From 0ab5afe51b19301af5cecfa3e5abe1bafa8037cc Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 17 Jul 2023 17:00:22 +0200 Subject: [PATCH] Update to 2023-07-17 17:00 --- roles/bookstack/defaults/main.yml | 6 +++--- roles/diagrams/defaults/main.yml | 4 ++-- roles/dokuwiki/defaults/main.yml | 18 +++++++++--------- roles/dokuwiki/tasks/main.yml | 11 ++++++++++- roles/squid/files/acl/software_various.domains | 1 + roles/vault_agent/templates/nomad/nomad.hcl.j2 | 6 +++--- .../templates/vault-agent.service.j2 | 10 ++-------- 7 files changed, 30 insertions(+), 26 deletions(-) diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml index c433fd3..e558d21 100644 --- a/roles/bookstack/defaults/main.yml +++ b/roles/bookstack/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -bookstack_version: '23.06.1' +bookstack_version: '23.06.2' # URL of the arhive bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz # Expected sha256 of the archive -bookstack_archive_sha256: 4f22cb92f5ea74192c8b1e29d86e5ef08e23a33f4a0f70cd75fa64b3a834d5e9 +bookstack_archive_sha256: 5035add6d4dce199beff8cfde5b7ea57664cd761eb5b9062ddb9a36525cb076b # Should ansible handle bookstack upgrades or just the inintial install bookstack_manage_upgrade: True @@ -19,7 +19,7 @@ bookstack_root_dir: /opt/bookstack_{{ bookstack_id }} # User under which the app will be executed bookstack_php_user: php-bookstack_{{ bookstack_id }} # Version of PHP used -bookstack_php_version: 81 +bookstack_php_version: 82 # Or you can specify here the name of a custom PHP FPM pool. See the httpd_php role # bookstack_php_fpm_pool: custom_bookstack diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml index 8319302..c5d2d35 100644 --- a/roles/diagrams/defaults/main.yml +++ b/roles/diagrams/defaults/main.yml @@ -1,11 +1,11 @@ --- # Veresion of diagrams to deploy -diagrams_version: 21.6.1 +diagrams_version: 21.6.2 # URL of the WAR file to deploy diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war # Expected sha256 of the WAR file -diagrams_war_sha256: c5b379a5b22df923faee553da078bfb0a36f728ad8c74389efa4bff74148f335 +diagrams_war_sha256: 45fabc198755a15f63c86d65e6dd3abb4ba75096429942977e2b7d84f2671fbb # root directory of the installation diagrams_root_dir: /opt/diagrams # Should ansible manage upgrades, or just initial install ? diff --git a/roles/dokuwiki/defaults/main.yml b/roles/dokuwiki/defaults/main.yml index db6a2bf..88ac68f 100644 --- a/roles/dokuwiki/defaults/main.yml +++ b/roles/dokuwiki/defaults/main.yml @@ -4,9 +4,9 @@ dokuwiki_id: 1 # Version to deploy -dokuwiki_version: 2020-07-29 +dokuwiki_version: 2023-04-04a # The sha1 checksum of the archive -dokuwiki_archive_sha1: 119f3875d023d15070068a6aca1e23acd7f9a19a +dokuwiki_archive_sha256: 153c99cf42b9068b1ec21a2c765b862a44b374ad2f1a39223f5511a982b160bb # Root dir where the app will be installed. Each instance must have a different install path dokuwiki_root_dir: /opt/dokuwiki_{{ dokuwiki_id }} @@ -20,7 +20,7 @@ dokuwiki_archive_url: https://download.dokuwiki.org/src/dokuwiki/dokuwiki-{{ dok # The user account under which PHP is executed dokuwiki_php_user: php-dokuwiki_{{ dokuwiki_id }} -dokuwiki_php_version: 74 +dokuwiki_php_version: 82 # The name of the PHP-FPM pool to use # dokuwiki_php_fpm_pool: php70 @@ -28,8 +28,8 @@ dokuwiki_php_version: 74 # List of default DokuWiki plugins dokuwiki_plugins: todo: - archive_name: dokuwiki-plugin-todo-stable.zip - url: https://github.com/leibler/dokuwiki-plugin-todo/archive/stable.zip + archive_name: dokuwiki-plugin-todo-latest.zip + url: https://github.com/leibler/dokuwiki-plugin-todo/archive/refs/tags/latest.zip note: archive_name: dokuwiki_note-master.zip url: https://github.com/LarsGit223/dokuwiki_note/archive/master.zip @@ -60,9 +60,9 @@ dokuwiki_plugins: changes: archive_name: changes-master.zip url: https://github.com/cosmocode/changes/archive/master.zip - pagemove: - archive_name: DokuWiki-Pagemove-Plugin-master.zip - url: https://github.com/desolat/DokuWiki-Pagemove-Plugin/archive/master.zip + #pagemove: + # archive_name: DokuWiki-Pagemove-Plugin-master.zip + # url: https://github.com/desolat/DokuWiki-Pagemove-Plugin/archive/master.zip loglog: archive_name: dokuwiki-plugin-loglog-master.zip url: https://github.com/splitbrain/dokuwiki-plugin-loglog/archive/master.zip @@ -153,7 +153,7 @@ dokuwiki_base_plugins_to_install: - dw2pdf - loglog - changes - - pagemove +# - pagemove - authorstats - note # An additional list, so you can just keep the default and add more if needed, in hosts_var diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index c2a6c1e..9f3a0e5 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -85,7 +85,7 @@ get_url: url: "{{ dokuwiki_archive_url }}" dest: "{{ dokuwiki_root_dir }}/tmp/" - checksum: "sha1:{{ dokuwiki_archive_sha1 }}" + checksum: "sha256:{{ dokuwiki_archive_sha256 }}" when: dokuwiki_install_mode != 'none' tags: dokuwiki @@ -337,6 +337,15 @@ notify: reload httpd tags: dokuwiki +- include_vars: "{{ item }}" + with_first_found: + - ../httpd_php/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml + - ../httpd_php/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml + - ../httpd_php/vars/{{ ansible_distribution }}.yml + - ../httpd_php/vars/{{ ansible_os_family }}.yml + - ../httpd_php/vars/defaults.yml + tags: dokuwiki + - name: Deploy php configuration template: src=php.conf.j2 dest=/etc/opt/remi/php{{ dokuwiki_php_version }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf notify: restart php-fpm diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains index 70c6b5d..b433627 100644 --- a/roles/squid/files/acl/software_various.domains +++ b/roles/squid/files/acl/software_various.domains @@ -276,6 +276,7 @@ docker.elastic.co docker-auth.elastic.co get.docker.com .quay.io +gcr.io # Artifactory (jfrog) docker.bintray.io diff --git a/roles/vault_agent/templates/nomad/nomad.hcl.j2 b/roles/vault_agent/templates/nomad/nomad.hcl.j2 index 0982b22..d54ca09 100644 --- a/roles/vault_agent/templates/nomad/nomad.hcl.j2 +++ b/roles/vault_agent/templates/nomad/nomad.hcl.j2 @@ -6,7 +6,7 @@ template { right_delimiter = "]]" perms = 0640 exec { - # Wait a few sec before reloading Nomad as it fails if reloaded while not fully initialized yet + # No need to restart Nomad as the previous token will be renewed by Nomad itself command = ["chown", ":{{ nomad_user }}", "/run/nomad/vault.env"] } } @@ -34,7 +34,7 @@ template { perms = 0640 {% if vault_agent_nomad.nomad_pki.cli.enabled and vault_agent_nomad.nomad_pki.cli.secret_path is defined %} exec { - command = "{{ vault_agent_root_dir }}/bin/update_nomad_cert.sh" + command = ["sh", "-c", "export $(cat /run/nomad/vault.env) && {{ vault_agent_root_dir }}/bin/update_nomad_cert.sh"] } {% endif %} } @@ -63,7 +63,7 @@ template { right_delimiter = "]]" perms = 0640 exec { - command = ["chown", ":{{ nomad_user}}", "/run/nomad/consul.env"] + command = ["sh", "-c", "chown :{{ nomad_user }} /run/nomad/consul.env && systemctl restart nomad"] } } {% endif %} diff --git a/roles/vault_agent/templates/vault-agent.service.j2 b/roles/vault_agent/templates/vault-agent.service.j2 index ff41a04..8978350 100644 --- a/roles/vault_agent/templates/vault-agent.service.j2 +++ b/roles/vault_agent/templates/vault-agent.service.j2 @@ -8,12 +8,6 @@ StartLimitIntervalSec=60 StartLimitBurst=6 Before=consul.service Before=nomad.service -{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %} -PartOf=nomad.service -{% endif %} -{% if vault_agent_consul.consul_pki.enabled %} -PartOf=consul.service -{% endif %} [Service] Type=notify @@ -41,9 +35,9 @@ LimitMEMLOCK=infinity [Install] WantedBy=multi-user.target {% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %} -RequiredBy=nomad.service +WantedBy=nomad.service {% endif %} {% if vault_agent_consul.consul_pki.enabled %} -RequiredBy=consul.service +WantedBy=consul.service {% endif %}