setup - task fixes

superstes · Dec 31, 2021 · 235fd92 · 235fd92
1 parent b3fc4a5
commit 235fd92
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 36 deletions.
diff --git a/setup/pb_setup.yml b/setup/pb_setup.yml
@@ -57,3 +57,14 @@
       ansible.builtin.import_role:
         name: setup
         tasks_from: 'setup_system.yml'
+
+    # cleanup
+    - name: GA | Setup | Cleaning up temporary password files
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - "{{ ga_tmp_pwd_file_sql_core }}"
+        - "{{ ga_tmp_pwd_file_sql_web }}"
+        - "{{ ga_tmp_pwd_file_django_user }}"
+        - "{{ ga_tmp_pwd_file_django_guest }}"
diff --git a/setup/requirements.yml b/setup/requirements.yml
@@ -24,6 +24,10 @@ roles:
     version: 'stable'
     name: 'ansibleguy.infra_django_apache'
 
+  - src: 'https://github.com/ansibleguy/infra_apache.git'
+    version: 'stable'
+    name: 'ansibleguy.infra_apache'
+
   - src: 'https://github.com/ansibleguy/infra_certs.git'
     version: 'stable'
     name: 'ansibleguy.infra_certs'

diff --git a/setup/roles/setup/tasks/setup_database.yml b/setup/roles/setup/tasks/setup_database.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: GA | Setup | GA Web - Database
+- name: GA Web - Database
   ansible.builtin.import_role:
     name: ansibleguy.infra_django_apache
   vars:
@@ -10,7 +10,7 @@
           python_version: "python{{ ga_python_version }}"
           path_venv: "{{ ga_web_path_venv }}"
           path_code: "{{ ga_web_path }}"
-          project: "{{ ga_web_django_project }}"
+          project: "base"
           static_url: 'static'
           serve:
             path: "{{ ga_web_path_static }}"
@@ -25,7 +25,7 @@
           ssl:
             mode: "{{ ga_web_ssl_mode }}"
             cert:
-              cn: "{{ ga_web_ssl_selfsigned_cn }}"
+              cn: 'GrowAutomation Certificate'
               org: 'GrowAutomation'
               country: 'AT'
               state: 'Styria'
@@ -48,7 +48,7 @@
             user: "{{ ga_sql_user_web }}"
             pwd: "{{ ga_sql_pwd_web }}"
             config: "{{ ga_sql_config }}"
-            config_mode: '0640'
+            config_mode: "0640"
             backup: true
             update_pwd: 'always'
   when: ga_web_install
@@ -64,34 +64,30 @@
     - ga_web_install
     - ga_core_install
 
-- name: GA | Setup | GA Core Database - Preparing config
-  ansible.builtin.set_fact:
-    ga_mariadb_instance: "{{ {
-      'dbs': {
-        ga_sql_db: 'present',
-      },
-      'backup': true,
-      'users': {
-        ga_sql_user_web: {
-          'priv': ga_sql_db + '.*:ALL',
-          'pwd': ga_sql_pwd_web,
-        },ansible.bu
-        ga_sql_user_core: {
-          'priv': ga_sql_db + '.*:ALL',
-          'pwd': ga_sql_pwd_core,
-        },
-      },
-      'settings': {'wait_timeout': 3600},
-      'socket': ga_sql_socket
-    } }}"
-
-- name: GA | Setup | GA Core Database - Setting up
+- name: GA | Setup | GA Core Database
   ansible.builtin.import_role:
     name: ansibleguy.infra_mariadb
   vars:
     mariadb:
       instances:
-        ga: "{{ ga_mariadb_instance }}"
+        ga: "{{ {
+          'dbs': {
+            ga_sql_db: 'present',
+          },
+          'backup': true,
+          'users': {
+            ga_sql_user_web: {
+              'priv': ga_sql_db + '.*:ALL',
+              'pwd': ga_sql_pwd_web,
+            },
+            ga_sql_user_core: {
+              'priv': ga_sql_db + '.*:ALL',
+              'pwd': ga_sql_pwd_core,
+            },
+          },
+          'settings': {'wait_timeout': 3600},
+          'socket': ga_sql_socket,
+        } }}"
   when:
     - not ga_web_install
     - ga_core_install

diff --git a/setup/roles/web/tasks/init_db.yml b/setup/roles/web/tasks/init_db.yml
@@ -11,12 +11,12 @@
     - 'crypto.py'
 
 - name: GA | Web | Init | Getting encrypted core-password
-  ansible.builtin.command: "/usr/bin/python3 /tmp/crypto.py {{ ga_core_path | quote }} encrypt {{ ga_sql_pwd_core | quote }}"
+  ansible.builtin.command: "{{ ga_web_path_venv }}/bin/python3 /tmp/crypto.py {{ ga_core_path | quote }} encrypt {{ ga_sql_pwd_core | quote }}"
   no_log: true
   register: ga_sql_pwd_core_encrypted
 
 - name: GA | Web | Init | Getting encrypted web-password
-  ansible.builtin.command: "/usr/bin/python3 /tmp/crypto.py {{ ga_core_path | quote }} encrypt {{ ga_sql_pwd_web | quote }}"
+  ansible.builtin.command: "{{ ga_web_path_venv }}/bin/python3 /tmp/crypto.py {{ ga_core_path | quote }} encrypt {{ ga_sql_pwd_web | quote }}"
   no_log: true
   register: ga_sql_pwd_web_encrypted
 
@@ -52,14 +52,14 @@
         version, version_detail)
         VALUES
         (NOW(), NOW(), '{{ ga_core_controller_name }}', 'Agent created by setup', '{{ ga_core_path }}', '{{ ga_core_path_home }}', '{{ ga_path_log }}', '{{ ga_sql_server }}', 
-        {{ ga_sql_port }}, '{{ ga_sql_user_core }}', '{{ ga_sql_pwd_core_encrypted.stdout }}', '{{ ga_sql_db }}', {{ ga_log_level }}, 0, 3, 3600, 1, 3600, 21600, 60
+        {{ ga_sql_port }}, '{{ ga_sql_user_core }}', '{{ ga_sql_pwd_core_encrypted.stdout }}', '{{ ga_sql_db }}', {{ ga_log_level }}, 0, 3, 3600, 1, 3600, 21600, 60,
         '{{ ga_setup_release }}', '{{ ga_setup_commit }}')"
 
 - name: GA | Web | Init | Executing database initialization script (local db)
   community.mysql.mysql_query:
     login_unix_socket: "{{ ga_sql_socket }}"
     login_db: "{{ ga_sql_db }}"
-    config_file: "{{ ga_update_path_web }}/{{ ga_sql_config }}"
+    config_file: "{{ ga_web_path }}/{{ ga_sql_config }}"
     query: "{{ ga_db_init }}"
     single_transaction: true
   when: ga_sql_server == 'localhost'
@@ -71,7 +71,7 @@
     login_host: "{{ ga_sql_server }}"
     login_port: "{{ ga_sql_port }}"
     login_db: "{{ ga_sql_db }}"
-    config_file: "{{ ga_update_path_web }}/{{ ga_sql_config }}"
+    config_file: "{{ ga_web_path }}/{{ ga_sql_config }}"
     query: "{{ ga_db_init }}"
     single_transaction: true
   when: ga_sql_server != 'localhost'
@@ -108,6 +108,7 @@
   environment:
     PYTHONPATH: "{{ ga_web_path }}:{{ ga_core_path }}:{{ ga_web_path_venv }}/lib/python{{ ga_python_version }}/site-packages"
     DJANGO_SETTINGS_MODULE: "{{ ga_web_django_project }}.settings"
+  no_log: true
 
 - name: GA | Web | Init | Creating ga users
   ansible.builtin.shell: "source {{ ga_web_path_venv }}/bin/activate &&
@@ -122,6 +123,7 @@
   loop_control:
     loop_var: user
   loop: "{{ ga_web_users }}"
+  no_log: true
 
 - name: GA | Web | Init | Restarting webserver
   ansible.builtin.systemd:

diff --git a/setup/vars/main.yml b/setup/vars/main.yml
@@ -1,6 +1,10 @@
 ---
 
 ga_random_pwd_file: '/etc/.ga_setup'
+ga_tmp_pwd_file_django_user: '/tmp/.ga_django_user'
+ga_tmp_pwd_file_django_guest: '/tmp/.ga_django_guest'
+ga_tmp_pwd_file_sql_core: '/tmp/.ga_core'
+ga_tmp_pwd_file_sql_web: '/tmp/.ga_web'
 
 # !! IMPORTANT NOTICE !!
 # These are the MUST CHANGE settings:
@@ -12,8 +16,8 @@ ga_timezone: 'Europe/Vienna'  # supported timezones are listed in '_common_timez
 ga_web_dns: 'ga.lan'  # if you want to access the web-interface by name
 ga_web_alias: []  # list of dns-aliases
 ga_web_users:
-  - {name: 'user', access: 'rw', pwd: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=20') }}"}  # !! PLEASE CHANGE THE PASSWORD !!
-  - {name: 'view', access: 'r', pwd: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=20') }}"}
+  - {name: 'user', access: 'rw', pwd: "{{ lookup('password', ga_tmp_pwd_file_django_user + ' chars=ascii_letters,digits length=20') }}"}  # !! PLEASE CHANGE THE PASSWORD !!
+  - {name: 'view', access: 'r', pwd: "{{ lookup('password', ga_tmp_pwd_file_django_guest + ' chars=ascii_letters,digits length=20') }}"}
   # passwords
   #   You can set your own password and add your own users => just replace the stuff in between the double-quotes
   #   random passwords can be found in the 'ga_random_pwd_file' file
@@ -69,11 +73,11 @@ ga_sql_user_host: 'localhost'
   # needs to be changed if a remote database server is used
 ga_sql_user_core: "{{ ga_core_service_user }}"
 # adding punctuation-characters to the sql-passwords might break the sql-syntax => stick to ascii+digits
-ga_sql_pwd_core: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=20') }}"
+ga_sql_pwd_core: "{{ lookup('password', ga_tmp_pwd_file_sql_core + ' chars=ascii_letters,digits length=20') }}"
   # you can apply your own password => just replace the rubbish in between the double-quotes
   # random passwords can be found in the 'ga_random_pwd_file' file
 ga_sql_user_web: "{{ ga_web_service_user }}"
-ga_sql_pwd_web: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=20') }}"
+ga_sql_pwd_web: "{{ lookup('password', ga_tmp_pwd_file_sql_web + ' chars=ascii_letters,digits length=20') }}"
   # you can apply your own password => just replace the rubbish in between the double-quotes
   # random passwords can be found in the 'ga_random_pwd_file' file
 ga_sql_socket: '/run/mysqld/mysqld_ga.sock'  # socket used to locally connect to database