ansible-roles/roles/lemonldap_ng/tasks/main.yml

---

- include_vars: "{{ item }}"
  with_first_found:
    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_distribution }}.yml
    - vars/{{ ansible_os_family }}.yml
  tags: web

- name: Install common packages
  package: name={{ llng_common_packages }}
  tags: web

- name: Install Lemonldap::NG handler
  package: name=lemonldap-ng-handler
  when: llng_handler
  tags: web

- name: Remove Lemonldap::NG handler
  package: name=lemonldap-ng-handler state=absent
  when: not llng_handler
  tags: web

- name: Install Lemonldap::NG portal
  package: name={{ llng_portal_packages }}
  when: llng_portal
  tags: web

- name: Remove Lemonldap::NG portal
  package: name=lemonldap-ng-portal state=absent
  when: not llng_portal
  tags: web

- name: Install Lemonldap::NG manager
  package: name={{ llng_manager_packages }}
  when: llng_manager
  tags: web

- name: Remove Lemonldap::NG manager
  package: name=lemonldap-ng-manager state=absent
  when: not llng_manager
  tags: web

- name: Create directories
  file: name={{ item }} state=directory group=apache mode=770
  with_items:
    - /var/cache/lemonldap-ng
  tags: web

- include_tasks: "{{ llng_server }}.yml"
  tags: always

- include_tasks: mysql.yml
  when: llng_conf_backend == 'mysql'
  tags: always

- name: Deploy Lemonldap::NG main configuration
  template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640
  notify: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary('reload', 'restart') }} {{ (llng_server == 'nginx') | ternary('llng', 'httpd') }}"
  tags: web

- name: Deploy Lemonldap::NG migration configuration
  template: src=lemonldap-ng-file.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng-file.ini group=apache mode=640
  tags: web

- name: Copy applications logo
  synchronize: src=logos/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/apps/
  when: llng_portal
  tags: web

- name: Remove old custom logo dir
  file: path=/usr/share/lemonldap-ng/portal-skins/ state=absent
  tags: web

- name: Check if there are custom app logos
  local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/apps
  register: llng_custom_apps
  vars:
    ansible_become: False
  tags: web

- name: Copy custom app logos
  synchronize: src=config/{{ inventory_hostname }}/lemonldap_ng/apps/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/apps/
  when: llng_custom_apps.stat.exists and llng_custom_apps.stat.isdir
  tags: web

- name: Check if there are custom logos
  local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/logos
  register: llng_custom_logo
  vars:
    ansible_become: False
  tags: web

- name: Copy custom logos
  synchronize: src=config/{{ inventory_hostname }}/lemonldap_ng/logos/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/logos/
  when: llng_custom_logo.stat.exists and llng_custom_logo.stat.isdir
  tags: web

- name: Check if there're a custom backgrounds
  local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/backgrounds
  register: llng_custom_background
  vars:
    ansible_become: False
  tags: web

- name: Copy custom backgrounds
  synchronize: src=config/{{ inventory_hostname }}/lemonldap_ng/backgrounds/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds/
  when: llng_custom_background.stat.exists and llng_custom_background.stat.isdir
  tags: web

- name: Check if there're a custom CSS
  local_action: stat path=config/{{ inventory_hostname }}/lemonldap_ng/css
  register: llng_custom_css
  vars:
    ansible_become: False
  tags: web

- name: Copy custom CSS
  synchronize: src=config/{{ inventory_hostname }}/lemonldap_ng/css/ dest=/usr/share/lemonldap-ng/portal/htdocs/static/bootstrap/css/
  when: llng_custom_css.stat.exists and llng_custom_css.stat.isdir
  tags: web

- name: Create htpasswd file for API endpoints
  htpasswd:
    path: /etc/lemonldap-ng/api.htpasswd
    name: "{{ llng_api_user }}"
    password: "{{ llng_api_pass }}"
    owner: root
    group: "{{ (llng_server == 'nginx') | ternary('nginx','apache') }}"
    mode: 0640
  when:
    - llng_api_pass is defined
    - llng_portal
  tags: web

- name: Add a cron task to renew OIDC keys
  cron:
    name: lemonldap_rotate_oidc
    special_time: weekly
    user: apache
    job: '/usr/share/lemonldap-ng/bin/rotateOidcKeys'
    cron_file: lemonldap_rotate_oidc
    state: "{{ (llng_portal and llng_server != 'nginx') | ternary('present','absent') }}"
  tags: web

  # provided cron job has a syntaxe error
- name: Override purgeCentralCache cron job
  copy:
    content: |
      #
      # Regular cron jobs for LemonLDAP::NG
      #
      10 * * * * apache [ -x /usr/libexec/lemonldap-ng/bin/purgeCentralCache ] && /usr/libexec/lemonldap-ng/bin/purgeCentralCache      
    dest: /etc/cron.d/lemonldap-ng-portal
  when: llng_portal == True
  tags: web

- name: Deploy custom llng-fastcgi-server unit
  template: src=llng-fastcgi-server.service.j2 dest=/etc/systemd/system/llng-fastcgi-server.service
  notify: restart llng
  register: llng_fastcgi_unit
  tags: web

- name: Deploy llng-fastcgi-server config
  template: src=llng-fastcgi-server.j2 dest=/etc/default/llng-fastcgi-server
  notify: restart llng
  tags: web

- name: Deploy llng-uwsgi unit
  template: src=llng-uwsgi.service.j2 dest=/etc/systemd/system/llng-uwsgi.service
  notify: restart llng
  register: llng_uwsgi_unit
  tags: web

- name: Reload systemd
  systemd: daemon_reload=True
  when: llng_fastcgi_unit.changed or llng_uwsgi_unit.changed
  tags: web

- name: Handle Fast CGI server
  service:
    name: llng-fastcgi-server
    state: "{{ (llng_server == 'nginx' and llng_engine == 'fastcgi') | ternary('started', 'stopped') }}"
    enabled: "{{ (llng_server == 'nginx' and llng_engine == 'fastcgi') | ternary(True, False) }}"
  tags: web

- name: Handle uWSGI server
  service:
    name: llng-uwsgi
    state: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary('started', 'stopped') }}"
    enabled: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary(True, False) }}"
  tags: web

- name: Set correct SELinux context for Lemonldap::NG files
  sefcontext:
    target: "{{ item.target }}"
    setype: "{{ item.type }}"
    state: present
  loop:
    - target: "/var/lib/lemonldap-ng(/.*)?"
      type: httpd_var_lib_t
    - target: "/var/cache/lemonldap-ng(/.*)?"
      type: httpd_cache_t
  when: ansible_selinux.status == 'enabled'
  tags: web

- name: Restore SELinux context
  command: restorecon -R /var/lib/lemonldap-ng /var/cache/lemonldap-ng
  changed_when: False
  when: ansible_selinux.status == 'enabled'
  tags: web