From f44895157ee4131ce1e61a67898581c5c34caa60 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 29 Jul 2022 15:00:16 +0200 Subject: [PATCH] Update to 2022-07-29 15:00 --- roles/babashka/defaults/main.yml | 4 +- roles/matrix_element/defaults/main.yml | 4 +- roles/nomad/defaults/main.yml | 53 ++++++------------- roles/nomad/tasks/conf.yml | 6 +-- roles/nomad/templates/nomad.hcl.j2 | 34 ++++++++++++ roles/nomad/templates/nomad.service.j2 | 4 +- roles/ntp_client/templates/chrony.conf.j2 | 5 ++ roles/odoo/tasks/install.yml | 1 + roles/paperless_ng/defaults/main.yml | 4 +- roles/paperless_ng/tasks/install.yml | 12 +++++ .../paperless_ng/templates/paperless.conf.j2 | 2 +- roles/paperless_ng/vars/RedHat-8.yml | 1 + roles/repo_samba4/defaults/main.yml | 2 +- .../squid/files/acl/software_various.domains | 1 + 14 files changed, 83 insertions(+), 50 deletions(-) create mode 100644 roles/nomad/templates/nomad.hcl.j2 diff --git a/roles/babashka/defaults/main.yml b/roles/babashka/defaults/main.yml index 59c4614..a03fc8c 100644 --- a/roles/babashka/defaults/main.yml +++ b/roles/babashka/defaults/main.yml @@ -1,8 +1,8 @@ --- # Babashka version to deploy -bb_version: 0.8.156 +bb_version: 0.9.159 # URL of the archive bb_archive_url: https://github.com/babashka/babashka/releases/download/v{{ bb_version }}/babashka-{{ bb_version }}-linux-amd64-static.tar.gz # Expected sha256sum of the archive -bb_archive_sha256: 8ad317952978ad82f877f04d7435f14859f03d96f9d184afed05adb94adcc6ab +bb_archive_sha256: 02278c566c45a71a8ce918f1317fa1cccf150b79bd8e5e1cc9911c8910e3fee7 diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml index ccd7203..7781926 100644 --- a/roles/matrix_element/defaults/main.yml +++ b/roles/matrix_element/defaults/main.yml @@ -5,8 +5,8 @@ element_id: element # Version to deploy, and expected sha256 -element_version: 1.11.0 -element_archive_sha256: 03919ddbec5475f5fe5994099630d0b91dd7999884ee4de408129fd15a9e9f51 +element_version: 1.11.1 +element_archive_sha256: 673994f739ba01f84b46e95e2af00dbfe3a00c715d14b009d30d96bcd7141c7d # Where to install element element_root_dir: /opt/matrix/element diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 959cfab..e1e4b92 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -12,56 +12,35 @@ nomad_root_dir: /opt/nomad # user under which nomad will run. # Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges) -nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}" +nomad_user: "{{ nomad_client_enabled | ternary('root', 'nomad') }}" -# List of nomad servers (not clients) +# List of nomad servers (not clients !) nomad_servers: [] +# Should client be enabled +nomad_client_enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}" +# Should server be enabled +nomad_server_enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}" +# Log level of the daemon +nomad_log_level: INFO # Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall +# You can also specify which address/port to advertise (not needed most of the time) nomad_base_services: - http_api: - port: "{{ nomad_conf.ports.http | default(4646) }}" + http: + port: 4646 proto: [tcp] src_ip: [] + # advertise: 10.11.12.13:4347 rpc: - port: "{{ nomad_conf.ports.rpc | default(4647) }}" + port: 4647 proto: [tcp] src_ip: [] + # advertise: serf: - port: "{{ nomad_conf.ports.serf | default(4648) }}" + port: 4648 proto: [tcp,udp] src_ip: [] + # advertise: x.x.x.x nomad_extra_services: {} nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) }}" -# Nomad configuration (which will be converted to JSON) -# The configuration is splited in a base conf, an extra conf, and a host conf so you can override part of the config easily -nomad_base_conf: - name: "{{ inventory_hostname }}" - data_dir: "{{ nomad_root_dir }}/data" - log_level: INFO - bind_addr: 0.0.0.0 - client: - enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}" - servers: "{{ (inventory_hostname in nomad_servers) | ternary([], nomad_servers) }}" - server: - enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}" - server_join: - retry_join: "{{ (inventory_hostname in nomad_servers) | ternary(nomad_servers, []) }}" - bootstrap_expect: "{{ nomad_servers | length }}" - -# For example -# nomad_extra_conf: -# datacenter: my-dc -# server: -# encrypt: umizzu2vi9VaYwdRiOjDXgZIjV8AJ2AV+prqaAhElz0= -# ui_config: -# enabled: True -# -nomad_extra_conf: {} -# Host conf is just another level of configuration override -nomad_host_conf: {} - -# Merge all the conf -nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}" - diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml index a3146af..0689f37 100644 --- a/roles/nomad/tasks/conf.yml +++ b/roles/nomad/tasks/conf.yml @@ -2,11 +2,11 @@ - name: Deploy nomad configuration template: - src: nomad.json.j2 - dest: "{{ nomad_root_dir }}/etc/nomad.json" + src: nomad.hcl.j2 + dest: "{{ nomad_root_dir }}/etc/nomad.hcl" owner: root group: "{{ nomad_user }}" - mode: 640 + mode: 0640 validate: nomad config validate %s notify: restart nomad tags: nomad diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 new file mode 100644 index 0000000..9a7f0ee --- /dev/null +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -0,0 +1,34 @@ +data_dir = "{{ nomad_root_dir }}/data" +log_level = "{{ nomad_log_level }}" +bind_addr = "0.0.0.0" +advertise { +{% for service in nomad_services.keys() | list %} +{% if nomad_services[service].advertise is defined %} + {{ service }} = {{ nomad_services[service].advertise }} +{% endif %} +{% endfor %} +} +ports { +{% for service in nomad_services.keys() | list %} + {{ service }} = {{ nomad_services[service].port }} +{% endfor %} +} +server { + enabled = {{ nomad_server_enabled | ternary('true','false') }} + bootstrap_expect = {{ nomad_servers | length }} + server_join { + retry_join = [ +{% for server in consul_servers %} + "{{ server }}", +{% endfor %} + ] + } +} +client { + enabled = {{ nomad_client_enabled | ternary('true','false') }} + servers = [ +{% for server in consul_servers %} + "{{ server }}", +{% endfor %} + ] +} diff --git a/roles/nomad/templates/nomad.service.j2 b/roles/nomad/templates/nomad.service.j2 index d4993c2..b64f878 100644 --- a/roles/nomad/templates/nomad.service.j2 +++ b/roles/nomad/templates/nomad.service.j2 @@ -3,13 +3,13 @@ Description=Nomad Documentation=https://nomadproject.io/docs/ Wants=network-online.target After=network-online.target -ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.json +ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.hcl [Service] EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env User={{ nomad_user }} Group={{ nomad_user }} -ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/ +ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/nomad.hcl ExecReload=/bin/kill --signal HUP $MAINPID KillMode=process KillSignal=SIGINT diff --git a/roles/ntp_client/templates/chrony.conf.j2 b/roles/ntp_client/templates/chrony.conf.j2 index 2c67b1d..dca6c03 100644 --- a/roles/ntp_client/templates/chrony.conf.j2 +++ b/roles/ntp_client/templates/chrony.conf.j2 @@ -3,7 +3,12 @@ server {{ server }} iburst {% endfor %} keyfile {{ ntp_chrony_keyfile }} driftfile /var/lib/chrony/drift +{% if ansible_virtualization_role == "guest" %} +# Virtualization guest, so allow unlimited steps if the clock is more than 5sec off +makestep 5 -1 +{% else %} makestep 1.0 3 +{% endif %} rtcsync {% if samba_role is defined and samba_role in ['dc','rodc'] %} # Running Samba DC diff --git a/roles/odoo/tasks/install.yml b/roles/odoo/tasks/install.yml index 9ab5dbd..6677396 100644 --- a/roles/odoo/tasks/install.yml +++ b/roles/odoo/tasks/install.yml @@ -47,6 +47,7 @@ virtualenv_command: "{{ odoo_venv_command }}" loop: - phonenumbers + - python-jose tags: odoo - name: Create the PostgreSQL role diff --git a/roles/paperless_ng/defaults/main.yml b/roles/paperless_ng/defaults/main.yml index 1289d3b..ef7a531 100644 --- a/roles/paperless_ng/defaults/main.yml +++ b/roles/paperless_ng/defaults/main.yml @@ -1,13 +1,13 @@ --- # The version to deploy -paperless_version: 1.7.1 +paperless_version: 1.8.0 # Instance ID, as you can deploy several instances on the same server paperless_id: 1 # URL of the paperless archive paperless_archive_url: https://github.com/paperless-ngx/paperless-ngx/releases/download/v{{ paperless_version }}/paperless-ngx-v{{ paperless_version }}.tar.xz # Expected checksum -paperless_archive_sha256: f2fc7886f6c8a9a0a18cfc92f10d1aaf66f3fe92f311dc6817b3f680111e1737 +paperless_archive_sha256: 04b7e1874e11bc124545088f5e4325f17956a993962a68e397eea5677dbab2d5 # Should ansible handle install and upgrades, or only initial install paperless_manage_upgrade: True # Root directory where paperless will be installed diff --git a/roles/paperless_ng/tasks/install.yml b/roles/paperless_ng/tasks/install.yml index 2758cd0..33bc646 100644 --- a/roles/paperless_ng/tasks/install.yml +++ b/roles/paperless_ng/tasks/install.yml @@ -34,7 +34,19 @@ tags: ged + - name: Create the virtualenv + pip: + name: + - pip + - setuptools + - wheel + state: "{{ (paperless_install_mode == 'upgrade') | ternary('latest', 'present') }}" + virtualenv: "{{ paperless_root_dir }}/venv" + virtualenv_command: /bin/python3.9 -m venv + tags: ged + +- name: Install requirements in the virtualenv pip: requirements: "{{ paperless_root_dir }}/app/requirements.txt" state: "{{ (paperless_install_mode == 'upgrade') | ternary('latest', 'present') }}" diff --git a/roles/paperless_ng/templates/paperless.conf.j2 b/roles/paperless_ng/templates/paperless.conf.j2 index 8370252..9c602bd 100644 --- a/roles/paperless_ng/templates/paperless.conf.j2 +++ b/roles/paperless_ng/templates/paperless.conf.j2 @@ -20,7 +20,7 @@ PAPERLESS_FORCE_SCRIPT_NAME={{ paperless_public_url | urlsplit('path') | regex_r PAPERLESS_STATIC_URL={{ paperless_public_url | urlsplit('path') | regex_replace('/$','') }}/static/ PAPERLESS_URL={{ paperless_public_url }} PAPERLESS_OCR_LANGUAGE={{ paperless_ocr_lang }} -PAPERLESS_TASK_WORKERS=2 +PAPERLESS_TASK_WORKERS=1 {% if system_tz is defined %} PAPERLESS_TIME_ZONE={{ system_tz }} {% endif %} diff --git a/roles/paperless_ng/vars/RedHat-8.yml b/roles/paperless_ng/vars/RedHat-8.yml index 5199543..429a1bb 100644 --- a/roles/paperless_ng/vars/RedHat-8.yml +++ b/roles/paperless_ng/vars/RedHat-8.yml @@ -4,6 +4,7 @@ paperless_packages: - python39-pip - python39-setuptools - python39-devel + - git - make - gcc - gcc-c++ diff --git a/roles/repo_samba4/defaults/main.yml b/roles/repo_samba4/defaults/main.yml index da564ca..56cbe22 100644 --- a/roles/repo_samba4/defaults/main.yml +++ b/roles/repo_samba4/defaults/main.yml @@ -1,3 +1,3 @@ --- # Select a branch from https://samba.tranquil.it/centos7/ or https://samba.tranquil.it/centos7/ -samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.16.3') }} +samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.16.4') }} diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains index e36bfcb..90efdad 100644 --- a/roles/squid/files/acl/software_various.domains +++ b/roles/squid/files/acl/software_various.domains @@ -36,6 +36,7 @@ www.python.org pypi.python.org pypi.org files.pythonhosted.org +www.piwheels.org # Ruby api.rubygems.org