ignore_errors: true
- name: Kill all processes owned by AzuraCast user
command: pkill -9 -u azuracast
ignore_errors: true
- name: Update apt
apt:
update_cache: yes
- name: Update apt
apt:
update_cache: true
- name: Remove AzuraCast User
user:
name: azuracast
state: absent
- name: Remove AzuraCast User
user:
name: azuracast
state: absent
- name: Remove AzuraCast folders
file: path="{{ item }}" state=absent
with_items:
- "{{ tmp_base }}"
- "{{ app_base }}/servers"
- name: "Remove AzuraCast folders"
file:
path: "{{ uninstall_file_to_delete }}"
state: absent
loop:
- "{{ tmp_base }}"
- "{{ app_base }}/servers"
loop_control:
loop_var: uninstall_file_to_delete
- name: Remove PPAs
apt_repository: repo="{{ item }}" state=absent
with_items:
- ppa:avsm/ppa
- name: Remove PPAs
apt_repository:
repo: "{{ item }}"
state: absent
loop:
- "ppa:avsm/ppa"
loop_control:
loop_var: uninstall_repo_to_delete
- name: UFW - Turn off Firewall
ufw:
state: disabled
ignore_errors: True
- name: UFW - Turn off Firewall
ufw:
state: disabled
ignore_errors: true
- name: Remove software
apt:
name: "{{ packages }}"
state: absent
force: yes
purge: yes
vars:
packages:
- name: Remove software
apt:
name: "{{ packages }}"
state: absent
force: true
purge: true
vars:
packages:
# Radio software
- icecast2
- liquidsoap

3
util/ansible/uninstall.yml
View File

@ -1,6 +1,7 @@
---
- hosts: all
become: true
vars:
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
@ -10,4 +11,4 @@
update_revision: 1
roles:
- uninstall
- "uninstall"

89
util/ansible/update.yml
View File

@ -1,33 +1,62 @@
---
- hosts : all
become : true
vars :
util_base : "{{ playbook_dir | dirname }}"
www_base : "{{ util_base | dirname }}"
app_base : "{{ www_base | dirname }}"
tmp_base : "{{ app_base }}/www_tmp"
app_env : "production"
update_mode : true
update_revision : 1
- hosts: all
become: true
environment :
DEBIAN_FRONTEND : noninteractive
vars:
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
app_base: "{{ www_base | dirname }}"
tmp_base: "{{ app_base }}/www_tmp"
app_env: "production"
update_mode: true
update_revision: 1
roles :
- init
- azuracast-config
- { role: azuracast-radio, when: update_revision|int < 70 }
- { role : supervisord, when : update_revision|int < 13 }
- { role : mariadb, when : update_revision|int < 63 }
- { role : nginx, when : update_revision|int < 60 }
- { role : redis, when : update_revision|int < 57 }
- { role: beanstalkd, when: update_revision|int < 67 }
- { role : php, when : update_revision|int < 68 }
- composer
- { role : influxdb, when : update_revision|int < 58 }
- { role : ufw, when : update_revision|int < 12 }
- { role : dbip, when : update_revision|int < 51 }
- { role : services, when : update_revision|int < 13 }
- { role: azuracast-cron, when: update_revision|int < 71 }
- azuracast-build
- azuracast-setup
environment:
DEBIAN_FRONTEND: noninteractive
roles:
- role: "init"
- role: "azuracast-config"
- role: "azuracast-radio"
when: update_revision|int < 70
- role: "supervisord"
when: update_revision|int < 13
- role: "mariadb"
when: update_revision|int < 63
- role: "nginx"
when: update_revision|int < 60
- role: "redis"
when: update_revision|int < 57
- role: "beanstalkd"
when: update_revision|int < 67
- role: "php"
when: update_revision|int < 68
- role: "composer"
- role: "influxdb"
when: update_revision|int < 58
- role: "ufw"
when: update_revision|int < 12
- role: "dbip"
when: update_revision|int < 51
- role: "services"
when: update_revision|int < 13
- role: "azuracast-cron"
when: update_revision|int < 71
- role: "azuracast-build"
- role: "azuracast-setup"