Merge pull request #1737 from GoMatrixHosting/remove-awx-section
Remove matrix-awx sectionsdevelopment
commit
285a50e930
@ -1,39 +0,0 @@
|
|||||||
# Configuring AWX System (optional)
|
|
||||||
|
|
||||||
An AWX setup for managing multiple Matrix servers.
|
|
||||||
|
|
||||||
This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
|
|
||||||
|
|
||||||
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context.
|
|
||||||
|
|
||||||
The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
|
|
||||||
|
|
||||||
This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
|
|
||||||
|
|
||||||
Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.**
|
|
||||||
|
|
||||||
## Other Required Playbooks
|
|
||||||
|
|
||||||
The following repositories allow you to copy and use this setup:
|
|
||||||
|
|
||||||
[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.
|
|
||||||
|
|
||||||
[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers.
|
|
||||||
|
|
||||||
[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
|
|
||||||
|
|
||||||
[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental.
|
|
||||||
|
|
||||||
|
|
||||||
## Does I need an AWX setup to use this? How do I configure it?
|
|
||||||
|
|
||||||
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md).
|
|
||||||
|
|
||||||
For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md).
|
|
||||||
|
|
||||||
|
|
||||||
## Does I need a front-end WordPress site? And a DigitalOcean account?
|
|
||||||
|
|
||||||
You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context.
|
|
||||||
|
|
||||||
You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers.
|
|
@ -1,8 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
matrix_awx_enabled: true
|
|
||||||
|
|
||||||
# Defaults for 'Customise Website + Access Export' template
|
|
||||||
awx_sftp_auth_method: 'Disabled'
|
|
||||||
awx_sftp_password: ''
|
|
||||||
awx_sftp_public_key: ''
|
|
@ -1,29 +0,0 @@
|
|||||||
|
|
||||||
import sys
|
|
||||||
import requests
|
|
||||||
import json
|
|
||||||
|
|
||||||
janitor_token = sys.argv[1]
|
|
||||||
synapse_container_ip = sys.argv[2]
|
|
||||||
synapse_container_port = sys.argv[3]
|
|
||||||
|
|
||||||
# collect total amount of rooms
|
|
||||||
|
|
||||||
rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms'
|
|
||||||
rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token}
|
|
||||||
rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header)
|
|
||||||
rooms_raw_python = json.loads(rooms_raw.text)
|
|
||||||
total_rooms = rooms_raw_python["total_rooms"]
|
|
||||||
|
|
||||||
# build complete room list file
|
|
||||||
|
|
||||||
room_list_file = open("/tmp/room_list_complete.json", "w")
|
|
||||||
|
|
||||||
for i in range(0, total_rooms, 100):
|
|
||||||
rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i)
|
|
||||||
rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header)
|
|
||||||
room_list_file.write(rooms_inc.text)
|
|
||||||
|
|
||||||
room_list_file.close()
|
|
||||||
|
|
||||||
print(total_rooms)
|
|
@ -1,42 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Access Export",
|
|
||||||
"description": "Access the services export.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Authorisation Method",
|
|
||||||
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_sftp_auth_method | string }}",
|
|
||||||
"choices": "Disabled\nPassword\nSSH Key",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_auth_method",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Password",
|
|
||||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 64,
|
|
||||||
"default": "{{ awx_sftp_password }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_password",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Public SSH Key (More Secure)",
|
|
||||||
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 16384,
|
|
||||||
"default": "{{ awx_sftp_public_key }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_public_key",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Backup Server",
|
|
||||||
"description": "Performs a backup of the entire service to a remote location.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Backup",
|
|
||||||
"question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_backup_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_backup_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,66 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Bridge Discord Appservice",
|
|
||||||
"description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Discord AppService Bridge",
|
|
||||||
"question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_appservice_discord_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_appservice_discord_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Discord OAuth2 Client ID",
|
|
||||||
"question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
|
|
||||||
"required": true,
|
|
||||||
"min": 0,
|
|
||||||
"max": 128,
|
|
||||||
"default": "{{ matrix_appservice_discord_client_id | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_appservice_discord_client_id",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Discord Bot Token",
|
|
||||||
"question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications",
|
|
||||||
"required": true,
|
|
||||||
"min": 0,
|
|
||||||
"max": 256,
|
|
||||||
"default": "{{ matrix_appservice_discord_bot_token | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_appservice_discord_bot_token",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Auto-Admin Matrix User",
|
|
||||||
"question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 1024,
|
|
||||||
"default": "",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_appservice_discord_admin_user",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Auto-Admin Rooms",
|
|
||||||
"question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 4096,
|
|
||||||
"default": "",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_appservice_discord_admin_rooms",
|
|
||||||
"type": "textarea"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,88 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Matrix Corporal",
|
|
||||||
"description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Corporal",
|
|
||||||
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_corporal_enabled|string|lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_corporal_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Corporal Policy Provider",
|
|
||||||
"question_description": "Controls what provider policy is used with Matrix Corporal.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_corporal_policy_provider_mode }}",
|
|
||||||
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_corporal_policy_provider_mode",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Simple Static File Configuration",
|
|
||||||
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_corporal_simple_static_config",
|
|
||||||
"type": "textarea"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "HTTP Pull Mode URI",
|
|
||||||
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 4096,
|
|
||||||
"default": "{{ awx_corporal_pull_mode_uri }}",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_corporal_pull_mode_uri",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "HTTP Pull Mode Authentication Token",
|
|
||||||
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 256,
|
|
||||||
"default": "{{ awx_corporal_pull_mode_token }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_corporal_pull_mode_token",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Corporal API Authentication Token",
|
|
||||||
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 256,
|
|
||||||
"default": "{{ matrix_corporal_http_api_auth_token }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_corporal_http_api_auth_token",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Raise Synapse Ratelimits",
|
|
||||||
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_corporal_raise_ratelimits }}",
|
|
||||||
"choices": "Normal\nRaised",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_corporal_raise_ratelimits",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,30 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Dimension",
|
|
||||||
"description": "Configure Dimension, the self-hosted integrations server.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Dimension",
|
|
||||||
"question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_dimension_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_dimension_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Dimension Users",
|
|
||||||
"question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": {{ awx_dimension_users_final | to_json }},
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_dimension_users",
|
|
||||||
"type": "textarea"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,114 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Element",
|
|
||||||
"description": "Configure Element web client, Element is the most developed Matrix client software.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Element-Web",
|
|
||||||
"question_description": "Set if Element web client is enabled or not.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_client_element_enabled }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Theme for Web Client",
|
|
||||||
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_client_element_default_theme }}",
|
|
||||||
"choices": "light\ndark",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_default_theme",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Branding for Web Client",
|
|
||||||
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 256,
|
|
||||||
"default": "{{ matrix_client_element_brand | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_brand",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Welcome Page Background",
|
|
||||||
"question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 1024,
|
|
||||||
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Welcome Page Logo",
|
|
||||||
"question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 1024,
|
|
||||||
"default": "{{ matrix_client_element_welcome_logo | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_welcome_logo",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Welcome Page Logo URL",
|
|
||||||
"question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 1024,
|
|
||||||
"default": "{{ matrix_client_element_welcome_logo_link | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_welcome_logo_link",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Welcome Page Headline",
|
|
||||||
"question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 512,
|
|
||||||
"default": "{{ awx_matrix_client_element_welcome_headline | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_matrix_client_element_welcome_headline",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Welcome Page Text",
|
|
||||||
"question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 2048,
|
|
||||||
"default": "{{ awx_matrix_client_element_welcome_text | trim }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_matrix_client_element_welcome_text",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Show Registration Button",
|
|
||||||
"question_description": "If you show the registration button on the welcome page.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_client_element_registration_enabled }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_client_element_registration_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Element Subdomain",
|
|
||||||
"description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Set Element Subdomain",
|
|
||||||
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 2048,
|
|
||||||
"default": "{{ awx_element_subdomain }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_element_subdomain",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Email Relay",
|
|
||||||
"description": "Enable MailGun relay to increase verification email reliability.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Email Relay",
|
|
||||||
"question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_mailer_relay_use | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_mailer_relay_use",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Jitsi",
|
|
||||||
"description": "Configure Jitsi conferencing settings.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Jitsi",
|
|
||||||
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_jitsi_enabled }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_jitsi_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Set Default Language",
|
|
||||||
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 2,
|
|
||||||
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_jitsi_web_config_defaultLanguage",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure ma1sd",
|
|
||||||
"description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable ma1sd",
|
|
||||||
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_ma1sd_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_ma1sd_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "ma1sd Authentication Mode",
|
|
||||||
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_matrix_ma1sd_auth_store }}",
|
|
||||||
"choices": "Synapse Internal\nLDAP/AD",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_matrix_ma1sd_auth_store",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "LDAP/AD Configuration",
|
|
||||||
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }},
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_matrix_ma1sd_configuration_extension_yaml",
|
|
||||||
"type": "textarea"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,29 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Mjolnir",
|
|
||||||
"description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Mjolnir",
|
|
||||||
"question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_bot_mjolnir_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_bot_mjolnir_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Mjolnir Management Room",
|
|
||||||
"question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_bot_mjolnir_management_room }}",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_bot_mjolnir_management_room",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,198 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Synapse",
|
|
||||||
"description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Public Registration",
|
|
||||||
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_enable_registration | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_enable_registration",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable Federation",
|
|
||||||
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_federation_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_federation_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Allow Public Rooms Over Federation",
|
|
||||||
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_allow_public_rooms_over_federation",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable Community Creation",
|
|
||||||
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_enable_group_creation | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_enable_group_creation",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable Synapse Presence",
|
|
||||||
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_presence_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_presence_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable URL Previews",
|
|
||||||
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_url_preview_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_url_preview_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable Guest Access",
|
|
||||||
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_allow_guest_access | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_allow_guest_access",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Registration Requires Email",
|
|
||||||
"question_description": "Controls whether an email address is required to register on the server.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_registrations_require_3pid | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_registrations_require_3pid",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Registration Shared Secret",
|
|
||||||
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 256,
|
|
||||||
"default": "",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_matrix_synapse_registration_shared_secret",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Synapse Max Upload Size",
|
|
||||||
"question_description": "Sets the maximum size for uploaded files in MB.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 3,
|
|
||||||
"default": "{{ matrix_synapse_max_upload_size_mb }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_synapse_max_upload_size_mb",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "URL Preview Languages",
|
|
||||||
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": {{ awx_url_preview_accept_language_default | to_json }},
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_url_preview_accept_language",
|
|
||||||
"type": "textarea"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Federation Whitelist",
|
|
||||||
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": {{ awx_federation_whitelist | to_json }},
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_federation_whitelist",
|
|
||||||
"type": "textarea"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Synapse Auto-Join Rooms",
|
|
||||||
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 65536,
|
|
||||||
"default": {{ awx_synapse_auto_join_rooms | to_json }},
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_synapse_auto_join_rooms",
|
|
||||||
"type": "textarea"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Enable ReCaptcha on Registration",
|
|
||||||
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_enable_registration_captcha | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_enable_registration_captcha",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Recaptcha Public Key",
|
|
||||||
"question_description": "Sets the Google ReCaptcha public key for this website.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 40,
|
|
||||||
"default": "{{ awx_recaptcha_public_key }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_recaptcha_public_key",
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "Recaptcha Private Key",
|
|
||||||
"question_description": "Sets the Google ReCaptcha private key for this website.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 40,
|
|
||||||
"default": "{{ awx_recaptcha_private_key }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_recaptcha_private_key",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,18 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Synapse Admin",
|
|
||||||
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Enable Synapse Admin",
|
|
||||||
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.",
|
|
||||||
"required": false,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ matrix_synapse_admin_enabled | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "matrix_synapse_admin_enabled",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,54 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "Configure Website Access Backup",
|
|
||||||
"description": "Configure base domain website settings and access the services backup.",
|
|
||||||
"spec": [
|
|
||||||
{
|
|
||||||
"question_name": "Customise Base Domain Website",
|
|
||||||
"question_description": "Set if you want to adjust the base domain website using SFTP.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_customise_base_domain_website | string | lower }}",
|
|
||||||
"choices": "true\nfalse",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_customise_base_domain_website",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Authorisation Method",
|
|
||||||
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
|
||||||
"required": true,
|
|
||||||
"min": null,
|
|
||||||
"max": null,
|
|
||||||
"default": "{{ awx_sftp_auth_method | string }}",
|
|
||||||
"choices": "Disabled\nPassword\nSSH Key",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_auth_method",
|
|
||||||
"type": "multiplechoice"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Password",
|
|
||||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 64,
|
|
||||||
"default": "{{ awx_sftp_password }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_password",
|
|
||||||
"type": "password"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"question_name": "SFTP Public SSH Key (More Secure)",
|
|
||||||
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
|
||||||
"required": false,
|
|
||||||
"min": 0,
|
|
||||||
"max": 16384,
|
|
||||||
"default": "{{ awx_sftp_public_key }}",
|
|
||||||
"choices": "",
|
|
||||||
"new_question": true,
|
|
||||||
"variable": "awx_sftp_public_key",
|
|
||||||
"type": "text"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,101 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Backup Server variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# AWX Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'awx_backup_enabled': '{{ awx_backup_enabled }}'
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Save new 'Backup Server' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Copy new 'Backup Server' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
|
||||||
dest: '/matrix/awx/backup_server.json'
|
|
||||||
mode: '0660'
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Recreate 'Backup Server' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 0 - Backup Server"
|
|
||||||
description: "Performs a backup of the entire service to a remote location."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "backup-server,use-survey"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Copy new 'matrix_vars.yml' to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
dest: '/matrix/awx/matrix_vars.yml'
|
|
||||||
mode: '0660'
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Run initial backup of /matrix/ and snapshot the database simultaneously
|
|
||||||
command: "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- borgmatic -c /root/.config/borgmatic/config_1.yaml
|
|
||||||
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
|
|
||||||
register: _create_instances
|
|
||||||
async: 3600 # Maximum runtime in seconds.
|
|
||||||
poll: 0 # Fire and continue (never poll)
|
|
||||||
when: awx_backup_enabled|bool
|
|
||||||
|
|
||||||
- name: Wait for both of these jobs to finish
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: _jobs
|
|
||||||
until: _jobs.finished
|
|
||||||
delay: 5 # Check every 5 seconds.
|
|
||||||
retries: 720 # Retry for a full hour.
|
|
||||||
with_items: "{{ _create_instances.results }}"
|
|
||||||
when: awx_backup_enabled|bool
|
|
||||||
|
|
||||||
- name: Perform borg backup of postgres dump
|
|
||||||
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
|
|
||||||
when: awx_backup_enabled|bool
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
awx_end_playbook: true
|
|
||||||
|
|
||||||
- name: End playbook if this task list is called.
|
|
||||||
meta: end_play
|
|
||||||
when: awx_end_playbook is defined and awx_end_playbook|bool
|
|
@ -1,58 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Bridge Discord AppService variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Bridge Discord AppService Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}'
|
|
||||||
'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}'
|
|
||||||
'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}'
|
|
||||||
|
|
||||||
- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list
|
|
||||||
set_fact:
|
|
||||||
awx_appservice_discord_admin_rooms_array: |-
|
|
||||||
{{ awx_appservice_discord_admin_rooms.splitlines() | to_json }}
|
|
||||||
when: awx_appservice_discord_admin_rooms | trim | length > 0
|
|
||||||
|
|
||||||
- name: Promote user to administer (PL100) of each room
|
|
||||||
command: |
|
|
||||||
docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100'
|
|
||||||
with_indexed_items:
|
|
||||||
- "{{ awx_appservice_discord_admin_rooms_array }}"
|
|
||||||
when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined )
|
|
||||||
|
|
||||||
- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Bridge Discord Appservice' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json'
|
|
||||||
dest: '/matrix/awx/bridge_discord_appservice.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Bridge Discord Appservice' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 3 - Bridge Discord AppService"
|
|
||||||
description: "Enables a private bridge you can use to connect Matrix rooms to Discord."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-all,bridge-discord-appservice"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Collect current datetime
|
|
||||||
set_fact:
|
|
||||||
awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
|
|
||||||
|
|
||||||
- name: Create cached matrix_vars.yml file location
|
|
||||||
set_fact:
|
|
||||||
awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'
|
|
||||||
|
|
||||||
- name: Create cached matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"
|
|
@ -1,11 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Create a AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: present
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_master_token }}"
|
|
||||||
register: awx_session_token
|
|
||||||
no_log: true
|
|
@ -1,41 +0,0 @@
|
|||||||
---
|
|
||||||
#
|
|
||||||
# Create user and define if they are admin
|
|
||||||
#
|
|
||||||
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: Set admin bool to zero
|
|
||||||
set_fact:
|
|
||||||
awx_admin_bool: 0
|
|
||||||
when: awx_admin_access == 'false'
|
|
||||||
|
|
||||||
- name: Examine if server admin set
|
|
||||||
set_fact:
|
|
||||||
awx_admin_bool: 1
|
|
||||||
when: awx_admin_access == 'true'
|
|
||||||
|
|
||||||
- name: Create user account
|
|
||||||
command: |
|
|
||||||
/usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }}
|
|
||||||
register: awx_cmd_output
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
awx_end_playbook: true
|
|
||||||
|
|
||||||
- name: Result
|
|
||||||
debug: msg="{{ awx_cmd_output.stdout }}"
|
|
||||||
|
|
||||||
- name: End playbook if this task list is called.
|
|
||||||
meta: end_play
|
|
||||||
when: awx_end_playbook is defined and awx_end_playbook|bool
|
|
@ -1,267 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Enable index.html creation if user doesn't wish to customise base domain
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Base Domain Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
|
||||||
when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool
|
|
||||||
|
|
||||||
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Base Domain Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
|
||||||
when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool
|
|
||||||
|
|
||||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Custom Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"'
|
|
||||||
'awx_sftp_password': '"{{ awx_sftp_password }}"'
|
|
||||||
'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"'
|
|
||||||
|
|
||||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Custom Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}'
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Reload vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
|
||||||
dest: '/matrix/awx/configure_website_access_export.json'
|
|
||||||
mode: '0660'
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: './roles/matrix-awx/surveys/access_export.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
|
||||||
when: awx_customise_base_domain_website is undefined
|
|
||||||
|
|
||||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
|
||||||
dest: '/matrix/awx/access_export.json'
|
|
||||||
mode: '0660'
|
|
||||||
when: awx_customise_base_domain_website is undefined
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Website + Access Export' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
|
|
||||||
description: "Configure base domain website settings and access the servers export."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-nginx-proxy"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Recreate 'Access Export' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Access Export"
|
|
||||||
description: "Access the services export."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-nginx-proxy"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: awx_customise_base_domain_website is undefined
|
|
||||||
|
|
||||||
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
|
|
||||||
user:
|
|
||||||
name: sftp
|
|
||||||
comment: SFTP user to set custom web files and access servers export
|
|
||||||
shell: /bin/false
|
|
||||||
home: /home/sftp
|
|
||||||
group: matrix
|
|
||||||
password: '*'
|
|
||||||
update_password: always
|
|
||||||
when: awx_sftp_password|length == 0
|
|
||||||
|
|
||||||
- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account
|
|
||||||
user:
|
|
||||||
name: sftp
|
|
||||||
comment: SFTP user to set custom web files and access servers export
|
|
||||||
shell: /bin/false
|
|
||||||
home: /home/sftp
|
|
||||||
group: matrix
|
|
||||||
password: "{{ awx_sftp_password | password_hash('sha512') }}"
|
|
||||||
update_password: always
|
|
||||||
when: awx_sftp_password|length > 0
|
|
||||||
|
|
||||||
- name: Ensure group "sftp" exists
|
|
||||||
group:
|
|
||||||
name: sftp
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: adding existing user 'sftp' to group matrix
|
|
||||||
user:
|
|
||||||
name: sftp
|
|
||||||
groups: sftp
|
|
||||||
append: true
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
|
||||||
file:
|
|
||||||
path: /chroot
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '1755'
|
|
||||||
|
|
||||||
- name: Ensure /chroot/website location exists.
|
|
||||||
file:
|
|
||||||
path: /chroot/website
|
|
||||||
state: directory
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '0770'
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Ensure /chroot/export location exists
|
|
||||||
file:
|
|
||||||
path: /chroot/export
|
|
||||||
state: directory
|
|
||||||
owner: sftp
|
|
||||||
group: sftp
|
|
||||||
mode: '0700'
|
|
||||||
|
|
||||||
- name: Ensure /home/sftp/.ssh location exists
|
|
||||||
file:
|
|
||||||
path: /home/sftp/.ssh
|
|
||||||
state: directory
|
|
||||||
owner: sftp
|
|
||||||
group: sftp
|
|
||||||
mode: '0700'
|
|
||||||
|
|
||||||
- name: Ensure /home/sftp/authorized_keys exists
|
|
||||||
file:
|
|
||||||
path: /home/sftp/.ssh/authorized_keys
|
|
||||||
state: touch
|
|
||||||
owner: sftp
|
|
||||||
group: sftp
|
|
||||||
mode: '0644'
|
|
||||||
|
|
||||||
- name: Clear authorized_keys file
|
|
||||||
shell: echo "" > /home/sftp/.ssh/authorized_keys
|
|
||||||
|
|
||||||
- name: Insert public SSH key into authorized_keys file
|
|
||||||
lineinfile:
|
|
||||||
path: /home/sftp/.ssh/authorized_keys
|
|
||||||
line: "{{ awx_sftp_public_key }}"
|
|
||||||
owner: sftp
|
|
||||||
group: sftp
|
|
||||||
mode: '0644'
|
|
||||||
when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key")
|
|
||||||
|
|
||||||
- name: Remove any existing Subsystem lines
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
state: absent
|
|
||||||
regexp: '^Subsystem'
|
|
||||||
|
|
||||||
- name: Set SSH Subsystem State
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
insertafter: "^# override default of no subsystems"
|
|
||||||
line: "Subsystem sftp internal-sftp"
|
|
||||||
|
|
||||||
- name: Add SSH Match User section for disabled auth
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
state: absent
|
|
||||||
block: |
|
|
||||||
Match User sftp
|
|
||||||
ChrootDirectory /chroot
|
|
||||||
PermitTunnel no
|
|
||||||
X11Forwarding no
|
|
||||||
AllowTcpForwarding no
|
|
||||||
PasswordAuthentication yes
|
|
||||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
|
||||||
when: awx_sftp_auth_method == "Disabled"
|
|
||||||
|
|
||||||
- name: Add SSH Match User section for password auth
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
state: present
|
|
||||||
block: |
|
|
||||||
Match User sftp
|
|
||||||
ChrootDirectory /chroot
|
|
||||||
PermitTunnel no
|
|
||||||
X11Forwarding no
|
|
||||||
AllowTcpForwarding no
|
|
||||||
PasswordAuthentication yes
|
|
||||||
when: awx_sftp_auth_method == "Password"
|
|
||||||
|
|
||||||
- name: Add SSH Match User section for publickey auth
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/ssh/sshd_config
|
|
||||||
state: present
|
|
||||||
block: |
|
|
||||||
Match User sftp
|
|
||||||
ChrootDirectory /chroot
|
|
||||||
PermitTunnel no
|
|
||||||
X11Forwarding no
|
|
||||||
AllowTcpForwarding no
|
|
||||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
|
||||||
when: awx_sftp_auth_method == "SSH Key"
|
|
||||||
|
|
||||||
- name: Restart service ssh.service
|
|
||||||
service:
|
|
||||||
name: ssh.service
|
|
||||||
state: restarted
|
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
@ -1,43 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Run export of /matrix/ and snapshot the database simultaneously
|
|
||||||
command: "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
|
|
||||||
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
|
|
||||||
register: awx_create_instances
|
|
||||||
async: 3600 # Maximum runtime in seconds.
|
|
||||||
poll: 0 # Fire and continue (never poll)
|
|
||||||
|
|
||||||
- name: Wait for both of these jobs to finish
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: awx_jobs
|
|
||||||
until: awx_jobs.finished
|
|
||||||
delay: 5 # Check every 5 seconds.
|
|
||||||
retries: 720 # Retry for a full hour.
|
|
||||||
with_items: "{{ awx_create_instances.results }}"
|
|
||||||
|
|
||||||
- name: Schedule deletion of the export in 24 hours
|
|
||||||
at:
|
|
||||||
command: rm /chroot/export/matrix*
|
|
||||||
count: 1
|
|
||||||
units: days
|
|
||||||
unique: true
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
awx_end_playbook: true
|
|
||||||
|
|
||||||
- name: End playbook if this task list is called.
|
|
||||||
meta: end_play
|
|
||||||
when: awx_end_playbook is defined and awx_end_playbook|bool
|
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Ensure correct ownership of /matrix/awx
|
|
||||||
shell: chown -R matrix:matrix /matrix/awx
|
|
||||||
|
|
||||||
- name: Ensure correct ownership of /matrix/synapse
|
|
||||||
shell: chown -R matrix:matrix /matrix/synapse
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Include vars in organisation.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Include vars in hosting_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Include AWX master token from awx_tokens.yml
|
|
||||||
include_vars:
|
|
||||||
file: /var/lib/awx/projects/hosting/awx_tokens.yml
|
|
||||||
no_log: true
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Include new vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: If include_vars succeeds overwrite the old matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"
|
|
||||||
|
|
||||||
- name: Copy new 'matrix_vars.yml' to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
dest: '/matrix/awx/matrix_vars.yml'
|
|
||||||
mode: '0660'
|
|
@ -1,234 +0,0 @@
|
|||||||
---
|
|
||||||
# Load initial hosting and organisation variables from AWX volume
|
|
||||||
- include_tasks:
|
|
||||||
file: "load_hosting_and_org_variables.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
# Renames or updates the vars.yml if needed
|
|
||||||
- include_tasks:
|
|
||||||
file: "update_variables.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
# Create AWX session token
|
|
||||||
- include_tasks:
|
|
||||||
file: "create_session_token.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
# Perform a backup of the server
|
|
||||||
- include_tasks:
|
|
||||||
file: "backup_server.yml"
|
|
||||||
apply:
|
|
||||||
tags: backup-server
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- backup-server
|
|
||||||
|
|
||||||
# Perform a export of the server
|
|
||||||
- include_tasks:
|
|
||||||
file: "export_server.yml"
|
|
||||||
apply:
|
|
||||||
tags: export-server
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- export-server
|
|
||||||
|
|
||||||
# Create a user account if called
|
|
||||||
- include_tasks:
|
|
||||||
file: "create_user.yml"
|
|
||||||
apply:
|
|
||||||
tags: create-user
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- create-user
|
|
||||||
|
|
||||||
# Purge local/remote media if called
|
|
||||||
- include_tasks:
|
|
||||||
file: "purge_media_main.yml"
|
|
||||||
apply:
|
|
||||||
tags: purge-media
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- purge-media
|
|
||||||
|
|
||||||
# Purge Synapse database if called
|
|
||||||
- include_tasks:
|
|
||||||
file: "purge_database_main.yml"
|
|
||||||
apply:
|
|
||||||
tags: purge-database
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- purge-database
|
|
||||||
|
|
||||||
# Rotate SSH key if called
|
|
||||||
- include_tasks:
|
|
||||||
file: "rotate_ssh.yml"
|
|
||||||
apply:
|
|
||||||
tags: rotate-ssh
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- rotate-ssh
|
|
||||||
|
|
||||||
# Import configs, media repo from /chroot/backup import
|
|
||||||
- include_tasks:
|
|
||||||
file: "import_awx.yml"
|
|
||||||
apply:
|
|
||||||
tags: import-awx
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- import-awx
|
|
||||||
|
|
||||||
# Perform extra self-check functions
|
|
||||||
- include_tasks:
|
|
||||||
file: "self_check.yml"
|
|
||||||
apply:
|
|
||||||
tags: self-check
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- self-check
|
|
||||||
|
|
||||||
# Create cached matrix_vars.yml file
|
|
||||||
- include_tasks:
|
|
||||||
file: "cache_matrix_variables.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
# Configure SFTP so user can upload a static website or access the servers export
|
|
||||||
- include_tasks:
|
|
||||||
file: "customise_website_access_export.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-nginx-proxy
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-nginx-proxy
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Element configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_element.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-client-element
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-client-element
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Mailer configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_mailer.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-mailer
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-mailer
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Element configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_element_subdomain.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-client-element-subdomain
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-client-element-subdomain
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Synapse configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_synapse.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-synapse
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-synapse
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Jitsi configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_jitsi.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-jitsi
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-jitsi
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Ma1sd configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_ma1sd.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-ma1sd
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-ma1sd
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Mjolnir Bot configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_mjolnir.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-bot-mjolnir
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-bot-mjolnir
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Corporal configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_corporal.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-corporal
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-corporal
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Dimension configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_dimension.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-dimension
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-dimension
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Synapse Admin configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "set_variables_synapse_admin.yml"
|
|
||||||
apply:
|
|
||||||
tags: setup-synapse-admin
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- setup-synapse-admin
|
|
||||||
|
|
||||||
# Additional playbook to set the variable file during Discord Appservice Bridge configuration
|
|
||||||
- include_tasks:
|
|
||||||
file: "bridge_discord_appservice.yml"
|
|
||||||
apply:
|
|
||||||
tags: bridge-discord-appservice
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- bridge-discord-appservice
|
|
||||||
|
|
||||||
# Delete AWX session token
|
|
||||||
- include_tasks:
|
|
||||||
file: "delete_session_token.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
||||||
|
|
||||||
# Load newly formed matrix variables from AWX volume
|
|
||||||
- include_tasks:
|
|
||||||
file: "load_matrix_variables.yml"
|
|
||||||
apply:
|
|
||||||
tags: always
|
|
||||||
when: run_setup|bool and matrix_awx_enabled|bool
|
|
||||||
tags:
|
|
||||||
- always
|
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Purge all rooms with more then N events
|
|
||||||
shell: |
|
|
||||||
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
|
|
||||||
register: awx_purge_command
|
|
||||||
|
|
||||||
- name: Print output of purge command
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_purge_command.stdout }}"
|
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
@ -1,320 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Ensure dateutils and curl is installed in AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
yum:
|
|
||||||
name: dateutils
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Ensure curl and jq intalled on target machine
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- curl
|
|
||||||
- jq
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Collect before shrink size of Synapse database
|
|
||||||
shell: du -sh /matrix/postgres/data
|
|
||||||
register: awx_db_size_before_stat
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Collect the internal IP of the matrix-synapse container
|
|
||||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
register: awx_synapse_container_ip
|
|
||||||
|
|
||||||
- name: Collect access token for @admin-janitor user
|
|
||||||
shell: |
|
|
||||||
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
register: awx_janitors_token
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Copy build_room_list.py script to target machine
|
|
||||||
copy:
|
|
||||||
src: ./roles/matrix-awx/scripts/matrix_build_room_list.py
|
|
||||||
dest: /usr/local/bin/matrix_build_room_list.py
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '0755'
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Run build_room_list.py script
|
|
||||||
shell: |
|
|
||||||
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }}
|
|
||||||
register: awx_rooms_total
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Fetch complete room list from target machine
|
|
||||||
fetch:
|
|
||||||
src: /tmp/room_list_complete.json
|
|
||||||
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
|
|
||||||
flat: true
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Remove complete room list from target machine
|
|
||||||
file:
|
|
||||||
path: /tmp/room_list_complete.json
|
|
||||||
state: absent
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Generate list of rooms with no local users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Count number of rooms with no local users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
|
|
||||||
register: awx_rooms_no_local_total
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Setting host fact awx_room_list_no_local_users
|
|
||||||
set_fact:
|
|
||||||
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
|
|
||||||
no_log: true
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Purge all rooms with no local users
|
|
||||||
include_tasks: purge_database_no_local.yml
|
|
||||||
loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Collect epoche time from date
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
date -d '{{ awx_purge_date }}' +"%s"
|
|
||||||
when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
register: awx_purge_epoche_time
|
|
||||||
|
|
||||||
- name: Generate list of rooms with more then N users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
|
|
||||||
when: awx_purge_mode.find("Number of users [slower]") != -1
|
|
||||||
|
|
||||||
- name: Count number of rooms with more then N users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
|
|
||||||
register: awx_rooms_join_members_total
|
|
||||||
when: awx_purge_mode.find("Number of users [slower]") != -1
|
|
||||||
|
|
||||||
- name: Setting host fact awx_room_list_joined_members
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
set_fact:
|
|
||||||
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
|
|
||||||
when: awx_purge_mode.find("Number of users [slower]") != -1
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Purge all rooms with more then N users
|
|
||||||
include_tasks: purge_database_users.yml
|
|
||||||
loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
|
|
||||||
when: awx_purge_mode.find("Number of users [slower]") != -1
|
|
||||||
|
|
||||||
- name: Generate list of rooms with more then N events
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
|
|
||||||
when: awx_purge_mode.find("Number of events [slower]") != -1
|
|
||||||
|
|
||||||
- name: Count number of rooms with more then N events
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
|
|
||||||
register: awx_rooms_state_events_total
|
|
||||||
when: awx_purge_mode.find("Number of events [slower]") != -1
|
|
||||||
|
|
||||||
- name: Setting host fact awx_room_list_state_events
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
set_fact:
|
|
||||||
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
|
|
||||||
when: awx_purge_mode.find("Number of events [slower]") != -1
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Purge all rooms with more then N events
|
|
||||||
include_tasks: purge_database_events.yml
|
|
||||||
loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
|
|
||||||
when: awx_purge_mode.find("Number of events [slower]") != -1
|
|
||||||
|
|
||||||
- name: Adjust 'Deploy/Update a Server' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
description: "Creates a new matrix service with Spantaleev's playbooks"
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "rust-synapse-compress-state"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
|
||||||
|
|
||||||
- name: Execute rust-synapse-compress-state job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_launch:
|
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
wait: true
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
|
||||||
|
|
||||||
- name: Revert 'Deploy/Update a Server' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
description: "Creates a new matrix service with Spantaleev's playbooks"
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "setup-all,start"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
|
||||||
|
|
||||||
- name: Ensure matrix-synapse is stopped
|
|
||||||
service:
|
|
||||||
name: matrix-synapse
|
|
||||||
state: stopped
|
|
||||||
daemon_reload: true
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Re-index Synapse database
|
|
||||||
shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Ensure matrix-synapse is started
|
|
||||||
service:
|
|
||||||
name: matrix-synapse
|
|
||||||
state: started
|
|
||||||
daemon_reload: true
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Adjust 'Deploy/Update a Server' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
description: "Creates a new matrix service with Spantaleev's playbooks"
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "run-postgres-vacuum,start"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Execute run-postgres-vacuum job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_launch:
|
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
wait: true
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Revert 'Deploy/Update a Server' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
|
||||||
description: "Creates a new matrix service with Spantaleev's playbooks"
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "setup-all,start"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Cleanup room_list files
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: |
|
|
||||||
rm /tmp/{{ subscription_id }}_room_list*
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
- name: Collect after shrink size of Synapse database
|
|
||||||
shell: du -sh /matrix/postgres/data
|
|
||||||
register: awx_db_size_after_stat
|
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Print total number of rooms processed
|
|
||||||
debug:
|
|
||||||
msg: '{{ awx_rooms_total.stdout }}'
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Print the number of rooms purged with no local users
|
|
||||||
debug:
|
|
||||||
msg: '{{ awx_rooms_no_local_total.stdout }}'
|
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
|
||||||
|
|
||||||
- name: Print the number of rooms purged with more then N users
|
|
||||||
debug:
|
|
||||||
msg: '{{ awx_rooms_join_members_total.stdout }}'
|
|
||||||
when: awx_purge_mode.find("Number of users") != -1
|
|
||||||
|
|
||||||
- name: Print the number of rooms purged with more then N events
|
|
||||||
debug:
|
|
||||||
msg: '{{ awx_rooms_state_events_total.stdout }}'
|
|
||||||
when: awx_purge_mode.find("Number of events") != -1
|
|
||||||
|
|
||||||
- name: Print before purge size of Synapse database
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}"
|
|
||||||
when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 )
|
|
||||||
|
|
||||||
- name: Print after purge size of Synapse database
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}"
|
|
||||||
when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1)
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
awx_end_playbook: true
|
|
||||||
|
|
||||||
- name: End playbook early if this task is called.
|
|
||||||
meta: end_play
|
|
||||||
when: awx_end_playbook is defined and awx_end_playbook|bool
|
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Purge all rooms with no local users
|
|
||||||
shell: |
|
|
||||||
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room'
|
|
||||||
register: awx_purge_command
|
|
||||||
|
|
||||||
- name: Print output of purge command
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_purge_command.stdout }}"
|
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Purge all rooms with more then N users
|
|
||||||
shell: |
|
|
||||||
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
|
|
||||||
register: awx_purge_command
|
|
||||||
|
|
||||||
- name: Print output of purge command
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_purge_command.stdout }}"
|
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Collect epoche time from date
|
|
||||||
shell: |
|
|
||||||
date -d '{{ item }}' +"%s"
|
|
||||||
register: awx_epoche_time
|
|
||||||
|
|
||||||
- name: Purge local media to specific date
|
|
||||||
shell: |
|
|
||||||
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
|
|
||||||
register: awx_purge_command
|
|
||||||
|
|
||||||
- name: Print output of purge command
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_purge_command.stdout }}"
|
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
@ -1,111 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Ensure dateutils is installed in AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
yum:
|
|
||||||
name: dateutils
|
|
||||||
state: latest
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Ensure curl and jq intalled on target machine
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- curl
|
|
||||||
- jq
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Collect the internal IP of the matrix-synapse container
|
|
||||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
|
||||||
register: awx_synapse_container_ip
|
|
||||||
|
|
||||||
- name: Collect access token for @admin-janitor user
|
|
||||||
shell: |
|
|
||||||
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
|
||||||
register: awx_janitors_token
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Generate list of dates to purge to
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
|
|
||||||
register: awx_purge_dates
|
|
||||||
|
|
||||||
- name: Calculate initial size of local media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
|
||||||
register: awx_local_media_size_before
|
|
||||||
when: awx_purge_media_type == "Local Media"
|
|
||||||
async: 600
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate initial size of remote media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
|
||||||
register: awx_remote_media_size_before
|
|
||||||
when: awx_purge_media_type == "Remote Media"
|
|
||||||
async: 600
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Purge local media with loop
|
|
||||||
include_tasks: purge_media_local.yml
|
|
||||||
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
|
|
||||||
when: awx_purge_media_type == "Local Media"
|
|
||||||
|
|
||||||
- name: Purge remote media with loop
|
|
||||||
include_tasks: purge_media_remote.yml
|
|
||||||
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
|
|
||||||
when: awx_purge_media_type == "Remote Media"
|
|
||||||
|
|
||||||
- name: Calculate final size of local media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
|
||||||
register: awx_local_media_size_after
|
|
||||||
when: awx_purge_media_type == "Local Media"
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate final size of remote media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
|
||||||
register: awx_remote_media_size_after
|
|
||||||
when: awx_purge_media_type == "Remote Media"
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Print size of local media repository before purge
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_local_media_size_before.stdout.split('\n') }}"
|
|
||||||
when: awx_purge_media_type == "Local Media"
|
|
||||||
|
|
||||||
- name: Print size of local media repository after purge
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_local_media_size_after.stdout.split('\n') }}"
|
|
||||||
when: awx_purge_media_type == "Local Media"
|
|
||||||
|
|
||||||
- name: Print size of remote media repository before purge
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}"
|
|
||||||
when: awx_purge_media_type == "Remote Media"
|
|
||||||
|
|
||||||
- name: Print size of remote media repository after purge
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}"
|
|
||||||
when: awx_purge_media_type == "Remote Media"
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
awx_end_playbook: true
|
|
||||||
|
|
||||||
- name: End playbook early if this task is called.
|
|
||||||
meta: end_play
|
|
||||||
when: awx_end_playbook is defined and awx_end_playbook|bool
|
|
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Collect epoche time from date
|
|
||||||
shell: |
|
|
||||||
date -d '{{ item }}' +"%s"
|
|
||||||
register: awx_epoche_time
|
|
||||||
|
|
||||||
- name: Purge remote media to specific date
|
|
||||||
shell: |
|
|
||||||
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
|
|
||||||
register: awx_purge_command
|
|
||||||
|
|
||||||
- name: Print output of purge command
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_purge_command.stdout }}"
|
|
||||||
|
|
||||||
- name: Pause for 5 seconds to let Synapse breathe
|
|
||||||
pause:
|
|
||||||
seconds: 5
|
|
@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Set the new authorized key taken from file
|
|
||||||
authorized_key:
|
|
||||||
user: root
|
|
||||||
state: present
|
|
||||||
exclusive: true
|
|
||||||
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
|
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
|
||||||
awx.awx.tower_token:
|
|
||||||
description: 'AWX Session Token'
|
|
||||||
scope: "write"
|
|
||||||
state: absent
|
|
||||||
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
|
||||||
set_fact:
|
|
||||||
end_playbook: true
|
|
||||||
|
|
||||||
- name: End playbook if this task list is called.
|
|
||||||
meta: end_play
|
|
||||||
when: end_playbook is defined and end_playbook|bool
|
|
@ -1,108 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Install prerequisite apt packages on target
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- sysstat
|
|
||||||
- curl
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Install prerequisite yum packages on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
yum:
|
|
||||||
name:
|
|
||||||
- bind-utils
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Install prerequisite pip packages on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
pip:
|
|
||||||
name:
|
|
||||||
- dnspython
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Calculate MAU value
|
|
||||||
shell: |
|
|
||||||
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
|
|
||||||
register: awx_mau_stat
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate CPU usage statistics
|
|
||||||
shell: iostat -c
|
|
||||||
register: awx_cpu_usage_stat
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate RAM usage statistics
|
|
||||||
shell: free -mh
|
|
||||||
register: awx_ram_usage_stat
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate free disk space
|
|
||||||
shell: df -h
|
|
||||||
register: awx_disk_space_stat
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate size of Synapse database
|
|
||||||
shell: du -sh /matrix/postgres/data
|
|
||||||
register: awx_db_size_stat
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate size of local media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
|
||||||
register: awx_local_media_size_stat
|
|
||||||
async: 600
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate size of remote media repository
|
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
|
||||||
register: awx_remote_media_size_stat
|
|
||||||
async: 600
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Calculate docker container statistics
|
|
||||||
shell: docker stats --all --no-stream
|
|
||||||
register: awx_docker_stats
|
|
||||||
ignore_errors: true
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Print size of remote media repository
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_remote_media_size_stat is defined
|
|
||||||
|
|
||||||
- name: Print size of local media repository
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_local_media_size_stat is defined
|
|
||||||
|
|
||||||
- name: Print size of Synapse database
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_db_size_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_db_size_stat is defined
|
|
||||||
|
|
||||||
- name: Print free disk space
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_disk_space_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_disk_space_stat is defined
|
|
||||||
|
|
||||||
- name: Print RAM usage statistics
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_ram_usage_stat is defined
|
|
||||||
|
|
||||||
- name: Print CPU usage statistics
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_cpu_usage_stat is defined
|
|
||||||
|
|
||||||
- name: Print MAU value
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_mau_stat.stdout.split('\n') }}"
|
|
||||||
when: awx_mau_stat is defined
|
|
||||||
|
|
||||||
- name: Print docker container statistics
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_docker_stats.stdout.split('\n') }}"
|
|
||||||
when: awx_docker_stats is defined
|
|
@ -1,243 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Corporal Enabled/Disabled variable
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Corporal Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
|
|
||||||
|
|
||||||
- name: Enable Shared Secret Auth if Corporal enabled
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Shared Secret Auth Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
|
|
||||||
when: matrix_corporal_enabled|bool
|
|
||||||
|
|
||||||
- name: Disable Shared Secret Auth if Corporal disabled
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Shared Secret Auth Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
|
|
||||||
when: not matrix_corporal_enabled|bool
|
|
||||||
|
|
||||||
- name: Enable Rest Auth Endpoint if Corporal enabled
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Extension Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
|
||||||
when: matrix_corporal_enabled|bool
|
|
||||||
|
|
||||||
- name: Disable Rest Auth Endpoint if Corporal disabled
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Extension Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
|
||||||
when: not matrix_corporal_enabled|bool
|
|
||||||
|
|
||||||
- name: Disable Corporal API if Simple Static File mode selected
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Corporal Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_corporal_http_api_enabled': 'false'
|
|
||||||
when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
|
|
||||||
|
|
||||||
- name: Enable Corporal API if Push/Pull mode delected
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Corporal Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_corporal_http_api_enabled': 'true'
|
|
||||||
when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
|
|
||||||
|
|
||||||
- name: Record Corporal API Access Token if it's defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Corporal Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
|
|
||||||
when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )
|
|
||||||
|
|
||||||
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
blockinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertbefore: "# Corporal Policy Provider Settings End"
|
|
||||||
marker_begin: "Corporal"
|
|
||||||
marker_end: "Corporal"
|
|
||||||
block: |
|
|
||||||
matrix_corporal_policy_provider_config: |
|
|
||||||
{
|
|
||||||
"Type": "static_file",
|
|
||||||
"Path": "/etc/matrix-corporal/corporal-policy.json"
|
|
||||||
}
|
|
||||||
when: awx_corporal_policy_provider_mode == "Simple Static File"
|
|
||||||
|
|
||||||
- name: Touch the /matrix/corporal/ directory
|
|
||||||
file:
|
|
||||||
path: "/matrix/corporal/"
|
|
||||||
state: directory
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '750'
|
|
||||||
|
|
||||||
- name: Touch the /matrix/corporal/config/ directory
|
|
||||||
file:
|
|
||||||
path: "/matrix/corporal/config/"
|
|
||||||
state: directory
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '750'
|
|
||||||
|
|
||||||
- name: Touch the /matrix/corporal/cache/ directory
|
|
||||||
file:
|
|
||||||
path: "/matrix/corporal/cache/"
|
|
||||||
state: directory
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '750'
|
|
||||||
|
|
||||||
- name: Touch the corporal-policy.json file to ensure it exists
|
|
||||||
file:
|
|
||||||
path: "/matrix/corporal/config/corporal-policy.json"
|
|
||||||
state: touch
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '660'
|
|
||||||
|
|
||||||
- name: Touch the last-policy.json file to ensure it exists
|
|
||||||
file:
|
|
||||||
path: "/matrix/corporal/config/last-policy.json"
|
|
||||||
state: touch
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '660'
|
|
||||||
|
|
||||||
- name: Record 'Simple Static File' configuration content in corporal-policy.json
|
|
||||||
copy:
|
|
||||||
content: "{{ awx_corporal_simple_static_config | string }}"
|
|
||||||
dest: "/matrix/corporal/config/corporal-policy.json"
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '660'
|
|
||||||
when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)
|
|
||||||
|
|
||||||
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
blockinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: "# Corporal Policy Provider Settings Start"
|
|
||||||
block: |
|
|
||||||
matrix_corporal_policy_provider_config: |
|
|
||||||
{
|
|
||||||
"Type": "http",
|
|
||||||
"Uri": "{{ awx_corporal_pull_mode_uri }}",
|
|
||||||
"AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
|
|
||||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
|
||||||
"ReloadIntervalSeconds": 1800,
|
|
||||||
"TimeoutMilliseconds": 30000
|
|
||||||
}
|
|
||||||
when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)
|
|
||||||
|
|
||||||
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
blockinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: "# Corporal Policy Provider Settings Start"
|
|
||||||
block: |
|
|
||||||
matrix_corporal_policy_provider_config: |
|
|
||||||
{
|
|
||||||
"Type": "last_seen_store_policy",
|
|
||||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
|
|
||||||
}
|
|
||||||
when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
|
|
||||||
|
|
||||||
- name: Lower RateLimit if set to 'Normal'
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
|
||||||
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
|
||||||
when: awx_corporal_raise_ratelimits == "Normal"
|
|
||||||
|
|
||||||
- name: Raise RateLimit if set to 'Raised'
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
|
||||||
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
|
||||||
when: awx_corporal_raise_ratelimits == "Raised"
|
|
||||||
|
|
||||||
- name: Save new 'Configure Corporal' survey.json to the AWX tower
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Corporal' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
|
||||||
dest: '/matrix/awx/configure_corporal.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Corporal (Advanced)' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
|
|
||||||
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-corporal"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,105 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Install jq and curl on remote machine
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- jq
|
|
||||||
- curl
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Collect access token of @admin-dimension user
|
|
||||||
shell: |
|
|
||||||
curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token'
|
|
||||||
register: awx_dimension_user_access_token
|
|
||||||
|
|
||||||
- name: Record Synapse variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Dimension Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
|
|
||||||
'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"'
|
|
||||||
|
|
||||||
- name: Set final users list if users are defined
|
|
||||||
set_fact:
|
|
||||||
awx_dimension_users_final: "{{ awx_dimension_users }}"
|
|
||||||
when: awx_dimension_users | length > 0
|
|
||||||
|
|
||||||
- name: Set final users list if no users are defined
|
|
||||||
set_fact:
|
|
||||||
awx_dimension_users_final: '@dimension:{{ matrix_domain }}'
|
|
||||||
when: awx_dimension_users | length == 0
|
|
||||||
|
|
||||||
- name: Remove Dimension Users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: '^ - .*\n'
|
|
||||||
after: 'matrix_dimension_admins:'
|
|
||||||
before: '# Dimension Settings End'
|
|
||||||
|
|
||||||
- name: Set Dimension Users Header
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertbefore: '# Dimension Settings End'
|
|
||||||
line: "matrix_dimension_admins:"
|
|
||||||
|
|
||||||
- name: Set Dimension Users
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: '^matrix_dimension_admins:'
|
|
||||||
line: ' - "{{ item }}"'
|
|
||||||
with_items: "{{ awx_dimension_users_final.splitlines() }}"
|
|
||||||
|
|
||||||
- name: Record Dimension Custom variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertbefore: '# Dimension Settings End'
|
|
||||||
with_dict:
|
|
||||||
'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}'
|
|
||||||
|
|
||||||
- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Dimension' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
|
|
||||||
dest: '/matrix/awx/configure_dimension.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Dimension' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Dimension"
|
|
||||||
description: "Configure Dimension, the self-hosted integrations server."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-all,setup-dimension"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,180 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Element-Web variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
|
|
||||||
'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}'
|
|
||||||
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
|
|
||||||
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
|
|
||||||
'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}'
|
|
||||||
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}'
|
|
||||||
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}'
|
|
||||||
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}'
|
|
||||||
|
|
||||||
- name: Record Element-Web custom variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertbefore: '# Element Settings End'
|
|
||||||
with_dict:
|
|
||||||
'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}'
|
|
||||||
'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}'
|
|
||||||
|
|
||||||
- name: Set Element-Web custom branding locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_brand': "{{ matrix_client_element_brand }}"
|
|
||||||
when: matrix_client_element_brand | trim | length > 0
|
|
||||||
|
|
||||||
- name: Remove Element-Web custom branding locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_brand: "
|
|
||||||
state: absent
|
|
||||||
when: matrix_client_element_brand | trim | length == 0
|
|
||||||
|
|
||||||
- name: Set fact for 'https' string
|
|
||||||
set_fact:
|
|
||||||
awx_https_string: "https"
|
|
||||||
|
|
||||||
- name: Set Element-Web custom logo locally on AWX if defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}'
|
|
||||||
when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 )
|
|
||||||
|
|
||||||
- name: Remove Element-Web custom logo locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_welcome_logo: "
|
|
||||||
state: absent
|
|
||||||
when: matrix_client_element_welcome_logo | trim | length == 0
|
|
||||||
|
|
||||||
- name: Set Element-Web custom logo link locally on AWX if defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}'
|
|
||||||
when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 )
|
|
||||||
|
|
||||||
- name: Remove Element-Web custom logo link locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_welcome_logo_link: "
|
|
||||||
state: absent
|
|
||||||
when: matrix_client_element_welcome_logo_link | trim | length == 0
|
|
||||||
|
|
||||||
- name: Set Element-Web custom headline locally on AWX if defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}'
|
|
||||||
when: awx_matrix_client_element_welcome_headline | trim | length > 0
|
|
||||||
|
|
||||||
- name: Remove Element-Web custom headline locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_welcome_headline: "
|
|
||||||
state: absent
|
|
||||||
when: awx_matrix_client_element_welcome_headline | trim | length == 0
|
|
||||||
|
|
||||||
- name: Set Element-Web custom text locally on AWX if defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}'
|
|
||||||
when: awx_matrix_client_element_welcome_text | trim | length > 0
|
|
||||||
|
|
||||||
- name: Remove Element-Web custom text locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_welcome_text: "
|
|
||||||
state: absent
|
|
||||||
when: awx_matrix_client_element_welcome_text | trim | length == 0
|
|
||||||
|
|
||||||
- name: Set Element-Web background locally on AWX if defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: '{{ item.value }}'"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
|
|
||||||
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0
|
|
||||||
|
|
||||||
- name: Remove Element-Web background locally on AWX if not defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: "
|
|
||||||
state: absent
|
|
||||||
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0
|
|
||||||
|
|
||||||
- name: Save new 'Configure Element' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Element' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
|
||||||
dest: '/matrix/awx/configure_element.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Element' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Element"
|
|
||||||
description: "Configure Element client via survey."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-client-element"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,43 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Element-Web variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Element Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}"
|
|
||||||
|
|
||||||
- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Element Subdomain' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
|
|
||||||
dest: '/matrix/awx/configure_element_subdomain.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Element Subdomain' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Element Subdomain"
|
|
||||||
description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)"
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-all,setup-client-element-subdomain"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,45 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Jitsi variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Jitsi Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
|
|
||||||
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}'
|
|
||||||
|
|
||||||
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Jitsi' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
|
||||||
dest: '/matrix/awx/configure_jitsi.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Jitsi' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
|
|
||||||
description: "Configure Jitsi conferencing settings."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-jitsi"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,102 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record ma1sd variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# ma1sd Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
|
|
||||||
|
|
||||||
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Extension Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false'
|
|
||||||
when: awx_matrix_ma1sd_auth_store == 'Synapse Internal'
|
|
||||||
|
|
||||||
- name: Enable REST auth if using external LDAP/AD with ma1sd
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Extension Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
|
|
||||||
'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"'
|
|
||||||
when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'
|
|
||||||
|
|
||||||
- name: Remove entire ma1sd configuration extension
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: '^.*\n'
|
|
||||||
after: '# ma1sd Extension Start'
|
|
||||||
before: '# ma1sd Extension End'
|
|
||||||
|
|
||||||
- name: Replace conjoined ma1sd configuration extension limiters
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: '^# ma1sd Extension Start# ma1sd Extension End'
|
|
||||||
replace: '# ma1sd Extension Start\n# ma1sd Extension End'
|
|
||||||
|
|
||||||
- name: Insert/Update ma1sd configuration extension variables
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
blockinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
|
|
||||||
insertafter: '# ma1sd Extension Start'
|
|
||||||
block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}'
|
|
||||||
|
|
||||||
- name: Record ma1sd Custom variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertbefore: '# ma1sd Settings End'
|
|
||||||
with_dict:
|
|
||||||
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
|
|
||||||
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure ma1sd' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
|
||||||
dest: '/matrix/awx/configure_ma1sd.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
|
|
||||||
description: "Configure Jitsi conferencing settings."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-ma1sd"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,44 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Mailer variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Email Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}'
|
|
||||||
|
|
||||||
- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Email Relay' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
|
|
||||||
dest: '/matrix/awx/configure_email_relay.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Email Relay' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Email Relay"
|
|
||||||
description: "Enable MailGun relay to increase verification email reliability."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-mailer"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,68 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
|
||||||
include_vars:
|
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Collect the internal IP of the matrix-synapse container
|
|
||||||
shell: |
|
|
||||||
/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse
|
|
||||||
register: matrix_synapse_ip
|
|
||||||
|
|
||||||
- name: Collect access token of @admin-mjolnir user
|
|
||||||
shell: |
|
|
||||||
curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token'
|
|
||||||
register: awx_mjolnir_user_access_token
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Record Mjolnir Bot variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Mjolnir Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}'
|
|
||||||
'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}'
|
|
||||||
'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"'
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Remove Synapse rate-limiting for admin-mjolnir user
|
|
||||||
shell: |
|
|
||||||
/usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);"
|
|
||||||
ignore_errors: true
|
|
||||||
|
|
||||||
- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Mjolnir' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
|
|
||||||
dest: '/matrix/awx/configure_mjolnir.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Mjolnir Bot' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot"
|
|
||||||
description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-bot-mjolnir"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,223 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Limit max upload size to 200MB part 1
|
|
||||||
set_fact:
|
|
||||||
matrix_synapse_max_upload_size_mb: "200"
|
|
||||||
when: awx_synapse_max_upload_size_mb | int >= 200
|
|
||||||
|
|
||||||
- name: Limit max upload size to 200MB part 2
|
|
||||||
set_fact:
|
|
||||||
matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}"
|
|
||||||
when: awx_synapse_max_upload_size_mb | int < 200
|
|
||||||
|
|
||||||
- name: Record Synapse variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
|
|
||||||
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
|
|
||||||
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
|
|
||||||
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
|
|
||||||
'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}'
|
|
||||||
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
|
|
||||||
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
|
|
||||||
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
|
|
||||||
|
|
||||||
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^matrix_synapse_auto_join_rooms: .*$"
|
|
||||||
replace: "matrix_synapse_auto_join_rooms: []"
|
|
||||||
when: awx_synapse_auto_join_rooms | length == 0
|
|
||||||
|
|
||||||
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
|
|
||||||
set_fact:
|
|
||||||
awx_synapse_auto_join_rooms_array: |-
|
|
||||||
{{ awx_synapse_auto_join_rooms.splitlines() | to_json }}
|
|
||||||
when: awx_synapse_auto_join_rooms | length > 0
|
|
||||||
|
|
||||||
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Settings Start'
|
|
||||||
with_dict:
|
|
||||||
"matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}"
|
|
||||||
when: awx_synapse_auto_join_rooms | length > 0
|
|
||||||
|
|
||||||
- name: Record Synapse Shared Secret if it's defined
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}'
|
|
||||||
when: awx_matrix_synapse_registration_shared_secret | length > 0
|
|
||||||
|
|
||||||
- name: Record registations_require_3pid extra variable if true
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "{{ item }}"
|
|
||||||
line: "{{ item }}"
|
|
||||||
insertbefore: '# Synapse Extension End'
|
|
||||||
with_items:
|
|
||||||
- " registrations_require_3pid:"
|
|
||||||
- " - email"
|
|
||||||
when: awx_registrations_require_3pid | bool
|
|
||||||
|
|
||||||
- name: Remove registrations_require_3pid extra variable if false
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "{{ item }}"
|
|
||||||
line: "{{ item }}"
|
|
||||||
insertbefore: '# Synapse Extension End'
|
|
||||||
state: absent
|
|
||||||
with_items:
|
|
||||||
- " registrations_require_3pid:"
|
|
||||||
- " - email"
|
|
||||||
when: not awx_registrations_require_3pid | bool
|
|
||||||
|
|
||||||
- name: Remove URL Languages
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
|
|
||||||
after: ' url_preview_accept_language:'
|
|
||||||
before: '# Synapse Extension End'
|
|
||||||
|
|
||||||
- name: Set URL languages default if raw inputs empty
|
|
||||||
set_fact:
|
|
||||||
awx_url_preview_accept_language_default: 'en'
|
|
||||||
when: awx_url_preview_accept_language | length == 0
|
|
||||||
|
|
||||||
- name: Set URL languages default if raw inputs not empty
|
|
||||||
set_fact:
|
|
||||||
awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}"
|
|
||||||
when: awx_url_preview_accept_language|length > 0
|
|
||||||
|
|
||||||
- name: Set URL languages if raw inputs empty
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: '^ url_preview_accept_language:'
|
|
||||||
line: " - {{ awx_url_preview_accept_language_default }}"
|
|
||||||
when: awx_url_preview_accept_language|length == 0
|
|
||||||
|
|
||||||
- name: Set URL languages if raw inputs not empty
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: '^ url_preview_accept_language:'
|
|
||||||
line: " - {{ item }}"
|
|
||||||
with_items: "{{ awx_url_preview_accept_language.splitlines() }}"
|
|
||||||
when: awx_url_preview_accept_language | length > 0
|
|
||||||
|
|
||||||
- name: Remove Federation Whitelisting 1
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
|
|
||||||
after: ' federation_domain_whitelist:'
|
|
||||||
before: '# Synapse Extension End'
|
|
||||||
|
|
||||||
- name: Remove Federation Whitelisting 2
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
line: " federation_domain_whitelist:"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Set Federation Whitelisting 1
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
|
|
||||||
line: " federation_domain_whitelist:"
|
|
||||||
when: awx_federation_whitelist | length > 0
|
|
||||||
|
|
||||||
- name: Set Federation Whitelisting 2
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
insertafter: '^ federation_domain_whitelist:'
|
|
||||||
line: " - {{ item }}"
|
|
||||||
with_items: "{{ awx_federation_whitelist.splitlines() }}"
|
|
||||||
when: awx_federation_whitelist | length > 0
|
|
||||||
|
|
||||||
- name: Set awx_recaptcha_public_key to a 'public-key' if undefined
|
|
||||||
set_fact: awx_recaptcha_public_key="public-key"
|
|
||||||
when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0)
|
|
||||||
|
|
||||||
- name: Set awx_recaptcha_private_key to a 'private-key' if undefined
|
|
||||||
set_fact: awx_recaptcha_private_key="private-key"
|
|
||||||
when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0)
|
|
||||||
|
|
||||||
- name: Record Synapse Extension variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertbefore: '# Synapse Extension End'
|
|
||||||
with_dict:
|
|
||||||
' enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
|
|
||||||
' recaptcha_public_key': '{{ awx_recaptcha_public_key }}'
|
|
||||||
' recaptcha_private_key': '{{ awx_recaptcha_private_key }}'
|
|
||||||
|
|
||||||
- name: Record Synapse Custom variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertbefore: '# Synapse Settings End'
|
|
||||||
with_dict:
|
|
||||||
'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}'
|
|
||||||
'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}'
|
|
||||||
'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
|
|
||||||
'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"'
|
|
||||||
'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"'
|
|
||||||
|
|
||||||
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Synapse' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
|
|
||||||
dest: '/matrix/awx/configure_synapse.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Synapse' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Synapse"
|
|
||||||
description: "Configure Synapse (homeserver) settings."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-synapse"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,44 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Record Synapse Admin variables locally on AWX
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '{{ awx_cached_matrix_vars }}'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: '# Synapse Admin Settings Start'
|
|
||||||
with_dict:
|
|
||||||
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
|
|
||||||
|
|
||||||
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
template:
|
|
||||||
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
|
|
||||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
|
||||||
|
|
||||||
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
|
|
||||||
copy:
|
|
||||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
|
||||||
dest: '/matrix/awx/configure_synapse_admin.json'
|
|
||||||
mode: '0660'
|
|
||||||
|
|
||||||
- name: Recreate 'Configure Synapse Admin' job template
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
awx.awx.tower_job_template:
|
|
||||||
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
|
|
||||||
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
|
|
||||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
||||||
job_type: run
|
|
||||||
job_tags: "start,setup-all"
|
|
||||||
inventory: "{{ member_id }}"
|
|
||||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
||||||
playbook: setup.yml
|
|
||||||
credential: "{{ member_id }} - AWX SSH Key"
|
|
||||||
survey_enabled: true
|
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
|
||||||
become_enabled: true
|
|
||||||
state: present
|
|
||||||
verbosity: 1
|
|
||||||
tower_host: "https://{{ awx_host }}"
|
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
|
||||||
validate_certs: true
|
|
@ -1,32 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Rename synapse presence variable
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
replace:
|
|
||||||
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
|
||||||
regexp: 'matrix_synapse_use_presence'
|
|
||||||
replace: 'matrix_synapse_presence_enabled'
|
|
||||||
|
|
||||||
- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
register: presence
|
|
||||||
shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
|
||||||
no_log: true
|
|
||||||
|
|
||||||
- name: Generate matrix_homeserver_generic_secret_key variable if not present
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
command: |
|
|
||||||
openssl rand -hex 16
|
|
||||||
register: generic_secret
|
|
||||||
no_log: true
|
|
||||||
when: presence is not changed
|
|
||||||
|
|
||||||
- name: Add new matrix_homeserver_generic_secret_key variable if not present
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
|
|
||||||
insertbefore: '# Basic Settings End'
|
|
||||||
mode: '0600'
|
|
||||||
state: present
|
|
||||||
when: presence is not changed
|
|
@ -1,77 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Create user account @admin-janitor
|
|
||||||
command: |
|
|
||||||
/usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
|
|
||||||
register: cmd
|
|
||||||
when: not awx_janitor_user_created|bool
|
|
||||||
no_log: false
|
|
||||||
|
|
||||||
- name: Update AWX janitor user created variable
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: 'AWX Settings'
|
|
||||||
with_dict:
|
|
||||||
'awx_janitor_user_created': 'true'
|
|
||||||
when: not awx_janitor_user_created|bool
|
|
||||||
|
|
||||||
- name: Create user account @admin-dimension
|
|
||||||
command: |
|
|
||||||
/usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
|
|
||||||
register: cmd
|
|
||||||
when: not awx_dimension_user_created|bool
|
|
||||||
no_log: false
|
|
||||||
|
|
||||||
- name: Update AWX dimension user created variable
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: 'AWX Settings'
|
|
||||||
with_dict:
|
|
||||||
'awx_dimension_user_created': 'true'
|
|
||||||
when: not awx_dimension_user_created|bool
|
|
||||||
|
|
||||||
- name: Create user account @admin-mjolnir
|
|
||||||
command: |
|
|
||||||
/usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
|
|
||||||
register: cmd
|
|
||||||
when: not awx_mjolnir_user_created|bool
|
|
||||||
no_log: false
|
|
||||||
|
|
||||||
- name: Update AWX dimension user created variable
|
|
||||||
delegate_to: 127.0.0.1
|
|
||||||
lineinfile:
|
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
|
||||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
||||||
line: "{{ item.key }}: {{ item.value }}"
|
|
||||||
insertafter: 'AWX Settings'
|
|
||||||
with_dict:
|
|
||||||
'awx_mjolnir_user_created': 'true'
|
|
||||||
when: not awx_mjolnir_user_created|bool
|
|
||||||
|
|
||||||
- name: Ensure /chroot/website location has correct permissions
|
|
||||||
file:
|
|
||||||
path: /chroot/website
|
|
||||||
state: directory
|
|
||||||
owner: matrix
|
|
||||||
group: matrix
|
|
||||||
mode: '0770'
|
|
||||||
when: awx_customise_base_domain_website is defined
|
|
||||||
|
|
||||||
- name: Collect Discord AppService bot invite link if file exists
|
|
||||||
command:
|
|
||||||
cat /matrix/appservice-discord/config/invite_link
|
|
||||||
register: awx_discord_appservice_link
|
|
||||||
when: awx_appservice_discord_admin_user is defined
|
|
||||||
args:
|
|
||||||
removes: /matrix/appservice-discord/config/invite_link
|
|
||||||
|
|
||||||
- name: Print Discord AppService bot link for user
|
|
||||||
debug:
|
|
||||||
msg: "{{ awx_discord_appservice_link.stdout }}"
|
|
||||||
when: awx_discord_appservice_link.stdout is defined
|
|
Loading…
Reference in new issue