---
- name: Prevent changing GID of existing group.
block:
- name: Get groups.
getent:
database: group
- name: Assert that lockss group GID has not changed.
assert:
that:
"'lockss' not in ansible_facts.getent_group or
ansible_facts.getent_group.lockss[1] == lockss_gid | string"
fail_msg: GID must be corrected manually.
quiet: yes
when: lockss_gid is defined and lockss_gid is not none
- name: Add the lockss group.
group:
name: lockss
state: present
gid: "{{ lockss_gid | default(omit) }}"
- name: Prevent changing UID of existing user.
block:
- name: Get users.
getent:
database: passwd
- name: Assert that lockss user UID has not changed.
assert:
that:
"'lockss' not in ansible_facts.getent_passwd or
ansible_facts.getent_passwd.lockss[1] == lockss_uid | string"
fail_msg: UID must be corrected manually.
quiet: yes
when: lockss_uid is defined and lockss_uid is not none
- name: Add the lockss user.
user:
name: lockss
state: present
uid: "{{ lockss_uid | default(omit) }}"
group: lockss
shell: /sbin/nologin
home: /
create_home: false
comment: LOCKSS
- name: Add the lockss user to the docker group.
user:
name: lockss
state: present
groups: docker
append: true
- name: Configure the firewall.
include_tasks: firewall.yml
when: lockss_configure_firewall
- name: Check the storage driver used by Docker.
command:
cmd: docker info -f {% raw %}'{{.Driver}}'{% endraw %}
check_mode: false
changed_when: false
register: r
- name: Ensure Docker is using the OverlayFS storage driver.
assert:
that: r.stdout == "overlay2"
quiet: true
- name: Init a new swarm with default parameters.
docker_swarm:
state: present
advertise_addr: lo
- name: Install pystache (Ubuntu).
package:
name: python3-pystache=0.5.*
state: present
when: ansible_distribution == "Ubuntu"
- name: Create symlink for pystache (Ubuntu).
file:
src: /usr/bin/pystache3
dest: /usr/local/bin/pystache
owner: root
state: link
when: ansible_distribution == "Ubuntu"
- name: Install pystache (CentOS).
vars:
ansible_python_interpreter: python3
pip:
name:
- pystache>=0.5,<1.0
state: present
when: ansible_distribution == "CentOS"
- name: Install python-pkg-resources (Ubuntu).
package:
name:
- python3-pkg-resources
state: present
when: ansible_distribution == "Ubuntu"
- name: Install git.
package:
name: git
state: present
- name: Create LOCKSS source directory.
file:
path: /usr/src/lockss
state: directory
owner: lockss
mode: 0755
- name: Pull LOCKSS repository.
git:
repo: "{{ lockss_git_url }}"
dest: /usr/src/lockss
version: "{{ lockss_git_version }}"
depth: 1
become: true
become_user: lockss
when: not ansible_check_mode
- name: Install ifconfig.
package:
name: net-tools
state: present
- name: Install LOCKSS configuration.
copy:
dest: /usr/src/lockss/config/config.info
owner: lockss
mode: 0644
content: |
LOCKSS_CONFIG_VERSION=2
LOCKSS_USER=lockss
LOCKSS_HOSTNAME={{ lockss_hostname | quote }}
LOCKSS_IPADDR={{ lockss_ipaddr | quote }}
LOCKSS_EXTERNAL_IPADDR={{ lockss_external_ipaddr | quote }}
LOCKSS_V3_PORT=9729
LOCKSS_ACCESS_SUBNET={{ lockss_access_subnet | quote }}
LOCKSS_MAILHUB={{ lockss_mailhub_host | default("localhost") | quote }}
LOCKSS_MAILHUB_USER={{ lockss_mailhub_user | default | quote }}
LOCKSS_MAILHUB_PASSWORD={{ lockss_mailhub_password | default | quote }}
LOCKSS_EMAIL={{ lockss_admin_email | quote }}
LOCKSS_PROPS_URL={{ lockss_props_url | quote }}
LOCKSS_PROPS_PROXY=NONE
LOCKSS_PROPS_SERVER_AUTHENTICATE_KEYSTORE=
LOCKSS_TEST_GROUP=demo
LOCKSS_DATA_DIR={{ lockss_data_dir | quote }}
LOCKSS_LOGS_DIR=/var/log/lockss
LOCKSS_ADMIN_USER={{ lockss_ui_user | default("admin") | quote }}
LOCKSS_ADMIN_PASSWD=SHA-256:{{ lockss_ui_password | hash('sha256') }}
LOCKSS_DB_PASSWD=SHA-256:{{ lockss_db_password | hash('sha256') }}
LOCKSS_PROXY_PORT=24670
LOCKSS_TMPDIR=/tmp
LOCKSS_CLEAR_TMPDIR=no
- name: Shut down LOCKSS containers.
command:
cmd: scripts/shutdown-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
when: not ansible_check_mode
- name: Add Docker secret for UI password.
vars:
ansible_python_interpreter: python3
docker_secret:
name: lockss_ui_pass
state: present
data: "{{ lockss_ui_password }}"
- name: Add Docker secret for database password.
vars:
ansible_python_interpreter: python3
docker_secret:
name: lockss-postgres-pass
state: present
data: "{{ lockss_db_password }}"
- name: Create LOCKSS data directory.
file:
path: /var/lib/lockss
state: directory
owner: lockss
mode: 0700
- name: Create LOCKSS log directory.
file:
path: /var/log/lockss
state: directory
owner: lockss
group: adm
mode: 02770
# FIXME: These are not idempotent.
# FIXME: This could probably be a handler.
- name: Build LOCKSS configuration.
command:
cmd: scripts/generate-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
when: not ansible_check_mode
# FIXME: LOCKSS's scripts are yucky. Should we care?
- name: Stop running LOCKSS containers.
command:
cmd: scripts/shutdown-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
when: not ansible_check_mode
- name: Assemble LOCKSS containers.
command:
cmd: scripts/assemble-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
when: not ansible_check_mode
- name: Deploy LOCKSS containers.
command:
cmd: scripts/deploy-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
when: not ansible_check_mode