diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 50ca47467..000000000 --- a/.gitignore +++ /dev/null @@ -1,62 +0,0 @@ -# Node Modules -node_modules - -# Junk/cache files. -*Thumbs.db -tmp/cache/*---* -*.DS_Store -*.apdisk -.vagrant -.idea -/ubuntu-*-console.log -.phplint-cache - -# Local development files. -/config/routes.dev.php -/env.ini -/app/env.ini -/app/.env -/azuracast.env -/util/fixtures/* -/util/fixtures/**/* -!/util/fixtures/.gitkeep -/util/local_ssl/* -!/util/local_ssl/.gitkeep -/web/static/yarn-error.log -/util/package_usage_report* - -# Composer-generated content -/vendor/* -/vendor/**/* -!/vendor/.gitkeep - -# NPM built content -/web/static/dist/* -/web/static/dist/**/* -!/web/static/dist/.gitkeep -/web/static/webpack_dist/* -/web/static/webpack_dist/**/* -!/web/static/webpack_dist/.gitkeep -/web/static/assets.json -/web/static/webpack.json - -# Ansible deployment files -/ansible/ -/util/ansible/deploy.retry -/util/ansible/update.retry -/tests/_output/* - -# Docker files -/docker-compose.yml -/docker-compose.new.yml -/docker-compose.override.yml -/.env - -# Backups -/*.tar.gz -/*.zip - -# Plugins -/plugins/* -/plugins/**/* -!/plugins/.gitkeep diff --git a/util/ansible/deploy.yml b/util/ansible/deploy.yml index daf9a1747..eb6a0ee20 100644 --- a/util/ansible/deploy.yml +++ b/util/ansible/deploy.yml @@ -1,21 +1,21 @@ --- - hosts: all become: true + vars: - util_base : "{{ playbook_dir | dirname }}" - www_base : "{{ util_base | dirname }}" - app_base : "{{ www_base | dirname }}" - tmp_base : "{{ app_base }}/www_tmp" - app_env : "production" - update_mode : false + util_base: "{{ playbook_dir | dirname }}" + www_base: "{{ util_base | dirname }}" + app_base: "{{ www_base | dirname }}" + tmp_base: "{{ app_base }}/www_tmp" + app_env: "production" + update_mode: false + dev_azuracast_user_password: "azuracast" + dev_mysql_user_password: "azuracast" - dev_azuracast_user_password : "azuracast" - dev_mysql_user_password : "azuracast" + environment: + DEBIAN_FRONTEND: noninteractive - environment : - DEBIAN_FRONTEND : noninteractive - - roles : + roles: - init - azuracast-user - azuracast-config diff --git a/util/ansible/roles/azuracast-build/tasks/main.yml b/util/ansible/roles/azuracast-build/tasks/main.yml index 72a713447..c47087ba6 100644 --- a/util/ansible/roles/azuracast-build/tasks/main.yml +++ b/util/ansible/roles/azuracast-build/tasks/main.yml @@ -16,21 +16,26 @@ - name: Pull Node Dependencies become: true become_user: azuracast - shell: npm ci + command: >- + npm ci args: chdir: "{{ www_base }}/frontend" - name: Build AzuraCast Frontend Scripts become: true become_user: azuracast - shell: npm run build + command: >- + npm run build args: chdir: "{{ www_base }}/frontend" - name: Set permissions of generated frontend content - shell: "{{ item }}" - with_items: + command: >- + {{ azuracast_build_perm_command }} + loop: - "chown -R azuracast:www-data {{ www_base }}" - "find {{ www_base }} -type d -exec chmod 755 {} \\;" - "find {{ www_base }} -type f -exec chmod 644 {} \\;" + loop_control: + loop_var: azuracast_build_perm_command # Note: Don't add warn: false here, it's incompatible with the earlier Ansibles used in 16.04/18.04. diff --git a/util/ansible/roles/azuracast-config/tasks/main.yml b/util/ansible/roles/azuracast-config/tasks/main.yml index 14880e42f..62b11eddb 100644 --- a/util/ansible/roles/azuracast-config/tasks/main.yml +++ b/util/ansible/roles/azuracast-config/tasks/main.yml @@ -1,25 +1,42 @@ --- -- name : Write environment configuration file - template : src=env.ini.j2 dest="{{ www_base }}/env.ini" owner=azuracast group=www-data mode=0644 force=no +- name: Write environment configuration file + template: + src: env.ini.j2 + dest: "{{ www_base }}/env.ini" + owner: azuracast + group: www-data + mode: 0644 + force: false -- name : Set up environment file - ini_file : - dest : "{{ www_base }}/env.ini" - section : "configuration" - option : "application_env" - value : "{{ app_env }}" +- name: Set up environment file + ini_file: + dest: "{{ www_base }}/env.ini" + section: "configuration" + option: "application_env" + value: "{{ app_env }}" + mode: 0644 -- name : Set Permissions on Base App Folder - file : path="{{ item }}" state=directory owner=azuracast group=www-data - with_items : - - "{{ app_base }}" +- name: Set Permissions on Base App Folder + file: + path: "{{ app_base }}" + state: directory + owner: azuracast + group: www-data + mode: 0775 -- name : Clear temp directory - file : path="{{ tmp_base }}" state=absent +- name: Clear temp directory + file: + path: "{{ tmp_base }}" + state: absent -- name : Create System Folders - file : path="{{ item }}" state=directory owner=azuracast group=www-data mode=0774 - with_items : +- name: Create System Folders + file: + path: "{{ azuracast_config_sys_directory }}" + state: directory + owner: azuracast + group: www-data + mode: 0775 + loop: - "{{ tmp_base }}" - "{{ tmp_base }}/proxies" - "{{ app_base }}/stations" @@ -30,3 +47,5 @@ - "{{ app_base }}/servers/shoutcast2" - "{{ app_base }}/servers/icecast2" - "{{ app_base }}/uploads" + loop_control: + loop_var: azuracast_config_sys_directory diff --git a/util/ansible/roles/azuracast-cron/tasks/main.yml b/util/ansible/roles/azuracast-cron/tasks/main.yml index 3270883db..bd6cdb11f 100644 --- a/util/ansible/roles/azuracast-cron/tasks/main.yml +++ b/util/ansible/roles/azuracast-cron/tasks/main.yml @@ -1,19 +1,23 @@ --- - name: Install cron-related packages apt: - name: "{{ packages }}" - state: latest - vars: - packages: + name: - cron - tmpreaper - name: Generate Cron Template - template: src=azuracast_cron.j2 dest="{{ tmp_base }}/azuracast_cron" force=true + template: + src: azuracast_cron.j2 + dest: "{{ tmp_base }}/azuracast_cron" + force: true + mode: 0644 - name: Install Cron file - shell: "crontab -u azuracast {{ tmp_base }}/azuracast_cron" + command: >- + crontab -u azuracast {{ tmp_base }}/azuracast_cron notify: restart cron - name: Clean up temp Cron file - file: path="{{ tmp_base }}/azuracast_cron" state=absent + file: + path: "{{ tmp_base }}/azuracast_cron" + state: absent diff --git a/util/ansible/roles/azuracast-db-install/tasks/main.yml b/util/ansible/roles/azuracast-db-install/tasks/main.yml index 008f5023b..be150ee8a 100644 --- a/util/ansible/roles/azuracast-db-install/tasks/main.yml +++ b/util/ansible/roles/azuracast-db-install/tasks/main.yml @@ -1,67 +1,83 @@ --- -- name : (Prod) Generate MariaDB User Password - command : pwgen 8 -sn 1 - register : prod_mysql_user_password - when : app_env == "production" +- name: (Prod) Generate MariaDB User Password + command: pwgen 8 -sn 1 + register: prod_mysql_user_password + when: app_env == "production" -- name : Assign User Password - set_fact : - mysql_user_password : "{{ prod_mysql_user_password.stdout if app_env == 'production' else dev_mysql_user_password }}" +- name: Assign User Password + set_fact: + mysql_user_password: "{{ prod_mysql_user_password.stdout if app_env == 'production' else dev_mysql_user_password }}" -- name : Add configuration - template : src=my.cnf.j2 dest=/etc/mysql/conf.d/my.cnf owner=root group=root mode=0644 +- name: Add configuration + template: src=my.cnf.j2 dest=/etc/mysql/conf.d/my.cnf owner=root group=root mode=0644 -- name : Add empty root .my.cnf (if none exists) - template : src=root_empty_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 force=no +- name: Add empty root .my.cnf (if none exists) + template: src=root_empty_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 force=no -- name : MariaDB Cleanup - command : 'mysql --defaults-extra-file=/root/.my.cnf -ne "{{ item }}"' - with_items : +- name: MariaDB Cleanup + command: >- + mysql --defaults-extra-file=/root/.my.cnf -ne "{{ azure_db_install_sql_cleanup_query }}" + loop: - "DELETE FROM mysql.user WHERE User=''" - "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" - "DROP DATABASE test" - "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - changed_when : False - ignore_errors : True + loop_control: + loop_var: azure_db_install_sql_cleanup_query + changed_when: false + ignore_errors: true # MySQL Secure Installation -- name : Set up AzuraCast database user - mysql_user : - name : azuracast - host : "localhost" - password : "{{ mysql_user_password }}" - priv : "azuracast.*:ALL,GRANT" - state : present - notify : send mysql notification +- name: Set up AzuraCast database user + mysql_user: + name: azuracast + host: "localhost" + password: "{{ mysql_user_password }}" + priv: "azuracast.*:ALL,GRANT" + state: present + notify: send mysql notification -- name : Add .my.cnf - template : src=user_my.cnf.j2 dest="{{ app_base }}/.my.cnf" owner=azuracast group=www-data mode=0644 force=yes +- name: Add .my.cnf + template: + src: user_my.cnf.j2 + dest: "{{ app_base }}/.my.cnf" + owner: azuracast + group: www-data + mode: 0644 + force: true -- name : Reload privilege tables - command : 'mysql --defaults-extra-file=/root/.my.cnf -ne "{{ item }}"' - with_items : - - "FLUSH PRIVILEGES" - changed_when : False +- name: Reload privilege tables + command: >- + mysql --defaults-extra-file=/root/.my.cnf -ne "FLUSH PRIVILEGES" + changed_when: false # Create Database -- name : Create MySQL Database - mysql_db : - config_file : "/root/.my.cnf" - name : azuracast - state : present - collation : utf8mb4_unicode_ci - encoding : utf8mb4 - register : azuracast_db_created +- name: Create MySQL Database + mysql_db: + config_file: "/root/.my.cnf" + name: azuracast + state: present + collation: utf8mb4_unicode_ci + encoding: utf8mb4 + register: azuracast_db_created -- name : Set up environment file - ini_file : - dest : "{{ www_base }}/env.ini" - section : "configuration" - option : "{{ item.option }}" - value : "{{ item.value }}" - with_items : - - { option : 'MYSQL_HOST', value : 'localhost' } - - { option : 'MYSQL_PORT', value : '3306' } - - { option : 'MYSQL_USER', value : 'azuracast' } - - { option : 'MYSQL_DB', value : 'azuracast' } - - { option : 'MYSQL_PASSWORD', value : "{{ mysql_user_password }}" } +- name: Set up environment file + ini_file: + dest: "{{ www_base }}/env.ini" + section: "configuration" + option: "{{ azure_db_install_env_ini.option }}" + value: "{{ azure_db_install_env_ini.value }}" + mode: 0644 + loop: + - option: 'MYSQL_HOST' + value: 'localhost' + - option: 'MYSQL_PORT' + value: '3306' + - option: 'MYSQL_USER' + value: 'azuracast' + - option: 'MYSQL_DB' + value: 'azuracast' + - option: 'MYSQL_PASSWORD' + value: "{{ mysql_user_password }}" + loop_control: + loop_var: azure_db_install_env_ini diff --git a/util/ansible/roles/azuracast-radio/tasks/icecast.yml b/util/ansible/roles/azuracast-radio/tasks/icecast.yml index 7cd6222d4..6eff80179 100644 --- a/util/ansible/roles/azuracast-radio/tasks/icecast.yml +++ b/util/ansible/roles/azuracast-radio/tasks/icecast.yml @@ -2,8 +2,7 @@ - name: Install IceCast-KH-AC Dependencies apt: name: "{{ packages }}" - state: latest - install_recommends: no + install_recommends: false vars: packages: - libxml2 @@ -17,13 +16,13 @@ get_url: url: https://github.com/AzuraCast/icecast-kh-ac/archive/2.4.0-kh13-ac2.tar.gz dest: "{{ app_base }}/servers/icecast2/icecast2.tar.gz" - force: yes + force: true - name: Extract IceCast-KH-AC Source unarchive: src: "{{ app_base }}/servers/icecast2/icecast2.tar.gz" dest: "{{ app_base }}/servers/icecast2" - remote_src: yes + remote_src: true mode: "u=rwx,g=rx,o=rx" owner: "azuracast" group: "www-data" diff --git a/util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml b/util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml index f54463945..a65554989 100644 --- a/util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml +++ b/util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml @@ -7,8 +7,7 @@ - name: Install Liquidsoap Dependencies apt: name: "{{ packages }}" - state: latest - install_recommends: no + install_recommends: false vars: packages: - libao-dev @@ -53,8 +52,7 @@ - name: Install Optional Audio Plugins apt: name: "{{ packages }}" - state: latest - install_recommends: no + install_recommends: false vars: packages: - frei0r-plugins-dev @@ -67,7 +65,7 @@ - name: Get the DPKG Architecture shell: dpkg --print-architecture register: dpkg_arch - ignore_errors: True + ignore_errors: true - name: Install Liquidsoap apt: @@ -78,4 +76,4 @@ src: "/usr/bin/liquidsoap" dest: /usr/local/bin/liquidsoap state: link - force: yes + force: true diff --git a/util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml b/util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml index 56c34be57..24e99a50a 100644 --- a/util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml +++ b/util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml @@ -7,13 +7,12 @@ - name: Add OPAM/OCaml Repository apt_repository: repo: "ppa:avsm/ppa" - update_cache: yes + update_cache: true - name: Install Liquidsoap Dependencies apt: name: "{{ packages }}" - state: latest - install_recommends: no + install_recommends: false vars: packages: - ffmpeg @@ -54,14 +53,20 @@ - name: Initialize OPAM become_user: azuracast - shell: "opam init -a --disable-sandboxing --bare && opam switch create 4.12.0" + shell: >- + opam init -a --disable-sandboxing --bare + && opam switch create 4.12.0 args: chdir: "{{ app_base }}" - executable: "bash" # Fixes some possible hang issues. + executable: "bash" # Fixes some possible hang issues. - name: Build and Install Liquidsoap and Dependencies become_user: azuracast - shell: "opam install -y ladspa.0.2.0 ffmpeg.1.1.1 ffmpeg-avutil.1.1.1 ffmpeg-avcodec.1.1.1 ffmpeg-avdevice.1.1.1 ffmpeg-av.1.1.1 ffmpeg-avfilter.1.1.1 ffmpeg-swresample.1.1.1 ffmpeg-swscale.1.1.1 frei0r.0.1.2 samplerate.0.1.6 taglib.0.3.7 mad.0.5.0 faad.0.5.0 fdkaac.0.3.2 lame.0.3.5 vorbis.0.8.0 cry.0.6.5 flac.0.3.0 opus.0.2.0 dtools.0.4.4 duppy.0.9.2 ocurl.0.9.1 ssl liquidsoap.2.0.2" + shell: >- + opam install -y ladspa.0.2.0 ffmpeg.1.1.1 ffmpeg-avutil.1.1.1 ffmpeg-avcodec.1.1.1 ffmpeg-avdevice.1.1.1 + ffmpeg-av.1.1.1 ffmpeg-avfilter.1.1.1 ffmpeg-swresample.1.1.1 ffmpeg-swscale.1.1.1 frei0r.0.1.2 samplerate.0.1.6 + taglib.0.3.7 mad.0.5.0 faad.0.5.0 fdkaac.0.3.2 lame.0.3.5 vorbis.0.8.0 cry.0.6.5 flac.0.3.0 opus.0.2.0 dtools.0.4.4 + duppy.0.9.2 ocurl.0.9.1 ssl liquidsoap.2.0.2 args: chdir: "{{ app_base }}" register: install_result @@ -82,4 +87,4 @@ src: "{{ app_base }}/.opam/4.12.0/bin/liquidsoap" dest: /usr/local/bin/liquidsoap state: link - force: yes + force: true diff --git a/util/ansible/roles/azuracast-radio/tasks/main.yml b/util/ansible/roles/azuracast-radio/tasks/main.yml index 14871e1bb..f455abc58 100644 --- a/util/ansible/roles/azuracast-radio/tasks/main.yml +++ b/util/ansible/roles/azuracast-radio/tasks/main.yml @@ -12,25 +12,22 @@ when: - ansible_distribution_release == 'focal' -- name : Add Audiowaveform PPA - apt_repository : - repo : "ppa:chris-needham/ppa" - update_cache : yes +- name: Add Audiowaveform PPA + apt_repository: + repo: "ppa:chris-needham/ppa" + update_cache: true -- name : Install Audiowaveform - apt : - name : audiowaveform - state : latest - install_recommends : no +- name: Install Audiowaveform + apt: + name: audiowaveform + install_recommends: false -- name : Install Flac - apt : - name : flac - state : latest - install_recommends : no +- name: Install Flac + apt: + name: flac + install_recommends: false -- name : Install Vorbis-Tools - apt : - name : vorbis-tools - state : latest - install_recommends : no +- name: Install Vorbis-Tools + apt: + name: vorbis-tools + install_recommends: false diff --git a/util/ansible/roles/azuracast-setup/tasks/main.yml b/util/ansible/roles/azuracast-setup/tasks/main.yml index 63feaa2e7..c8dc8c0d7 100644 --- a/util/ansible/roles/azuracast-setup/tasks/main.yml +++ b/util/ansible/roles/azuracast-setup/tasks/main.yml @@ -1,24 +1,31 @@ --- -- name : Ensure update script continues to be executable - file : path="{{ item }}" state=touch mode="a+x" - with_items : +- name: Ensure update script continues to be executable + file: + path: "{{ azuracast_setup_update_script }}" + state: touch + mode: "a+x" + loop: - "{{ www_base }}/update.sh" - "{{ www_base }}/bin/console" + loop_control: + loop_var: azuracast_setup_update_script -- name : Run AzuraCast Setup (Install Mode) - become : true - become_user : azuracast - shell : php {{ www_base }}/bin/console azuracast:setup - when : update_mode|bool == false +- name: Run AzuraCast Setup (Install Mode) + become: true + become_user: azuracast + shell: >- + php {{ www_base }}/bin/console azuracast:setup + when: update_mode|bool -- name : Migrate Legacy Configuration (Update Mode) - become : true - become_user : azuracast - shell : php {{ www_base }}/bin/console azuracast:config:migrate - when : update_mode|bool == true +- name: Migrate Legacy Configuration (Update Mode) + become: true + become_user: azuracast + shell: >- + php {{ www_base }}/bin/console azuracast:config:migrate + when: update_mode|bool -- name : Run AzuraCast Setup (Update Mode) - become : true - become_user : azuracast - shell : php {{ www_base }}/bin/console azuracast:setup --update - when : update_mode|bool == true +- name: Run AzuraCast Setup (Update Mode) + become: true + become_user: azuracast + shell: php {{ www_base }}/bin/console azuracast:setup --update + when: update_mode|bool diff --git a/util/ansible/roles/azuracast-user/handlers/main.yml b/util/ansible/roles/azuracast-user/handlers/main.yml index e5e7cb392..0f4128526 100644 --- a/util/ansible/roles/azuracast-user/handlers/main.yml +++ b/util/ansible/roles/azuracast-user/handlers/main.yml @@ -1,4 +1,6 @@ --- -- name: send user notification +- name: Send user notification debug: - msg: "A user account named 'azuracast' has been created. The password associated with this account is: {{ prod_azuracast_user_password.stdout }}" \ No newline at end of file + msg: >- + A user account named 'azuracast' has been created. The password associated with this + account is: {{ prod_azuracast_user_password.stdout }} diff --git a/util/ansible/roles/azuracast-user/tasks/main.yml b/util/ansible/roles/azuracast-user/tasks/main.yml index 26939bf51..d729eceeb 100644 --- a/util/ansible/roles/azuracast-user/tasks/main.yml +++ b/util/ansible/roles/azuracast-user/tasks/main.yml @@ -1,23 +1,31 @@ --- - - name: Generate AzuraCast Password - command: pwgen 8 -sn 1 - register: prod_azuracast_user_password +- name: Generate AzuraCast Password + command: >- + pwgen 8 -sn 1 + register: prod_azuracast_user_password - - name: Create Groups - group: name="{{ item }}" state=present - with_items: - - www-data - - admin +- name: Create Groups + group: + name: "{{ azuracast_user_sys_group }}" + state: present + loop: + - www-data + - admin + loop_control: + loop_var: azuracast_user_sys_group - - name: Create AzuraCast User - user: - name: azuracast - home: "{{ app_base }}" - comment: "AzuraCast" - shell: /bin/bash - groups: 'sudo,admin,www-data' - password: "{{ prod_azuracast_user_password.stdout|password_hash('sha512') }}" - notify: send user notification +- name: Create AzuraCast User + user: + name: azuracast + home: "{{ app_base }}" + comment: "AzuraCast" + shell: /bin/bash + groups: 'sudo,admin,www-data' + password: "{{ prod_azuracast_user_password.stdout|password_hash('sha512') }}" + notify: send user notification - - name: Modify www-data User - user: name=www-data groups="azuracast" append=yes \ No newline at end of file +- name: Modify www-data User + user: + name: www-data + groups: "azuracast" + append: true diff --git a/util/ansible/roles/beanstalkd/tasks/main.yml b/util/ansible/roles/beanstalkd/tasks/main.yml index cc13df36d..a0a3e048a 100644 --- a/util/ansible/roles/beanstalkd/tasks/main.yml +++ b/util/ansible/roles/beanstalkd/tasks/main.yml @@ -2,7 +2,10 @@ - name: Install Beanstalkd apt: name: beanstalkd - state: latest - name: Extend default message size. - template: src=etc_default_beanstalkd.j2 dest=/etc/default/beanstalkd force=yes + template: + src: etc_default_beanstalkd.j2 + dest: /etc/default/beanstalkd + force: true + mode: 0644 diff --git a/util/ansible/roles/composer/tasks/main.yml b/util/ansible/roles/composer/tasks/main.yml index f6785a0b7..fb0553a4d 100644 --- a/util/ansible/roles/composer/tasks/main.yml +++ b/util/ansible/roles/composer/tasks/main.yml @@ -1,8 +1,10 @@ --- - name: Install Composer - shell: curl -fsSL https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer + shell: >- + curl -fsSL https://getcomposer.org/installer + | php -- --install-dir=/usr/bin --filename=composer args: - warn: no + warn: false - name: Clear existing vendor folder file: @@ -28,7 +30,8 @@ - name: Install Composer Dependencies (Development) become: true become_user: azuracast - shell : composer install --ignore-platform-req=php + command: >- + composer install --ignore-platform-req=php args: chdir: "{{ www_base }}" when: app_env == "development" @@ -36,7 +39,8 @@ - name: Install Composer Dependencies (Production) become: true become_user: azuracast - shell : composer install --ignore-platform-req=php --no-dev --optimize-autoloader + command: >- + composer install --ignore-platform-req=php --no-dev --optimize-autoloader args: chdir: "{{ www_base }}" when: app_env == "production" diff --git a/util/ansible/roles/debug-dump/tasks/main.yml b/util/ansible/roles/debug-dump/tasks/main.yml index d3706e138..11bb01ba0 100644 --- a/util/ansible/roles/debug-dump/tasks/main.yml +++ b/util/ansible/roles/debug-dump/tasks/main.yml @@ -1,3 +1,6 @@ --- - - name: Dump all vars - action: template src=dumpall.j2 dest="{{ app_base }}/ansible/vars.txt" \ No newline at end of file +- name: Dump all vars + template: + src: dumpall.j2 + dest: "{{ app_base }}/ansible/vars.txt" + mode: 0644 diff --git a/util/ansible/roles/influxdb/tasks/main.yml b/util/ansible/roles/influxdb/tasks/main.yml index b729f874e..9dad7f4bf 100644 --- a/util/ansible/roles/influxdb/tasks/main.yml +++ b/util/ansible/roles/influxdb/tasks/main.yml @@ -3,11 +3,11 @@ service: name: "influxdb" state: stopped - ignore_errors: True + ignore_errors: true - name: Remove InfluxDB if Present apt: name: "influxdb" state: absent - force: yes - purge: yes + force: true + purge: true diff --git a/util/ansible/roles/init/tasks/main.yml b/util/ansible/roles/init/tasks/main.yml index 3095c2d8a..e00a8d5de 100644 --- a/util/ansible/roles/init/tasks/main.yml +++ b/util/ansible/roles/init/tasks/main.yml @@ -1,38 +1,44 @@ --- -- debug: - msg: "Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})" +- name: Running context + debug: + msg: >- + Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} + {{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})" -- fail: +- name: Sanity check + fail: msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu." when: ansible_distribution != 'Ubuntu' -- fail: +- name: Sanity check + fail: msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu 16.04, 18.04 or 20.04 LTS." - when: + when: - ansible_distribution_release != 'bionic' - ansible_distribution_release != 'xenial' - ansible_distribution_release != 'focal' - name: Add multiverse repository apt_repository: - repo: "{{item}}" - update_cache: no + repo: "{{ init_repo_to_add }}" + update_cache: false when: - ansible_architecture == 'x86_64' or ansible_architecture == 'i386' - with_items: - - "deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}} multiverse" - - "deb-src http://archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse" - - "deb http://archive.ubuntu.com/ubuntu {{ansible_distribution_release}}-updates multiverse" - - "deb-src http://archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse" + loop: + - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} multiverse" + - "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse" + - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates multiverse" + - "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse" + loop_control: + loop_var: init_repo_to_add - name: Update apt apt: - update_cache: yes + update_cache: true - name: Install system packages apt: name: "{{ packages }}" - state: latest vars: packages: - apt-transport-https @@ -49,30 +55,21 @@ - name: Install Focal Packages (20.04) apt: - name: "{{ packages }}" - state: latest - vars: - packages: + name: - software-properties-common - python3-pip when: ansible_distribution_release == 'focal' - name: Install Bionic Packages (18.04 only) apt: - name: "{{ packages }}" - state: latest - vars: - packages: + name: - software-properties-common - python-pip when: ansible_distribution_release == 'bionic' - name: Install Xenial Packages (16.04 only) apt: - name: "{{ packages }}" - state: latest - vars: - packages: + name: - python-software-properties - python-pip when: ansible_distribution_release == 'xenial' @@ -80,4 +77,3 @@ - name: Update pip components pip: name: pip - state: latest diff --git a/util/ansible/roles/mariadb/tasks/main.yml b/util/ansible/roles/mariadb/tasks/main.yml index 77243fdf9..752359bbc 100644 --- a/util/ansible/roles/mariadb/tasks/main.yml +++ b/util/ansible/roles/mariadb/tasks/main.yml @@ -1,16 +1,21 @@ --- -- name : Update MariaDB Dependencies - shell : curl -sSL https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | bash -s -- --mariadb-server-version="mariadb-10.5" +- name: Update MariaDB Dependencies + shell: >- + curl -sSL https://downloads.mariadb.com/MariaDB/mariadb_repo_setup + | bash -s -- --mariadb-server-version="mariadb-10.5" -- name : Install MariaDB - apt : - name : "{{ packages }}" - state : latest - update_cache : yes - vars : - packages : +- name: Install MariaDB + apt: + name: "{{ packages }}" + state: present + update_cache: true + vars: + packages: - mariadb-server - mariadb-client -- name : Start and enable service - service : name=mysql state=started enabled=yes +- name: Start and enable service + service: + name: mysql + state: started + enabled: true diff --git a/util/ansible/roles/nginx/tasks/main.yml b/util/ansible/roles/nginx/tasks/main.yml index b47a9399f..812123eea 100644 --- a/util/ansible/roles/nginx/tasks/main.yml +++ b/util/ansible/roles/nginx/tasks/main.yml @@ -1,73 +1,82 @@ --- - - name: Uninstall web server packages that may conflict with nginx - apt: - name: "{{ packages }}" - state: absent - vars: - packages: - - apache2 - - lighttpd +- name: Uninstall web server packages that may conflict with nginx + apt: + name: + - apache2 + - lighttpd + state: absent - - name: Unhold nginx-related packages for updates - dpkg_selections: - name: "{{ item }}" - selection: install - with_items: - - "nginx" - - "nginx-common" - - "nginx-extras" +- name: Unhold nginx-related packages for updates + dpkg_selections: + name: "{{ nginx_pkg_select }}" + selection: install + loop: + - "nginx" + - "nginx-common" + - "nginx-extras" + loop_control: + loop_var: nginx_pkg_select - - name: Remove any older nginx - apt: - name: "{{ packages }}" - state: absent - purge: yes - vars: - packages: - - nginx - - nginx-common - - nginx-extras +- name: Remove any older nginx + apt: + name: + - nginx + - nginx-common + - nginx-extras + state: absent + purge: true - - name: Install nginx - apt: - name: "{{ packages }}" - state: latest - vars: - packages: +- name: Install nginx + apt: + name: - nginx - nginx-common - nginx-extras - - name: Create nginx ssl directory - file: path="{{ item }}" state=directory owner=root group=root mode=0744 - with_items: - - "/etc/nginx/ssl" +- name: Create nginx ssl directory + file: + path: "/etc/nginx/ssl" + state: directory + owner: root + group: root + mode: 0744 - - name: Create self-signed SSL cert - command: openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -extensions v3_ca - args: - creates: /etc/nginx/ssl/server.crt +- name: Create self-signed SSL cert + command: >- + openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650 + -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt -extensions v3_ca + args: + creates: /etc/nginx/ssl/server.crt - - name: Remove default nginx site symlink - file: - path: "/etc/nginx/sites-enabled/default" - state: absent +- name: Remove default nginx site symlink + file: + path: "/etc/nginx/sites-enabled/default" + state: absent - - name: Add nginx global config - template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf force=yes backup=yes +- name: Add nginx global config + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + force: true + backup: true + mode: 0644 - - name: Add app-specific nginx site - template: src=default.j2 dest=/etc/nginx/sites-available/00-azuracast force=yes +- name: Add app-specific nginx site + template: + src: default.j2 + dest: /etc/nginx/sites-available/00-azuracast + force: true + mode: 0644 - - name: Link app-specific nginx site - file: - path: "/etc/nginx/sites-enabled/00-azuracast" - state: link - src: "/etc/nginx/sites-available/00-azuracast" +- name: Link app-specific nginx site + file: + path: "/etc/nginx/sites-enabled/00-azuracast" + state: link + src: "/etc/nginx/sites-available/00-azuracast" - - name: Turn sendfile off on nginx for local development - replace: - dest: /etc/nginx/nginx.conf - regexp: 'sendfile on;' - replace: 'sendfile off;' - when: app_env == "development" +- name: Turn sendfile off on nginx for local development + replace: + dest: /etc/nginx/nginx.conf + regexp: 'sendfile on;' + replace: 'sendfile off;' + when: app_env == "development" diff --git a/util/ansible/roles/php/tasks/main.yml b/util/ansible/roles/php/tasks/main.yml index 0945bf1e7..2852e40f9 100644 --- a/util/ansible/roles/php/tasks/main.yml +++ b/util/ansible/roles/php/tasks/main.yml @@ -2,7 +2,7 @@ - name: Add PHP PPA repository apt_repository: repo: "ppa:ondrej/php" - update_cache: yes + update_cache: true - name: Remove Old PHP Libraries apt: @@ -24,7 +24,7 @@ - name: "Install PHP {{ php_version }}" apt: name: "{{ packages }}" - state: latest + state: present vars: packages: - "php{{ php_version }}-fpm" @@ -45,24 +45,30 @@ template: src: fpmpool.j2 dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf" - force: True + force: true + mode: 0644 - name: Configure php-fpm php.ini ini_file: dest: "/etc/php/{{ php_version }}/fpm/php.ini" section: PHP - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - { option: 'post_max_size', value: "50M" } - - { option: 'short_open_tag', value: "On" } - - { option: 'upload_max_filesize', value: "50M" } + option: "{{ php_init_option.option }}" + value: "{{ php_init_option.value }}" + mode: 0644 + loop: + - option: "post_max_size" + value: "50M" + - option: "short_open_tag" + value: "On" + - option: "upload_max_filesize" + value: "50M" + loop_control: + loop_var: php_init_option - name: Configure php-cli php.ini ini_file: dest: "/etc/php/{{ php_version }}/cli/php.ini" section: PHP - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - { option: 'short_open_tag', value: "On" } + option: "short_open_tag" + value: "On" + mode: 0644 diff --git a/util/ansible/roles/redis/tasks/main.yml b/util/ansible/roles/redis/tasks/main.yml index 2696f00c2..568942e2b 100644 --- a/util/ansible/roles/redis/tasks/main.yml +++ b/util/ansible/roles/redis/tasks/main.yml @@ -2,19 +2,20 @@ - name: Add Redis PPA repository apt_repository: repo: "ppa:chris-lea/redis-server" - update_cache: yes + update_cache: true - name: Install Redis apt: name: redis-server - state: latest - name: Enable and restart all core services service: name: "{{ item }}" - enabled: yes + enabled: true state: restarted - ignore_errors: True - with_items: + ignore_errors: true + loop: - "redis-server" - "redis" + loop_control: + loop_var: redis_service_to_restart diff --git a/util/ansible/roles/services/tasks/main.yml b/util/ansible/roles/services/tasks/main.yml index b15f4aade..a435a9c9e 100644 --- a/util/ansible/roles/services/tasks/main.yml +++ b/util/ansible/roles/services/tasks/main.yml @@ -2,9 +2,9 @@ - name: Enable and restart all core services service: name: "{{ item }}" - enabled: yes + enabled: true state: restarted - ignore_errors: True + ignore_errors: true with_items: - "mysql" - "php8.1-fpm" diff --git a/util/ansible/roles/supervisord/tasks/main.yml b/util/ansible/roles/supervisord/tasks/main.yml index 5853228d5..f3221ad6e 100644 --- a/util/ansible/roles/supervisord/tasks/main.yml +++ b/util/ansible/roles/supervisord/tasks/main.yml @@ -1,26 +1,36 @@ --- - - name: Install supervisord from repo - apt: - name: supervisor - state: latest - register: supervisord_install +- name: Install supervisord from repo + apt: + name: supervisor + register: supervisord_install - - name: Change supervisord configuration - template: src=supervisord.conf.j2 dest=/etc/supervisor/supervisord.conf force=yes - register: supervisord_conf +- name: Change supervisord configuration + template: + src: supervisord.conf.j2 + dest: /etc/supervisor/supervisord.conf + force: true + mode: 0644 + register: supervisord_conf - - name: Remove old core supervisord configuration - file: - path: /etc/supervisor/conf.d/core.conf - state: absent - register: supervisord_core +- name: Remove old core supervisord configuration + file: + path: /etc/supervisor/conf.d/core.conf + state: absent + register: supervisord_core - - name: Kill legacy radio processes (if upgrading from older version) - command: killall -q -9 icecast2 sc_serv liquidsoap - ignore_errors: true - when: supervisord_install.changed +- name: Kill legacy radio processes (if upgrading from older version) + command: >- + killall -q -9 icecast2 sc_serv liquidsoap + ignore_errors: true + when: supervisord_install.changed - - name: Trigger manual restart of supervisord (if not already running) - service: name=supervisor enabled=yes state=restarted - when: supervisord_install.changed or supervisord_conf.changed or supervisord_core.changed - ignore_errors: true +- name: Trigger manual restart of supervisord (if not already running) + service: + name: supervisor + enabled: true + state: restarted + when: >- + supervisord_install is changed + or supervisord_conf is changed + or supervisord_core is changed + ignore_errors: true diff --git a/util/ansible/roles/ufw/tasks/main.yml b/util/ansible/roles/ufw/tasks/main.yml index a15d2950b..bda155e95 100644 --- a/util/ansible/roles/ufw/tasks/main.yml +++ b/util/ansible/roles/ufw/tasks/main.yml @@ -2,7 +2,6 @@ - name: Install UFW Firewall apt: name: ufw - state: latest - name: UFW - Disable all other incoming by default ufw: @@ -17,12 +16,14 @@ - name: UFW - Enable AzuraCast TCP Ports ufw: rule: allow - port: "{{ item }}" + port: "{{ ufw_allow_rule }}" proto: tcp - with_items: - - 80 - - 443 - - '8000:8999' + loop: + - 80 + - 443 + - '8000:8999' + loop_control: + loop_var: ufw_allow_rule - name: UFW - Enable SSH ufw: diff --git a/util/ansible/roles/uninstall/tasks/main.yml b/util/ansible/roles/uninstall/tasks/main.yml index 178a7472d..b1d276e5b 100644 --- a/util/ansible/roles/uninstall/tasks/main.yml +++ b/util/ansible/roles/uninstall/tasks/main.yml @@ -1,58 +1,70 @@ --- - - debug: - msg: "Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})" +- name: "Running context" + debug: + msg: >- + Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }} + {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }}) - - name: Shut down all services - service: - name: "{{ item }}" - state: stopped - with_items: - - influxdb - - mysql - - php7.4-fpm - - nginx - - redis-server - - supervisor - ignore_errors: True +- name: "Shut down all services" + service: + name: "{{ uninstall_svc_to_stop }}" + state: stopped + loop: + - "influxdb" + - "mysql" + - "php7.4-fpm" + - "nginx" + - "redis-server" + - "supervisor" + loop_control: + loop_var: uninstall_svc_to_stop + ignore_errors: true - - name: Kill all processes owned by AzuraCast user - command: pkill -9 -u azuracast - ignore_errors: true +- name: Kill all processes owned by AzuraCast user + command: pkill -9 -u azuracast + ignore_errors: true - - name: Update apt - apt: - update_cache: yes +- name: Update apt + apt: + update_cache: true - - name: Remove AzuraCast User - user: - name: azuracast - state: absent +- name: Remove AzuraCast User + user: + name: azuracast + state: absent - - name: Remove AzuraCast folders - file: path="{{ item }}" state=absent - with_items: - - "{{ tmp_base }}" - - "{{ app_base }}/servers" +- name: "Remove AzuraCast folders" + file: + path: "{{ uninstall_file_to_delete }}" + state: absent + loop: + - "{{ tmp_base }}" + - "{{ app_base }}/servers" + loop_control: + loop_var: uninstall_file_to_delete - - name: Remove PPAs - apt_repository: repo="{{ item }}" state=absent - with_items: - - ppa:avsm/ppa +- name: Remove PPAs + apt_repository: + repo: "{{ item }}" + state: absent + loop: + - "ppa:avsm/ppa" + loop_control: + loop_var: uninstall_repo_to_delete - - name: UFW - Turn off Firewall - ufw: - state: disabled - ignore_errors: True +- name: UFW - Turn off Firewall + ufw: + state: disabled + ignore_errors: true - - name: Remove software - - apt: - name: "{{ packages }}" - state: absent - force: yes - purge: yes - vars: - packages: +- name: Remove software + apt: + name: "{{ packages }}" + state: absent + force: true + purge: true + vars: + packages: # Radio software - icecast2 - liquidsoap diff --git a/util/ansible/uninstall.yml b/util/ansible/uninstall.yml index 125e40cf2..60e60ca0c 100644 --- a/util/ansible/uninstall.yml +++ b/util/ansible/uninstall.yml @@ -1,6 +1,7 @@ --- - hosts: all become: true + vars: util_base: "{{ playbook_dir | dirname }}" www_base: "{{ util_base | dirname }}" @@ -10,4 +11,4 @@ update_revision: 1 roles: - - uninstall \ No newline at end of file + - "uninstall" diff --git a/util/ansible/update.yml b/util/ansible/update.yml index 8b3a0c088..875c65ff6 100644 --- a/util/ansible/update.yml +++ b/util/ansible/update.yml @@ -1,33 +1,62 @@ --- -- hosts : all - become : true - vars : - util_base : "{{ playbook_dir | dirname }}" - www_base : "{{ util_base | dirname }}" - app_base : "{{ www_base | dirname }}" - tmp_base : "{{ app_base }}/www_tmp" - app_env : "production" - update_mode : true - update_revision : 1 +- hosts: all + become: true - environment : - DEBIAN_FRONTEND : noninteractive + vars: + util_base: "{{ playbook_dir | dirname }}" + www_base: "{{ util_base | dirname }}" + app_base: "{{ www_base | dirname }}" + tmp_base: "{{ app_base }}/www_tmp" + app_env: "production" + update_mode: true + update_revision: 1 - roles : - - init - - azuracast-config - - { role: azuracast-radio, when: update_revision|int < 70 } - - { role : supervisord, when : update_revision|int < 13 } - - { role : mariadb, when : update_revision|int < 63 } - - { role : nginx, when : update_revision|int < 60 } - - { role : redis, when : update_revision|int < 57 } - - { role: beanstalkd, when: update_revision|int < 67 } - - { role : php, when : update_revision|int < 68 } - - composer - - { role : influxdb, when : update_revision|int < 58 } - - { role : ufw, when : update_revision|int < 12 } - - { role : dbip, when : update_revision|int < 51 } - - { role : services, when : update_revision|int < 13 } - - { role: azuracast-cron, when: update_revision|int < 71 } - - azuracast-build - - azuracast-setup + environment: + DEBIAN_FRONTEND: noninteractive + + roles: + - role: "init" + + - role: "azuracast-config" + + - role: "azuracast-radio" + when: update_revision|int < 70 + + - role: "supervisord" + when: update_revision|int < 13 + + - role: "mariadb" + when: update_revision|int < 63 + + - role: "nginx" + when: update_revision|int < 60 + + - role: "redis" + when: update_revision|int < 57 + + - role: "beanstalkd" + when: update_revision|int < 67 + + - role: "php" + when: update_revision|int < 68 + + - role: "composer" + + - role: "influxdb" + when: update_revision|int < 58 + + - role: "ufw" + when: update_revision|int < 12 + + - role: "dbip" + when: update_revision|int < 51 + + - role: "services" + when: update_revision|int < 13 + + - role: "azuracast-cron" + when: update_revision|int < 71 + + - role: "azuracast-build" + + - role: "azuracast-setup"