From 30b0f782dcbb8fceaea63f0113560184f61aecd9 Mon Sep 17 00:00:00 2001 From: Greg Albrecht Date: Mon, 16 Jan 2023 16:30:52 -0800 Subject: [PATCH] updates --- README.md | 6 ++ defaults/main.yml | 4 ++ tasks/certbot.yml | 113 ----------------------------------- tasks/install-epel.yml | 2 +- tasks/install-psql.yml | 2 +- tasks/install-takserver.yml | 6 +- tasks/main.yml | 40 ++++--------- tasks/setup-takserver-db.yml | 16 ++--- tasks/update-yum.yml | 7 +++ tasks/yum-update.yml | 6 -- 10 files changed, 39 insertions(+), 163 deletions(-) create mode 100644 defaults/main.yml delete mode 100644 tasks/certbot.yml create mode 100644 tasks/update-yum.yml delete mode 100644 tasks/yum-update.yml diff --git a/README.md b/README.md index 38be7f7..bd5a20b 100644 --- a/README.md +++ b/README.md @@ -11,3 +11,9 @@ Ansible Playbooks for installing TAK Server ansible-playbook tasks/main.yml -i ../inventory.yaml --vault-password-file=../vault.txt -e '@../secret' -l mytakserver ``` +## Usage: + +1. Download the TAK Server RPM from tak.gov +2. Copy the TAK Server RPM to takserver/tasks/files +3. Specify the TAK Server RPM name when calling this role. + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..a276e1a --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +takserver_rpm: | + You must specify the TAK Server RPM in the + takserver_rpm variable. + diff --git a/tasks/certbot.yml b/tasks/certbot.yml deleted file mode 100644 index cd6e25e..0000000 --- a/tasks/certbot.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -- name: Installs letsencrypt/certbot from snap. - hosts: all - become: true - become_method: sudo - - tasks: - - name: Install snapd. - yum: - name: snapd - state: latest - - - name: Force systemd to re-read configs. - ansible.builtin.systemd: - daemon_reload: yes - - - name: Start snapd.socket. - ansible.builtin.systemd: - name: snapd.socket - enabled: yes - state: started - - - name: Create symlink for snap classic support. - ansible.builtin.file: - src: /var/lib/snapd/snap - dest: /snap - state: link - - - name: Install snap core. - community.general.snap: - name: core - - - name: Install certbot from snap - community.general.snap: - name: certbot - classic: true - - - name: Put certbot executabe in PATH. - file: - src: /snap/bin/certbot - dest: /usr/bin/certbot - state: link - - - name: Create TAK Server letsencrypt cert dir. - file: - path: /opt/tak/certs/files/letsencrypt - state: directory - - - name: certbot | Generate standalone cert. - ansible.builtin.command: - argv: - - certbot - - certonly - - --standalone - - -m - - certbot@undef.net - - --agree-tos - - -n - - --domains - - "{{ domain_name }}" - creates: "/etc/letsencrypt/live/{{ domain_name }}" - - - name: export certs - command: - argv: - - openssl - - pkcs12 - - -export - - -in - - "/etc/letsencrypt/live/{{ domain_name }}/fullchain.pem" - - -inkey - - "/etc/letsencrypt/live/{{ domain_name }}/privkey.pem" - - -name - - "{{ domain_name }}" - - -out - - "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.p12" - - -password - - pass:atakatak - creates: "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.p12" - - - name: import keystore - command: - argv: - - keytool - - -importkeystore - - -deststorepass - - atakatak - - -destkeystore - - "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.jks" - - -srckeystore - - "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.p12" - - -srcstoretype - - PKCS12 - - -srcstorepass - - atakatak - creates: "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.jks" - - - name: import bundle - command: - argv: - - keytool - - -noprompt - - -import - - -alias - - bundle - - -trustcacerts - - -file - - "/etc/letsencrypt/live/{{ domain_name }}/fullchain.pem" - - -keystore - - "/opt/tak/certs/files/letsencrypt/{{ domain_name }}.jks" - - -storepass - - atakatak - diff --git a/tasks/install-epel.yml b/tasks/install-epel.yml index 7404856..aadb6eb 100644 --- a/tasks/install-epel.yml +++ b/tasks/install-epel.yml @@ -1,7 +1,7 @@ --- - name: Enable EPEL repository on CentOS 7 and RHEL 7 - when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7' become: true yum: name: epel-release state: latest + when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7' diff --git a/tasks/install-psql.yml b/tasks/install-psql.yml index 569d5d6..8cba421 100644 --- a/tasks/install-psql.yml +++ b/tasks/install-psql.yml @@ -1,6 +1,6 @@ --- - name: Install postgres from yum repository on CentOS 7 and RHEL 7 - when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7' yum: name: https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm state: latest + when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7' diff --git a/tasks/install-takserver.yml b/tasks/install-takserver.yml index 873825c..c1262ec 100644 --- a/tasks/install-takserver.yml +++ b/tasks/install-takserver.yml @@ -1,10 +1,10 @@ --- - name: Copy TAK Server RPM copy: - src: takserver-4.7-RELEASE20.noarch.rpm - dest: takserver-4.7-RELEASE20.noarch.rpm + src: "{{ takserver_rpm }}" + dest: "{{ takserver_rpm }}" - name: Install TAK Server yum: - name: takserver-4.7-RELEASE20.noarch.rpm + name: "{{ takserver_rpm }}" state: latest diff --git a/tasks/main.yml b/tasks/main.yml index abaa9f2..256768d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,29 +1,13 @@ ---- - name: Install TAK Server - hosts: all - tasks: - - name: Linux | Prerequisite | Increases TCP connection limit - import_tasks: update-ulimit.yml - - - name: Linux | Prerequisite | Update yum cache - import_tasks: yum-update.yml - - - name: Linux | Prerequisite | Install EPEL - import_tasks: install-epel.yml - - - name: Linux | Prerequisite | Update yum cache (after adding EPEL) - import_tasks: yum-update.yml - - - name: PostgreSQL | Install - import_tasks: install-psql.yml - - - name: TAK Server | Install - import_tasks: install-takserver.yml - - - name: TAK Server | Setup DB - import_tasks: setup-takserver-db.yml - - - name: TAK Server | Enable & start service - import_tasks: enable-start-takserver.yml - - + tags: takserver + include_tasks: "{{ item }}" + loop: + - update-ulimit.yml + - update-yum.yml + - install-epel.yml + - update-yum.yml + - install-psql.yml + - install-takserver.yml + - setup-takserver-db.yml + - enable-start-takserver.yml + when: ansible_distribution == "CentOS" diff --git a/tasks/setup-takserver-db.yml b/tasks/setup-takserver-db.yml index 74bafd4..f9dc5ff 100644 --- a/tasks/setup-takserver-db.yml +++ b/tasks/setup-takserver-db.yml @@ -1,15 +1,9 @@ --- -- name: Check if takserver_db_setup.done exists +- name: Check if TAK PostgreSQL Database exists stat: - path: takserver_db_setup.done - register: takserver_db_setup + path: /var/lib/pgsql/10/data/ + register: takserver_db_data -- name: Setup TAK DB +- name: Setup TAK PostgreSQL Database shell: /opt/tak/db-utils/takserver-setup-db.sh - when: not takserver_db_setup.stat.exists - -- name: Touch takserver_db_setup.done - file: - path: takserver_db_setup.done - state: touch - when: not takserver_db_setup.stat.exists + when: not takserver_db_data.stat.exists diff --git a/tasks/update-yum.yml b/tasks/update-yum.yml new file mode 100644 index 0000000..becfc13 --- /dev/null +++ b/tasks/update-yum.yml @@ -0,0 +1,7 @@ +--- +- name: Update repository index (CentOS) + tags: always + ansible.builtin.yum: + update_cache: true + changed_when: false + when: ansible_distribution == "CentOS" diff --git a/tasks/yum-update.yml b/tasks/yum-update.yml deleted file mode 100644 index dc258f3..0000000 --- a/tasks/yum-update.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Update yum cache - become: true - yum: - name: '*' - state: latest