diff --git a/roles/babashka/defaults/main.yml b/roles/babashka/defaults/main.yml index 280f2fc..adba352 100644 --- a/roles/babashka/defaults/main.yml +++ b/roles/babashka/defaults/main.yml @@ -1,8 +1,8 @@ --- # Babashka version to deploy -bb_version: 1.3.181 +bb_version: 1.3.185 # URL of the archive bb_archive_url: https://github.com/babashka/babashka/releases/download/v{{ bb_version }}/babashka-{{ bb_version }}-linux-amd64-static.tar.gz # Expected sha256sum of the archive -bb_archive_sha256: fb7fb2b6f525833f1cf5aae285ba95e97428fa079ddd7d65e1fdd1376e2373aa +bb_archive_sha256: fcb19364c7c377d8d8ba5564146489b35499e869670202284dbb405953691203 diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index f073f1a..bb782cb 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -121,4 +121,9 @@ system_ansible_ssh_keys_options: # If set, will restrict the ansible ssh keys to the configured IP. # An empty list means no restriction system_ansible_src_ip: [] + +# List of global env variable +# system_env: +# DOCKER_SCRIPTS_DIR: /data/docker/environments/qa/scripts +system_env: {} ... diff --git a/roles/common/tasks/system.yml b/roles/common/tasks/system.yml index 38bd27f..cee695a 100644 --- a/roles/common/tasks/system.yml +++ b/roles/common/tasks/system.yml @@ -160,4 +160,8 @@ - name: Enable rc-local-shutdown service service: name=rc-local-shutdown enabled=True +- name: Deploy system env profile script + template: src=system_env.sh.j2 dest=/etc/profile.d/system_env.sh mode=755 + tags: system,env + ... diff --git a/roles/common/templates/system_env.sh.j2 b/roles/common/templates/system_env.sh.j2 new file mode 100644 index 0000000..ef10489 --- /dev/null +++ b/roles/common/templates/system_env.sh.j2 @@ -0,0 +1,5 @@ +#!/bin/sh + +{% for env in system_env.keys() | list %} +export {{ env }}={{ system_env[env] }} +{% endfor %} diff --git a/roles/consul_template/defaults/main.yml b/roles/consul_template/defaults/main.yml index 23b84e0..aefe2f0 100644 --- a/roles/consul_template/defaults/main.yml +++ b/roles/consul_template/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of consul-template to install -consul_tpl_version: 0.33.0 +consul_tpl_version: 0.34.0 # URL of the archive consul_tpl_archive_url: https://releases.hashicorp.com/consul-template/{{ consul_tpl_version }}/consul-template_{{ consul_tpl_version }}_linux_amd64.zip # Expected sha256 of the archive -consul_tpl_archive_sha256: eea287d363e52894d4698f40b0ac667d57443b20e3317792ec2aca0161fd6c81 +consul_tpl_archive_sha256: c7a5817547d6545f8c5ce2dfea62c821ddd324dd9a3414519ebaba2aeeff59a0 # Root dir where consul-template will be installed consul_tpl_root_dir: /opt/consul_template diff --git a/roles/etherpad/defaults/main.yml b/roles/etherpad/defaults/main.yml index 7bb8a3d..e46b2ad 100644 --- a/roles/etherpad/defaults/main.yml +++ b/roles/etherpad/defaults/main.yml @@ -8,11 +8,11 @@ etherpad_root_dir: /opt/etherpad_{{ etherpad_id }} # Unix account under which etherpad will run. The user will be created if it doesn't exist etherpad_user: etherpad_{{ etherpad_id }} # Version to deploy -etherpad_version: 1.9.2 +etherpad_version: 1.9.3 # URL from where the archive will be downloaded etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz # Expected sha256 of the archive, to check the download were OK -etherpad_archive_sha256: 7d8168cdb6d6ca84ee48978e8c654f75703d6431203c756ba55c50aa54cc75a3 +etherpad_archive_sha256: e2907f35f4f7026860bed6b6e847ec964f1c3d51d2e2212247d7bf9db5b4f18d # Port on which the service will listen etherpad_port: 9003 # List of IP/CIDR for which the port will be opened (if iptables_manage == True) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 81e28fd..0b8ac62 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to install -gitea_version: 1.20.4 +gitea_version: 1.20.5 # URL to the binary gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64 # sha256 of the binary -gitea_bin_sha256: fea25c6001b9ded08542f480bdaccea981a465fee07aa3ec9c7494ad95717aba +gitea_bin_sha256: ae8d21f36098a62272fcfa67ecbb567d0ba6cf5aecaaab29a6b98a407d435bdf # Handle updates. If set to false, ansible will only install # Gitea and then won't touch an existing installation gitea_manage_upgrade: True diff --git a/roles/glpi/defaults/main.yml b/roles/glpi/defaults/main.yml index da5294b..7836225 100644 --- a/roles/glpi/defaults/main.yml +++ b/roles/glpi/defaults/main.yml @@ -2,14 +2,14 @@ glpi_id: 1 glpi_manage_upgrade: True -glpi_version: '10.0.9' +glpi_version: '10.0.10' glpi_archive_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz -glpi_archive_sha256: d104c7135b1924f32ab6ca831fbaf319893af0bd932a035cb93ccb4021b2a946 +glpi_archive_sha256: b303eece25bcbf81cd6bcd74b2a8412f02b33c3471bd935530b06470dcf7b051 glpi_root_dir: /opt/glpi_{{ glpi_id }} glpi_php_user: php-glpi_{{ glpi_id }} # If set, will use the following custom PHP FPM pool, which must be created # glpi_php_fpm_pool: php70 -glpi_php_version: 81 +glpi_php_version: 83 glpi_mysql_server: "{{ mysql_server | default('localhost') }}" glpi_mysql_db: glpi_{{ glpi_id }} glpi_mysql_user: glpi_{{ glpi_id }} @@ -43,25 +43,25 @@ glpi_plugins: sha256: fe1b9ad1ef9bc95953e47dc6b0112e028ed98c43656aab608bf06d0cb5e1bf4c url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/3.0.5/glpi-manufacturersimports-3.0.5.tar.bz2 tag: - version: 2.11.2 - sha256: dcd494e353563b890efef93afac2d9bef73085022cd1cb58f5e1bd436071f45b - url: https://github.com/pluginsGLPI/tag/releases/download/2.11.2/glpi-tag-2.11.2.tar.bz2 + version: 2.11.6 + sha256: c003943136c41b7444b90d563df07ac95d517ecd38cd9858beb095027157a78e + url: https://github.com/pluginsGLPI/tag/releases/download/2.11.6/glpi-tag-2.11.6.tar.bz2 mreporting: - version: 1.8.2 - sha256: 6563eb016d9e2106f2f3ac99eaf8add4260797526f7ece32b42df895ec2d90b4 - url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.2/glpi-mreporting-1.8.2.tar.bz2 + version: 1.8.3 + sha256: c021c2ab82879bac92a54d74f2f92c13c1b1c4ee7988dffa8b85d47ffdadb71e + url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.3/glpi-mreporting-1.8.3.tar.bz2 fields: - version: 1.20.6 - sha256: 40003edbfafb07f3b2f05a14c470985e67d069e02ba4fc044a78f01e4956a134 - url: https://github.com/pluginsGLPI/fields/releases/download/1.20.6/glpi-fields-1.20.6.tar.bz2 + version: 1.21.4 + sha256: 8b6f0c4793db16fd7dd80c66760436557373f9a97e612171b46d7045a2065a04 + url: https://github.com/pluginsGLPI/fields/releases/download/1.21.4/glpi-fields-1.21.4.tar.bz2 webapplications: version: 4.0.1 sha256: bbd3a9a01c2bd708af83563ed162ebfa9f56fdd616aaf6f1892e9a36e970ec9d url: https://github.com/InfotelGLPI/webapplications/releases/download/4.0.1/glpi-webapplications-4.0.1.tar.bz2 genericobject: - version: 2.14.3 - sha256: b0d47eac8ad407d8c3df0bd5fa27a33b15bd6eda28c4c790665e7c558eb0b6a9 - url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.3/glpi-genericobject-2.14.3.tar.bz2 + version: 2.14.7 + sha256: 30f3a5d46031f328fde13e7db9b094bc8f99b82dc170c24126365f74446d309c + url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.7/glpi-genericobject-2.14.7.tar.bz2 mydashboard: version: 2.1.5 sha256: 42e15102b16e034feff4edd130e11fc3aee29e1e75af2d41068ef6dca7ce4977 diff --git a/roles/httpd_php/vars/RedHat-8.yml b/roles/httpd_php/vars/RedHat-8.yml index 99e071e..42cd4ef 100644 --- a/roles/httpd_php/vars/RedHat-8.yml +++ b/roles/httpd_php/vars/RedHat-8.yml @@ -34,4 +34,5 @@ httpd_php_versions: - 80 - 81 - 82 + - 83 diff --git a/roles/httpd_php/vars/RedHat-9.yml b/roles/httpd_php/vars/RedHat-9.yml index 5d48be0..04994c1 100644 --- a/roles/httpd_php/vars/RedHat-9.yml +++ b/roles/httpd_php/vars/RedHat-9.yml @@ -29,4 +29,5 @@ httpd_php_versions: - 80 - 81 - 82 + - 83 diff --git a/roles/kimai/defaults/main.yml b/roles/kimai/defaults/main.yml index 0b1f22b..26fce31 100644 --- a/roles/kimai/defaults/main.yml +++ b/roles/kimai/defaults/main.yml @@ -5,12 +5,12 @@ # You can set it to a number or a simple string (no special chars) kimai_id: 1 # Kimai version to deploy -kimai_version: '2.0.34' +kimai_version: '2.0.35' # URL of the archive kimai_archive_url: https://github.com/kevinpapst/kimai2/archive/refs/tags/{{ kimai_version }}.tar.gz # Expected sha256 of the archive -kimai_archive_sha256: ec0faef8512ea1659b86361ccbbe4c4afa32225e07d664b765a42775bad0006d +kimai_archive_sha256: 11f4075cae82962eaacbae5231eb9313fa1648daa3399a4765da7a7621a89a85 # Directory where kimai will be installed kimai_root_dir: /opt/kimai_{{ kimai_id }} diff --git a/roles/ldap2pg/defaults/main.yml b/roles/ldap2pg/defaults/main.yml index 7caf367..c398d82 100644 --- a/roles/ldap2pg/defaults/main.yml +++ b/roles/ldap2pg/defaults/main.yml @@ -1,5 +1,14 @@ --- +# The version of ldap2pg to deploy +ldap2pg_version: 6.0 + +# The URL where the ldap2pg archive can be fetched +ldap2pg_archive_url: https://github.com/dalibo/ldap2pg/releases/download/v{{ ldap2pg_version }}/ldap2pg_{{ ldap2pg_version }}_linux_amd64.tar.gz + +# The expected sha256 checksum of the archive +ldap2pg_archive_sha256: 0f587cb6a6e4953820fabcaba46bbfbe9acdffe79c42b1f53e789f5d7215d26b + # How often ldap2pg will sync (eg hourly, '*:0:15', systemd timer syntaxe) ldap2pg_sync_freq: hourly @@ -10,88 +19,64 @@ ldap2pg_user: postgres # Set dry mode to False to actually do the sync ldap2pg_dry_mode: True +ldap2pg_env: + PGHOST: /var/run/postgresql + LDAPTLS_REQCERT: hard +# LDAPURI: "{{ ldap_uri | default('ldap://ldap.' ~ ansible_domain) }}" +# LDAPBINDDN: CN=Postgres,OU=Apps,{{ (ad_auth | default(False) | ternary('DC=' ~ ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\.',',DC='), 'dc=' ~ ansible_domain | regex_replace('\.',',dc='))) }} +# LDAPPASSWORD: XXX + ldap2pg_base_conf: - version: 5 - ldap: - uri: "{{ ldap_uri | default('ldap://ldap.' ~ ansible_domain) }}" - binddn: CN=Postgres,OU=Apps,{{ (ad_auth | default(False) | ternary('DC=' ~ ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\.',',DC='), 'dc=' ~ ansible_domain | regex_replace('\.',',dc='))) }} - password: XXX - starttls: True + version: 6 postgres: - dsn: postgres://%2Fvar%2Frun%2Fpostgresql/ databases_query: | SELECT datname FROM pg_catalog.pg_database - WHERE datallowconn IS TRUE AND datname NOT IN ('postgres', 'template0', 'template1'); - - # Only roles member of the special ldap_roles group can be dropped + WHERE datallowconn IS TRUE AND datname NOT IN ('template0', 'template1'); + + # Only roles member of the special managed_roles group can be dropped # other role (created manually or outside of ldap2pg scope) will never be dropped managed_roles_query: | - SELECT DISTINCT role.rolname - FROM pg_roles AS role - LEFT OUTER JOIN pg_auth_members AS ms ON ms.member = role.oid - LEFT OUTER JOIN pg_roles AS ldap_roles - ON ldap_roles.rolname = 'ldap_roles' AND ldap_roles.oid = ms.roleid - WHERE ldap_roles.oid IS NOT NULL + VALUES + ('managed_roles') + UNION + SELECT DISTINCT role.rolname + FROM pg_roles AS role + JOIN pg_auth_members AS ms + ON ms.member = role.oid + JOIN pg_roles AS parent + ON parent.rolname = 'managed_roles' AND parent.oid = ms.roleid ORDER BY 1; - # Exclude information_schema, pg_catalog, pg_toast, and other system schemas - # from privilege management. - schemas_query: | - SELECT nspname FROM pg_catalog.pg_namespace - WHERE nspname NOT LIKE 'pg_%' AND nspname <> 'information_schema' - ORDER BY 1; - privileges: ro: - __connect__ - __select_on_tables__ - __select_on_sequences__ - __usage_on_schemas__ - - __usage_on_types__ - + - __usage_on_sequences__ + rw: + - ro - __temporary__ - - __all_on_tables__ - - __all_on_sequences__ - - ddl: - - __create_on_schemas__ + - __insert_on_tables__ + - __update_on_tables__ + - __delete__on_tables__ + - __update_on_sequences__ + - __execute_on_functions__ + - __trigger_on_tables__ full: - rw - - __all_on_schemas__ + - __create_on_schemas__ + - __truncate_on_tables__ - sync_map: - - description: "Create the ldap_roles group" + rules: + - description: "Create static roles" roles: - - name: ldap_roles + - name: managed_roles options: NOLOGIN - - description: "Create static ldap groups" - roles: - - names: - - support_ro - - support_rw - parent: - - ldap_roles - options: NOLOGIN - - grant: - - privilege: ro - roles: - - support_ro - - support_rw - - - privilege: rw - roles: - - support_rw - - - privilege: ddl - roles: - - support_rw - - # - description: "Query LDAP to populate support_ro role" # ldapsearch: # base: OU=People,DC=example,DC=org @@ -101,7 +86,7 @@ ldap2pg_base_conf: # options: LOGIN # parent: # - support_ro -# - ldap_roles +# - managed_roles # comment: "From LDAP account {dn}" # # @@ -114,7 +99,7 @@ ldap2pg_base_conf: # options: LOGIN # parent: # - support_rw -# - ldap_roles +# - managed_roles # comment: 'From LDAP account {dn}' ldap2pg_extra_conf: {} diff --git a/roles/ldap2pg/meta/main.yml b/roles/ldap2pg/meta/main.yml index efa73fc..dc58dfa 100644 --- a/roles/ldap2pg/meta/main.yml +++ b/roles/ldap2pg/meta/main.yml @@ -2,4 +2,3 @@ dependencies: - role: mkdir - - role: repo_dalibolabs diff --git a/roles/ldap2pg/tasks/conf.yml b/roles/ldap2pg/tasks/conf.yml index 3916fad..eab839e 100644 --- a/roles/ldap2pg/tasks/conf.yml +++ b/roles/ldap2pg/tasks/conf.yml @@ -1,5 +1,9 @@ --- +- name: Deploy env file + template: src=ldap2pg.env.j2 dest=/etc/sysconfig/ldap2pg owner=root group=postgres mode=640 + tags: pg + - name: Deploy ldap2pg configuration block: - name: Render config template @@ -15,10 +19,11 @@ - restart ldap2pg.timer - name: Validate new configuration - command: /bin/ldap2pg --config /etc/ldap2pg.yml --dry + command: /usr/local/bin/ldap2pg --config /etc/ldap2pg.yml changed_when: False become_user: "{{ ldap2pg_user }}" register: ldap2pg_conf_validation + environment: "{{ ldap2pg_env }}" rescue: - name: Rollback previous configuration @@ -35,6 +40,7 @@ - name: Fails if new configuration isn't validated fail: - msg: "Failed to validate /etc/ldap2pg: {{ ldap2pg_conf_validation.stdout }}" + msg: "Failed to validate /etc/ldap2pg.yml: {{ ldap2pg_conf_validation.stdout }}" when: ldap2pg_conf_validation.rc != 0 tags: pg + diff --git a/roles/ldap2pg/tasks/facts.yml b/roles/ldap2pg/tasks/facts.yml index 5b854e1..0bd7738 100644 --- a/roles/ldap2pg/tasks/facts.yml +++ b/roles/ldap2pg/tasks/facts.yml @@ -1,10 +1,27 @@ --- -# Load distribution specific variables -- include_vars: "{{ item }}" - with_first_found: - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" - - "{{ role_path }}/vars/{{ ansible_os_family }}.yml" +- name: Set default install mode + set_fact: ldap2pg_install_mode='none' + tags: pg + +- name: Check if ldap2pg is installed + stat: path=/usr/local/bin/ldap2pg + register: ldap2pg_bin + tags: pg + +- name: Check installed version + shell: ldap2pg -V | head -1 | sed -E 's/ldap2pg v(\d+)/\1/' + register: ldap2pg_current_version + when: ldap2pg_bin.stat.exists + changed_when: False + tags: pg + +- name: Set install mode + set_fact: ldap2pg_install_mode='install' + when: not ldap2pg_bin.stat.exists + tags: pg + +- name: Set install_mode to upgrade + set_fact: ldap2pg_install_mode='upgrade' + when: ldap2pg_bin.stat.exists and ldap2pg_current_version.stdout != ldap2pg_version tags: pg diff --git a/roles/ldap2pg/tasks/install.yml b/roles/ldap2pg/tasks/install.yml index 75cde1d..b104c42 100644 --- a/roles/ldap2pg/tasks/install.yml +++ b/roles/ldap2pg/tasks/install.yml @@ -1,20 +1,28 @@ --- -- name: Install packages - package: name={{ ldap2pg_packages }} +- name: Ensure ldap2pg package is removed + package: name=ldap2pg state=absent tags: pg -- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version is version('8', '<') +- when: ldap2pg_install_mode != 'none' block: - - name: Check if ldap2Pg is built with python 2 or 3 - stat: path=/usr/lib/python3.6/site-packages/ldap2pg/ldap.py - register: ldap2pg_py + - name: Download ldap2pg binary + get_url: + url: "{{ ldap2pg_archive_url }}" + dest: /tmp/ldap2pg.tar.gz + checksum: "sha256:{{ ldap2pg_archive_sha256 }}" - - name: Set ldap.py path - set_fact: ldap_py_ver={{ ldap2pg_py.stat.exists | ternary('3.6', '2.7') }} + - name: Extract ldap2pg archive + unarchive: + src: /tmp/ldap2pg.tar.gz + dest: /usr/local/bin + include: + - ldap2pg + owner: root + group: root + mode: 755 + remote_src: True - - name: Patch ldap2pg to specify global cacert - patch: src=ldap2pg_cacert.diff dest=/usr/lib/python{{ ldap_py_ver }}/site-packages/ldap2pg/ldap.py tags: pg - name: Install systemd unit diff --git a/roles/ldap2pg/templates/ldap2pg.env.j2 b/roles/ldap2pg/templates/ldap2pg.env.j2 new file mode 100644 index 0000000..606b9b4 --- /dev/null +++ b/roles/ldap2pg/templates/ldap2pg.env.j2 @@ -0,0 +1,3 @@ +{% for env in ldap2pg_env.keys() | list %} +{{ env }}={{ ldap2pg_env[env] }} +{% endfor %} diff --git a/roles/ldap2pg/templates/ldap2pg.service.j2 b/roles/ldap2pg/templates/ldap2pg.service.j2 index 4edf356..521225d 100644 --- a/roles/ldap2pg/templates/ldap2pg.service.j2 +++ b/roles/ldap2pg/templates/ldap2pg.service.j2 @@ -4,7 +4,8 @@ Description=Sync postgres role from LDAP [Service] Type=oneshot PrivateTmp=yes +EnvironmentFile=/etc/sysconfig/ldap2pg User={{ ldap2pg_user }} Group={{ ldap2pg_user }} -ExecStart=/bin/ldap2pg -c /etc/ldap2pg.yml --{{ ldap2pg_dry_mode | ternary('dry', 'real') }} +ExecStart=/usr/local/bin/ldap2pg -c /etc/ldap2pg.yml {{ ldap2pg_dry_mode | ternary('', '--real') }} TimeoutSec=30m diff --git a/roles/ldap2pg/vars/RedHat-7.yml b/roles/ldap2pg/vars/RedHat-7.yml deleted file mode 100644 index 74757fb..0000000 --- a/roles/ldap2pg/vars/RedHat-7.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -ldap2pg_packages: - - ldap2pg - - python-setuptools - - patch diff --git a/roles/ldap2pg/vars/RedHat-8.yml b/roles/ldap2pg/vars/RedHat-8.yml deleted file mode 100644 index 75381d4..0000000 --- a/roles/ldap2pg/vars/RedHat-8.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -ldap2pg_packages: - - ldap2pg diff --git a/roles/ldap2pg/vars/RedHat-9.yml b/roles/ldap2pg/vars/RedHat-9.yml deleted file mode 100644 index 75381d4..0000000 --- a/roles/ldap2pg/vars/RedHat-9.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -ldap2pg_packages: - - ldap2pg diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml index c7e5adb..177c59e 100644 --- a/roles/matrix_element/defaults/main.yml +++ b/roles/matrix_element/defaults/main.yml @@ -5,8 +5,8 @@ element_id: element # Version to deploy, and expected sha256 -element_version: 1.11.43 -element_archive_sha256: e5b8d48498ceedced1dd19116a61e8e1809e173ea14a43a0f1e40353873969a3 +element_version: 1.11.46 +element_archive_sha256: bbb8be838643dc0f9071591d0d1f8758935c21ad9e7e3697d6a9162a3aae32cd # Where to install element element_root_dir: /opt/matrix/element diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml index 59d7385..6464adf 100644 --- a/roles/matrix_synapse/defaults/main.yml +++ b/roles/matrix_synapse/defaults/main.yml @@ -1,7 +1,7 @@ --- # Synapse version to deploy -synapse_version: '1.92.3' +synapse_version: '1.94.0' # Should ansible handle Synapse upgrades ? If false, only initial install will be done synapse_manage_upgrade: True diff --git a/roles/metabase/defaults/main.yml b/roles/metabase/defaults/main.yml index 5ce8cc6..34cc04b 100644 --- a/roles/metabase/defaults/main.yml +++ b/roles/metabase/defaults/main.yml @@ -1,15 +1,15 @@ --- # Version to deploy -metabase_version: 0.47.2 +metabase_version: 0.47.4 # URL to fetch the jar metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar # Expected sha256 of the jar -metabase_jar_sha256: 94f7335561881f6da4f4cea54683e477e9da91eeade99f97bce020281a23076c +metabase_jar_sha256: e687fdaabf06e23ed1f4bf6e40173834d2fc9b2b306796ab67b1d7603f483fd2 # When building from source metabase_archive_url: https://github.com/metabase/metabase/archive/refs/tags/v{{ metabase_version }}.tar.gz # Expected sha256 of the archive -metabase_archive_sha256: 5add9fb25674c820bf0c9dc16929fa42cf7ae2affb5b55e3988a1bacb21673c1 +metabase_archive_sha256: 3836fca4ea077ce0aeced82c38f0d7838d3972232f93d15998c484ad939e3a2f # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled metabase_manage_upgrade: True diff --git a/roles/n8n/defaults/main.yml b/roles/n8n/defaults/main.yml index 27d7a41..545b653 100644 --- a/roles/n8n/defaults/main.yml +++ b/roles/n8n/defaults/main.yml @@ -1,7 +1,7 @@ --- # Version to deploy -n8n_version: 1.1.1 +n8n_version: 1.7.1 # Root directory where n8n will be installed n8n_root_dir: /opt/n8n # User account under which n8n will run diff --git a/roles/postgresql_exporter/defaults/main.yml b/roles/postgresql_exporter/defaults/main.yml index baafd95..c32ce44 100644 --- a/roles/postgresql_exporter/defaults/main.yml +++ b/roles/postgresql_exporter/defaults/main.yml @@ -1,8 +1,8 @@ --- -pg_exporter_version: 0.8.0 -pg_exporter_archive_url: https://github.com/wrouesnel/postgres_exporter/releases/download/v{{ pg_exporter_version }}/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64.tar.gz -pg_exporter_archive_sha1: 9af399257fe6ad20bf6ea7a4984721ae364bd574 +pg_exporter_version: 0.14.0 +pg_exporter_archive_url: https://github.com/prometheus-community/postgres_exporter/releases/download/v{{ pg_exporter_version }}/postgres_exporter-{{ pg_exporter_version }}.linux-amd64.tar.gz +pg_exporter_archive_sha256: 389f8c8d9a57132b9744b2108bee168085da729b574de5996e42cda15110c672 pg_exporter_root_dir: /opt/pg_exporter # Account under which postgres-exporter will run diff --git a/roles/postgresql_exporter/tasks/install.yml b/roles/postgresql_exporter/tasks/install.yml index 009fadf..200cd36 100644 --- a/roles/postgresql_exporter/tasks/install.yml +++ b/roles/postgresql_exporter/tasks/install.yml @@ -5,17 +5,17 @@ get_url: url: "{{ pg_exporter_archive_url }}" dest: "{{ pg_exporter_root_dir }}/tmp/" - checksum: sha1:{{ pg_exporter_archive_sha1 }} + checksum: sha256:{{ pg_exporter_archive_sha256 }} - name: Extract pg_exporter unarchive: - src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64.tar.gz" + src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter-{{ pg_exporter_version }}.linux-amd64.tar.gz" dest: "{{ pg_exporter_root_dir }}/tmp/" remote_src: True - name: Move the binary to its final location copy: - src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64/postgres_exporter" + src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter-{{ pg_exporter_version }}.linux-amd64/postgres_exporter" dest: "{{ pg_exporter_root_dir }}/app/" mode: '755' remote_src: True diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml index 13af0d6..6038cd7 100644 --- a/roles/seafile/defaults/main.yml +++ b/roles/seafile/defaults/main.yml @@ -11,7 +11,7 @@ # MaxUsers = "9" # Mode = "subscription" # etc... -seafile_version: "{{ seafile_license is defined | ternary('10.0.6','10.0.1') }}" +seafile_version: "{{ seafile_license is defined | ternary('10.0.9','10.0.1') }}" # Archive URL and sha256 are only used for the community version seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz @@ -128,5 +128,5 @@ seafile_site_title: 'Mon cloud privé' # Only available if you run the PRO edition seafile_scan_av: True -# Use Go file server. It's still a bit buggy so default to False -seafile_use_go_fileserver: False +# Use Go file server +seafile_use_go_fileserver: True diff --git a/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz deleted file mode 100644 index b4b2ca0..0000000 --- a/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0af3b246ad27fbc49b39ceb6da313404fb6df380a7ab387a44b395dfd4814519 -size 143913267 diff --git a/roles/seafile/files/seafile-pro-server_10.0.9_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_10.0.9_x86-64_CentOS.tar.gz new file mode 100644 index 0000000..e8be6d6 --- /dev/null +++ b/roles/seafile/files/seafile-pro-server_10.0.9_x86-64_CentOS.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1342b561365a330939e0832f26deefdd4dca12806cb5f87daa083e18e46398f8 +size 205519649 diff --git a/roles/seafile/templates/clean_db.sh.j2 b/roles/seafile/templates/clean_db.sh.j2 index 85fe0a2..430e6e6 100644 --- a/roles/seafile/templates/clean_db.sh.j2 +++ b/roles/seafile/templates/clean_db.sh.j2 @@ -6,4 +6,4 @@ PATH=/opt/seafile/bin:/bin:/usr/bin PYTHON=/opt/seafile/bin/python cd {{ seafile_root_dir }}/seafile-server ./seahub.sh python-env python3 seahub/manage.py clearsessions - +./seahub.sh python-env python3 seahub/manage.py clean_db_records diff --git a/roles/vault_bin/defaults/main.yml b/roles/vault_bin/defaults/main.yml index 212f86d..b1a3d2b 100644 --- a/roles/vault_bin/defaults/main.yml +++ b/roles/vault_bin/defaults/main.yml @@ -1,7 +1,7 @@ # Version of Vault to install -vault_version: 1.14.3 +vault_version: 1.15.0 # URL of the archive vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip # Expected sha256 of the archive -vault_archive_sha256: 01e1698d2563cf4780438468f9f815eedf707e8ea01f87bb7621e24a00e21d12 +vault_archive_sha256: b69c209f05c1ccfa012a60090adfca1607c8fad14728a5a208979a1706b6cd46