Vortsand Konfiguration für VM auf Webserver

host_vars/vorstandspi → host_vars/vorstand

@@ -2,21 +2,26 @@
 # Host spezifische Variablen 
 
 motd_lines: 
-  - "Vorstands-PI"
-  - "Öffentliche IPs: {{ansible_enxb827eb5e23fd.ipv4.address}} / {{ansible_enxb827eb5e23fd.ipv6[0].address}}"
+  - "Warpzone Vorstand"
+  - "Öffentliche IPs: {{ansible_ens3.ipv4.address}} / {{ansible_ens3.ipv6[0].address}}"
 
 debian_sources: 
-  - "deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi"
+  - "deb http://repo.myloc.de/debian stretch main non-free contrib"
+  - "deb https://download.docker.com/linux/debian stretch stable"
 
 debian_keys:
+  - "https://download.docker.com/linux/debian/gpg"
 
 administratorenteam:
-  - "ole"
-  - "larsm"
-  - "missinformation"
   - "sandhome"
   - "sandmobil"
   - "void"
 
-sshd_additional_ports: 
-  - "444"
\ No newline at end of file
+vorstandteam:
+  - "sandhome"
+  - "sandmobil"
+  - "void"
+  - "ole"
+  - "larsm"
+  - "missinformation"
+

hosts

@@ -20,9 +20,12 @@ webserver   ansible_ssh_host=89.163.231.226
 # Raspberry-PI Server
 [raspbianjessie]
  
-# Vorstands-PI
+# Vorstands-PC
+# Der Server ist im Tresor in der warpzone untergrbracht 
 # Auch erreichbar unter vorstand.warpzone.ms
-vorstandspi ansible_ssh_host=10.0.0.206
+#vorstandspi ansible_ssh_host=10.0.0.206
+#vorstand ansible_ssh_host=10.0.3.251
+vorstand ansible_ssh_host=89.163.231.227
 
 # OpenHAB Server 
 warphab ansible_ssh_host=192.168.0.109

site.yml

@@ -2,7 +2,7 @@
 # Hauptdatei, includiert lediglich die einzelnen Playbooks 
 
 - include: all/main.yml 
-- include: vorstandspi/main.yml 
+- include: vorstand/main.yml 
 - include: warphab/main.yml 
 - include: warpsrvint/main.yml 
 - include: warpsrvext/main.yml 

vorstand/docker_mysql/tasks/main.yml

+---
+# Get secrets 
+- include: ../functions/get_secret.yml
+  with_items:
+    - { path: /srv/mysql/mysql_root_pw, length: 24 }
+    - { path: /srv/mysql/mysql_user_pw, length: 12 }
+
+- name: create folder struct for mysql
+  file: 
+    path: "/srv/mysql/db/" 
+    state: "directory"
+  
+- name: Konfig-Datei erstellen
+  template: 
+    src: "docker-compose.yml" 
+    dest: "/srv/mysql/docker-compose.yml"
+
+- name: start mysql docker
+  docker_service:
+    project_src: /srv/mysql/
+    state: present
+  

vorstand/docker_mysql/templates/docker-compose.yml

+
+version: "3"
+
+services:                                                                                                                                                                 
+                                                                                                                                                                          
+  app:                                                                                                                                                            
+                                                                                                                                                                             
+    image: mariadb:10.3.4                                                                                                                                                         
+    restart: always
+    ports:
+      - 127.0.0.1:3306:3306                                                                                      
+    volumes:                                                                                             
+      - /srv/mysql/db/:/var/lib/mysql                                                                    
+    environment:                                                                                         
+      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pw }}"
+      MYSQL_PASSWORD: "{{ mysql_user_pw }}"
+      MYSQL_DATABASE: dummy 
+      MYSQL_USER: vorstand
+                                      

vorstandspi/jameica/tasks/main.yml → vorstand/jameica/tasks/main.yml

@@ -6,30 +6,41 @@
     update_cache: yes
     state: installed
   with_items:
-    - openjdk-8-jre
-    - libswt-gtk-3-java
-    - libswt-gtk-3-java-gcj
-    - libswt-gtk-3-jni
-    - libswt-gtk-4-java
-    - libswt-gtk-4-jni
-    - libswt-cairo-gtk-4-jni
-    - libswt-cairo-gtk-3-jni
     - python
     - python-mysqldb
+    - openjdk-8-jre
+#    - libswt-gtk-3-java
+#    - libswt-gtk-3-java-gcj
+#    - libswt-gtk-3-jni
+#    - libswt-gtk-4-java
+#    - libswt-gtk-4-jni
+#    - libswt-cairo-gtk-4-jni
+#    - libswt-cairo-gtk-3-jni
+
+# Get secrets 
+- include: ../functions/get_secret.yml
+  with_items:
+    - { path: /srv/mysql/mysql_user_pw, length: 12 }
    
-# Create jameica config directory 
-# Assume jameica is downloaded an extracted to /srv/data/jameica
+# Create jameica directories 
+# Assume jameica is downloaded an extracted to /srv/jameica
 - name: creating config directory 
   file:
-    path: /srv/data/jameica/cfg
+    path: "{{item}}"
     state: directory
+    owner: vorstand
+    group: vorstand
     recurse: yes 
+  with_items:
+    - /srv/jameica
+    - /srv/jameica/cfg
+    - /srv/data-jameica
 
 # create config files 
 - name: creating config files 
   template:
     src: "{{ item }}"
-    dest: "/srv/data/jameica/cfg/{{ item }}"
+    dest: "/srv/jameica/cfg/{{ item }}"
   with_items:
     - de.jost_net.JVerein.rmi.JVereinDBService.properties
     - de.willuhn.jameica.hbci.rmi.HBCIDBService.properties
@@ -38,24 +49,13 @@
 - name: creating modified start script  
   template:
     src: jameica.sh
-    dest: /srv/data/jameica/jameica.sh
+    dest: /srv/jameica/jameica.sh
     mode: "u=rwx"
 
 - name: creating symlink for start script 
   file:
-    src: /srv/data/jameica/jameica.sh
+    src: /srv/jameica/jameica.sh
     dest: /usr/bin/jameica
     state: link
 
-# fix java swt libs 
-- name: fix java swt libs 
-  shell: cp /usr/lib/java/swt-gtk-3.8.2.jar /srv/data/jameica/lib/swt/linux/swt.jar
-
-# Create database user 'vorstand' (localhost only) 
-- mysql_user:
-    name: vorstand
-    password: vorstand
-    priv: '*.*:ALL'
-    host: localhost
-    state: present
 

vorstandspi/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties → vorstand/jameica/templates/de.jost_net.JVerein.rmi.JVereinDBService.properties

 database.driver=de.jost_net.JVerein.server.DBSupportMySqlImpl
 database.driver.mysql.jdbcurl=jdbc\:mysql\://localhost\:3306/jverein?useUnicode\=Yes&characterEncoding\=ISO8859_1
 database.driver.mysql.username=vorstand
-database.driver.mysql.password=vorstand
+database.driver.mysql.password={{mysql_user_pw}}

vorstandspi/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties → vorstand/jameica/templates/de.willuhn.jameica.hbci.rmi.HBCIDBService.properties

 database.driver=de.willuhn.jameica.hbci.server.DBSupportMySqlImpl
 database.driver.mysql.jdbcurl=jdbc\:mysql\://localhost\:3306/hibiscus?useUnicode\=Yes&characterEncoding\=ISO8859_1
 database.driver.mysql.username=vorstand
-database.driver.mysql.password=vorstand
\ No newline at end of file
+database.driver.mysql.password={{mysql_user_pw}}
\ No newline at end of file

vorstandspi/jameica/templates/jameica.sh → vorstand/jameica/templates/jameica.sh

@@ -15,4 +15,4 @@ else
         archsuffix=""
 fi
 
-LIBOVERLAY_SCROLLBAR=0 GDK_NATIVE_WINDOWS=1 SWT_GTK3=0 exec java -Djava.net.preferIPv4Stack=true -Xmx512m $_JCONSOLE -jar jameica-linux${archsuffix}.jar -f /srv/data/data-jameica/ -p nopassword $@
+LIBOVERLAY_SCROLLBAR=0 GDK_NATIVE_WINDOWS=1 SWT_GTK3=0 exec java -Djava.net.preferIPv4Stack=true -Xmx512m $_JCONSOLE -jar jameica-linux${archsuffix}.jar -f /srv/data-jameica/ -p nopassword $@

vorstand/main.yml

+---
+
+- hosts: vorstand
+  remote_user: root
+  roles:
+    - { role: ../common/docker, tags: docker }
+    - { role: docker_mysql, tags: mysql }
+    - { role: jameica, tags: jameica }
+    - { role: user, tags: user }
+
+#    - { role: ../common/borgbackup, tags: borgbackup }
+#    - { role: git, tags: git }
+

vorstand/user/tasks/main.yml

+
+- name: Add the user 'vorstand' 
+  user:
+    name: vorstand
+    comment: Vorstannd User 
+    group: vorstand
+
+- name: add sshkeys for user vorstand 
+  authorized_key: 
+    user: vorstand
+    key: "{{ lookup('file', '../keyfiles/' + item + '.pub') }}"
+  with_items: "{{ vorstandteam }}"
+  when: vorstandteam

vorstandspi/main.yml

----
-
-- hosts: vorstandspi
-  remote_user: root
-  roles:
-    - { role: git, tags: git }
-    - { role: mysql, tags: mysql }
-    - { role: jameica, tags: jameica }
-
-

vorstandspi/mysql/files/datadir.cnf

-
-[mysqld]
-datadir         = /srv/data/mysql

vorstandspi/mysql/handlers/main.yml

----
-#- name: restart mysql
-#  service: name=mariadb state=restarted

vorstandspi/mysql/tasks/main.yml

----
-# Pakete installieren
-- name: mysql installieren
-  apt:
-    pkg: "{{ item }}"
-    update_cache: yes
-    state: installed
-  with_items:
-    - mariadb-server
-    - mariadb-client
-  notify: restart mysql
-
-# Datenverzeichnis erstellen 
-- file:
-    path: /srv/data/mysql
-    state: directory
-    owner: mysql 
-    group: mysql 
-  notify: restart mysql
-
-- stat:
-    path: /var/lib/mysql 
-  register: datadir
-
-- name: stop mysql
-  service: name=mariadb state=stopped
-  when: datadir.stat.islnk is not defined or datadir.stat.islnk == False
-
-- file:
-    path: /var/lib/mysql/
-    state: absent
-  when: datadir.stat.islnk is not defined or datadir.stat.islnk == False
-  notify: restart mysql
-
-- file:
-    src: /srv/data/mysql
-    dest: /var/lib/mysql
-    owner: mysql 
-    group: mysql 
-    state: link
-  when: datadir.stat.islnk is not defined
-  notify: restart mysql
-