--- - name: Prevent changing GID of existing group. block: - name: Get groups. getent: database: group - name: Assert that lockss group GID has not changed. assert: that: "'lockss' not in ansible_facts.getent_group or ansible_facts.getent_group.lockss[1] == lockss_gid | string" fail_msg: GID must be corrected manually. quiet: yes when: lockss_gid is defined and lockss_gid is not none - name: Add the lockss group. group: name: lockss state: present gid: "{{ lockss_gid | default(omit) }}" - name: Prevent changing UID of existing user. block: - name: Get users. getent: database: passwd - name: Assert that lockss user UID has not changed. assert: that: "'lockss' not in ansible_facts.getent_passwd or ansible_facts.getent_passwd.lockss[1] == lockss_uid | string" fail_msg: UID must be corrected manually. quiet: yes when: lockss_uid is defined and lockss_uid is not none - name: Add the lockss user. user: name: lockss state: present uid: "{{ lockss_uid | default(omit) }}" group: lockss shell: /sbin/nologin home: / create_home: false comment: LOCKSS - name: Add the lockss user to the docker group. user: name: lockss state: present groups: docker append: true - name: Configure the firewall. include_tasks: firewall.yml when: lockss_configure_firewall - name: Check the storage driver used by Docker. command: cmd: docker info -f {% raw %}'{{.Driver}}'{% endraw %} check_mode: false changed_when: false register: r - name: Ensure Docker is using the OverlayFS storage driver. assert: that: r.stdout == "overlay2" quiet: true - name: Init a new swarm with default parameters. docker_swarm: state: present advertise_addr: lo - name: Install pystache (Ubuntu). package: name: python3-pystache=0.5.* state: present when: ansible_distribution == "Ubuntu" - name: Create symlink for pystache (Ubuntu). file: src: /usr/bin/pystache3 dest: /usr/local/bin/pystache owner: root state: link when: ansible_distribution == "Ubuntu" - name: Install pystache (CentOS). vars: ansible_python_interpreter: python3 pip: name: - pystache>=0.5,<1.0 state: present when: ansible_distribution == "CentOS" - name: Install python-pkg-resources (Ubuntu). package: name: - python3-pkg-resources state: present when: ansible_distribution == "Ubuntu" - name: Install git. package: name: git state: present - name: Create LOCKSS source directory. file: path: /usr/src/lockss state: directory owner: lockss mode: 0755 - name: Pull LOCKSS repository. git: repo: "{{ lockss_git_url }}" dest: /usr/src/lockss version: "{{ lockss_git_version }}" depth: 1 become: true become_user: lockss when: not ansible_check_mode - name: Install ifconfig. package: name: net-tools state: present - name: Install LOCKSS configuration. copy: dest: /usr/src/lockss/config/config.info owner: lockss mode: 0644 content: | LOCKSS_CONFIG_VERSION=2 LOCKSS_USER=lockss LOCKSS_HOSTNAME={{ lockss_hostname | quote }} LOCKSS_IPADDR={{ lockss_ipaddr | quote }} LOCKSS_EXTERNAL_IPADDR={{ lockss_external_ipaddr | quote }} LOCKSS_V3_PORT=9729 LOCKSS_ACCESS_SUBNET={{ lockss_access_subnet | quote }} LOCKSS_MAILHUB={{ lockss_mailhub_host | default("localhost") | quote }} LOCKSS_MAILHUB_USER={{ lockss_mailhub_user | default | quote }} LOCKSS_MAILHUB_PASSWORD={{ lockss_mailhub_password | default | quote }} LOCKSS_EMAIL={{ lockss_admin_email | quote }} LOCKSS_PROPS_URL={{ lockss_props_url | quote }} LOCKSS_PROPS_PROXY=NONE LOCKSS_PROPS_SERVER_AUTHENTICATE_KEYSTORE= LOCKSS_TEST_GROUP=demo LOCKSS_DATA_DIR={{ lockss_data_dir | quote }} LOCKSS_LOGS_DIR=/var/log/lockss LOCKSS_ADMIN_USER={{ lockss_ui_user | default("admin") | quote }} LOCKSS_ADMIN_PASSWD=SHA-256:{{ lockss_ui_password | hash('sha256') }} LOCKSS_DB_PASSWD=SHA-256:{{ lockss_db_password | hash('sha256') }} LOCKSS_PROXY_PORT=24670 LOCKSS_TMPDIR=/tmp LOCKSS_CLEAR_TMPDIR=no - name: Shut down LOCKSS containers. command: cmd: scripts/shutdown-lockss chdir: /usr/src/lockss become: true become_user: lockss when: not ansible_check_mode - name: Add Docker secret for UI password. vars: ansible_python_interpreter: python3 docker_secret: name: lockss_ui_pass state: present data: "{{ lockss_ui_password }}" - name: Add Docker secret for database password. vars: ansible_python_interpreter: python3 docker_secret: name: lockss-postgres-pass state: present data: "{{ lockss_db_password }}" - name: Create LOCKSS data directory. file: path: /var/lib/lockss state: directory owner: lockss mode: 0700 - name: Create LOCKSS log directory. file: path: /var/log/lockss state: directory owner: lockss group: adm mode: 02770 # FIXME: These are not idempotent. # FIXME: This could probably be a handler. - name: Build LOCKSS configuration. command: cmd: scripts/generate-lockss chdir: /usr/src/lockss become: true become_user: lockss when: not ansible_check_mode # FIXME: LOCKSS's scripts are yucky. Should we care? - name: Stop running LOCKSS containers. command: cmd: scripts/shutdown-lockss chdir: /usr/src/lockss become: true become_user: lockss when: not ansible_check_mode - name: Assemble LOCKSS containers. command: cmd: scripts/assemble-lockss chdir: /usr/src/lockss become: true become_user: lockss when: not ansible_check_mode - name: Deploy LOCKSS containers. command: cmd: scripts/deploy-lockss chdir: /usr/src/lockss become: true become_user: lockss when: not ansible_check_mode