fixed database password generation and meta, updated molecule-config

defaults/main/1_main.yml

@@ -45,7 +45,7 @@ defaults_zm:
     settings: {}  # mariadb setting overrides
 
     # ONLY CHANGE IF DB IS NOT MANAGED BY ROLE!
-    update_password: 'always'  # or 'on_create'
+    update_password: 'on_create'  # or 'always'
     type: 'mysql'
     host: 'localhost'
     # port_socket:

meta/main.yml

@@ -2,6 +2,7 @@
 
 galaxy_info:
   author: 'AnsibleGuy <guy@ansibleguy.net>'
+  namespace: 'ansibleguy'
   readme: 'README.md'
   license: 'GPLv3'
   repository: 'https://github.com/ansibleguy/sw_zoneminder'

molecule/default/molecule.yml

@@ -28,6 +28,7 @@ platforms:
     networks:
       - name: 'test-ag-zm'
         ipv4_address: '192.168.0.1'
+    etc_hosts: {zoneminder.test.ansibleguy.net: '192.168.0.2'}
     groups: [grp_tester]
     <<: *docker_all
 
@@ -42,3 +43,20 @@ provisioner:
   name: ansible
 verifier:
   name: ansible
+lint:
+  name: yamllint
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - destroy
+#    - dependency
+    - syntax
+    - create
+#    - prepare
+    - converge
+    - idempotence
+    - check
+#    - side_effect
+    - verify
+    - destroy

molecule/default/verify.yml

@@ -1,12 +1,50 @@
 ---
 
+- name: Verify
+  hosts: grp_targets
+  gather_facts: false
+  tasks:
+    - name: Checking that services are running and enabled
+      ansible.builtin.systemd:
+        name: "{{ item }}"
+        enabled: true
+        state: started
+      check_mode: true
+      register: svc_test
+      loop:
+        - 'mariadb@zoneminder.service'
+        - 'apache2.service'
+      failed_when: svc_test.changed
+
+    - name: Checking that services survive restart
+      ansible.builtin.systemd:
+        name: "{{ item }}"
+        state: restarted
+      loop:
+        - 'mariadb@zoneminder.service'
+        - 'apache2.service'
+
+    - name: Checking ports
+      wait_for:
+        port: "{{ item }}"
+        timeout: 1
+        msg: "Checking port {{ item }}"
+      ignore_errors: true
+      register: port_test
+      loop:
+        - 80
+        - 443
+
+    - debug:
+        var: port_test
+
 - name: Verify
   hosts: grp_tester
   gather_facts: false
   tasks:
   - name: Checking if zoneminder web-service is reachable
     ansible.builtin.uri:
-      url: 'https://192.168.0.2'
+      url: 'https://zoneminder.test.ansibleguy.net'
       return_content: yes
       validate_certs: false
     register: page

tasks/debian/db.yml

@@ -11,10 +11,10 @@
 - name: ZoneMinder | Debian | DB | Checking if database is empty
   community.mysql.mysql_query:
     login_db: "{{ ZM_CONFIG.database.name }}"
-    query: "SELECT count(*) FROM information_schema.TABLES WHERE (TABLE_SCHEMA = '{{ ZM_CONFIG.database.name }}') AND (TABLE_NAME = 'users')"
+    query: "SELECT count(*) FROM information_schema.TABLES WHERE (TABLE_SCHEMA = '{{ ZM_CONFIG.database.name }}')"
     login_unix_socket: "{{ ZM_MARIADB_INSTANCE.socket }}"
     login_user: "{{ ZM_CONFIG.database.user }}"
-    login_password: "{{ ZM_CONFIG.database.pwd }}"
+    login_password: "{{ zm_db_pwd.stdout | default(ZM_CONFIG.database.pwd) }}"
   ignore_errors: true
   register: zm_db_empty
 
@@ -36,9 +36,9 @@
     target: "{{ ZM_HC.database.schema_file }}"
     login_unix_socket: "{{ ZM_MARIADB_INSTANCE.socket }}"
     login_user: "{{ ZM_CONFIG.database.user }}"
-    login_password: "{{ ZM_CONFIG.database.pwd }}"
-  when: not zm_db_empty['query_result'][0][0]['count(*)'] | bool
+    login_password: "{{ zm_db_pwd.stdout | default(ZM_CONFIG.database.pwd) }}"
+  when: zm_db_empty['query_result'][0][0]['count(*)'] | int == 0
 
 - name: ZoneMinder | Debian | DB | Running db-update script
   ansible.builtin.command: "{{ ZM_CONFIG.path.bin }}/zmupdate.pl"
-  when: not zm_db_empty['query_result'][0][0]['count(*)'] | bool
+  when: zm_db_empty['query_result'][0][0]['count(*)'] | int == 0

tasks/debian/main.yml

@@ -40,6 +40,34 @@
   tags: [config]
   register: zm_cnf
 
+- name: ZoneMinder | Debian | Checking for database config
+  ansible.builtin.stat:
+    path: '/etc/zm/conf.d/custom_db.conf'
+  register: zm_db_cnf_file
+
+- name: ZoneMinder | Debian | Adding zoneminder database config
+  ansible.builtin.template:
+    src: 'templates/etc/zm/conf.d/custom_db.conf.j2'
+    dest: '/etc/zm/conf.d/custom_db.conf'
+    owner: 'root'
+    group: 'www-data'
+    mode: 0640
+  no_log: true
+  tags: [config]
+  register: zm_db_cnf
+  when: >
+    ZM_CONFIG.database.update_password == 'always' or
+    (force_pwd_change is defined and force_pwd_change) or
+    not zm_db_cnf_file.stat.exists
+
+- name: ZoneMinder | Debian | Pulling existing database password
+  ansible.builtin.shell:
+    cmd: "cat /etc/zm/conf.d/custom_db.conf | grep 'ZM_DB_PASS' | cut -d '=' -f2"
+  register: zm_db_pwd
+  when: zm_db_cnf_file.stat.exists
+  check_mode: false
+  changed_when: false
+
 - name: ZoneMinder | Debian | Updating config-privileges
   ansible.builtin.file:
     path: '/etc/zm/zm.conf'

tasks/debian/web.yml

@@ -48,3 +48,4 @@
   ansible.builtin.systemd:
     name: 'apache2.service'
     state: restarted
+  changed_when: false

templates/etc/zm/conf.d/custom.conf.j2

@@ -7,9 +7,3 @@ ZM_PATH_LIB={{ ZM_CONFIG.path.lib }}
 ZM_PATH_CONF={{ ZM_CONFIG.path.conf }}
 ZM_PATH_WEB={{ ZM_CONFIG.path.web }}
 ZM_PATH_CGI={{ ZM_CONFIG.path.cgi }}
-
-ZM_DB_TYPE={{ ZM_CONFIG.database.type }}
-ZM_DB_HOST={{ ZM_CONFIG.database.host }}:{{ ZM_CONFIG.database.port_socket | default(ZM_MARIADB_INSTANCE.socket) }}
-ZM_DB_NAME={{ ZM_CONFIG.database.name }}
-ZM_DB_USER={{ ZM_CONFIG.database.user }}
-ZM_DB_PASS={{ ZM_CONFIG.database.pwd }}

templates/etc/zm/conf.d/custom_db.conf.j2

@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+# ansibleguy.sw_zoneminder
+
+ZM_DB_TYPE={{ ZM_CONFIG.database.type }}
+ZM_DB_HOST={{ ZM_CONFIG.database.host }}:{{ ZM_CONFIG.database.port_socket | default(ZM_MARIADB_INSTANCE.socket) }}
+ZM_DB_NAME={{ ZM_CONFIG.database.name }}
+ZM_DB_USER={{ ZM_CONFIG.database.user }}
+ZM_DB_PASS={{ ZM_CONFIG.database.pwd }}