---
- name: Add the lockss group.
group:
name: lockss
state: present
- name: Add the lockss user.
user:
name: lockss
state: present
group: lockss
comment: LOCKSS
- name: Add the lockss user to the docker group.
user:
name: lockss
state: present
groups: docker
append: true
- name: Check the storage driver used by Docker.
command:
cmd: docker info -f {% raw %}'{{.Driver}}'{% endraw %}
check_mode: false
changed_when: false
register: r
- name: Ensure Docker is using the OverlayFS storage driver.
assert:
that: r.stdout == "overlay2"
quiet: true
- name: Init a new swarm with default parameters.
docker_swarm:
state: present
advertise_addr: lo
- name: Install pystache (Ubuntu).
package:
name: python3-pystache=0.5.*
state: present
when: ansible_distribution == "Ubuntu"
- name: Create symlink for pystache (Ubuntu).
file:
src: /usr/bin/pystache3
dest: /usr/local/bin/pystache
owner: root
state: link
when: ansible_distribution == "Ubuntu"
- name: Install pystache (CentOS).
vars:
ansible_python_interpreter: python3
pip:
name:
- pystache>=0.5,<1.0
state: present
when: ansible_distribution == "CentOS"
- name: Install python-pkg-resources (Ubuntu).
package:
name:
- python3-pkg-resources
state: present
when: ansible_distribution == "Ubuntu"
- name: Install git.
package:
name: git
state: present
- name: Create LOCKSS source directory.
file:
path: /usr/src/lockss
state: directory
owner: lockss
mode: 0755
- name: Pull LOCKSS repository.
git:
repo: https://github.com/lockss/lockss-installer
dest: /usr/src/lockss
version: "{{ lockss_git_version }}"
depth: 1
become: true
become_user: lockss
- name: Install ifconfig.
package:
name: net-tools
state: present
- name: Install LOCKSS configuration.
copy:
dest: /usr/src/lockss/config/config.info
owner: lockss
mode: 0644
content: |
LOCKSS_CONFIG_VERSION=2
LOCKSS_USER=lockss
LOCKSS_HOSTNAME={{ lockss_hostname }}
LOCKSS_IPADDR={{ lockss_ipaddr }}
LOCKSS_EXTERNAL_IPADDR={{ lockss_external_ipaddr | default }}
LOCKSS_V3_PORT=9729
LOCKSS_ACCESS_SUBNET={{ lockss_access_subnet }}
LOCKSS_MAILHUB={{ lockss_mailhub_user | default("localhost") }}
LOCKSS_MAILHUB_USER={{ lockss_mailhub_user | default }}
LOCKSS_MAILHUB_PASSWORD={{ lockss_mailhub_user | default }}
LOCKSS_EMAIL={{ lockss_admin_email }}
LOCKSS_PROPS_URL=http://props.lockss.org:8001/demo/lockss.xml
LOCKSS_PROPS_PROXY=NONE
LOCKSS_PROPS_SERVER_AUTHENTICATE_KEYSTORE=
LOCKSS_TEST_GROUP=demo
LOCKSS_DATA_DIR=/var/lib/lockss
LOCKSS_LOGS_DIR=/var/log/lockss
LOCKSS_ADMIN_USER={{ lockss_ui_user }}
LOCKSS_ADMIN_PASSWD=SHA-256:{{ lockss_ui_password | hash('sha256') }}
LOCKSS_DB_PASSWD=SHA-256:{{ lockss_db_password | hash('sha256') }}
LOCKSS_PROXY_PORT=24670
LOCKSS_TMPDIR=/var/lib/lockss/tmp
LOCKSS_CLEAR_TMPDIR=yes
- name: Add Docker secret for UI password.
vars:
ansible_python_interpreter: python3
docker_secret:
name: lockss_ui_pass
state: present
data: "{{ lockss_ui_password }}"
- name: Add Docker secret for database password.
vars:
ansible_python_interpreter: python3
docker_secret:
name: lockss-postgres-pass
state: present
data: "{{ lockss_db_password }}"
- name: Create LOCKSS data directories.
file:
path: "{{ item }}"
state: directory
owner: lockss
mode: 0700
loop:
- /var/lib/lockss
- /var/lib/lockss/tmp
- name: Create LOCKSS log directory.
file:
path: /var/log/lockss
state: directory
owner: lockss
group: adm
mode: 02770
# FIXME: These are not idempotent.
# FIXME: This could probably be a handler.
- name: Build LOCKSS configuration.
command:
cmd: scripts/generate-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
# FIXME: LOCKSS's scripts are yucky. Should we care?
- name: Stop running LOCKSS containers.
command:
cmd: scripts/shutdown-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
- name: Assemble LOCKSS containers.
command:
cmd: scripts/assemble-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss
- name: Deploy LOCKSS containers.
command:
cmd: scripts/deploy-lockss
chdir: /usr/src/lockss
become: true
become_user: lockss