From 46f33f51746835ca9dc78218b8847e56ea810ed3 Mon Sep 17 00:00:00 2001 From: AnsibleGuy Date: Fri, 12 Aug 2022 16:58:13 +0200 Subject: [PATCH] fixed database password generation and meta, updated molecule-config --- defaults/main/1_main.yml | 2 +- meta/main.yml | 1 + molecule/default/molecule.yml | 18 ++++++++++ molecule/default/verify.yml | 40 ++++++++++++++++++++++- tasks/debian/db.yml | 10 +++--- tasks/debian/main.yml | 28 ++++++++++++++++ tasks/debian/web.yml | 1 + templates/etc/zm/conf.d/custom.conf.j2 | 6 ---- templates/etc/zm/conf.d/custom_db.conf.j2 | 8 +++++ 9 files changed, 101 insertions(+), 13 deletions(-) create mode 100644 templates/etc/zm/conf.d/custom_db.conf.j2 diff --git a/defaults/main/1_main.yml b/defaults/main/1_main.yml index acd48f8..5a9f117 100644 --- a/defaults/main/1_main.yml +++ b/defaults/main/1_main.yml @@ -45,7 +45,7 @@ defaults_zm: settings: {} # mariadb setting overrides # ONLY CHANGE IF DB IS NOT MANAGED BY ROLE! - update_password: 'always' # or 'on_create' + update_password: 'on_create' # or 'always' type: 'mysql' host: 'localhost' # port_socket: diff --git a/meta/main.yml b/meta/main.yml index d4b249a..ad3b45e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,6 +2,7 @@ galaxy_info: author: 'AnsibleGuy ' + namespace: 'ansibleguy' readme: 'README.md' license: 'GPLv3' repository: 'https://github.com/ansibleguy/sw_zoneminder' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index bd046fa..de868c8 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -28,6 +28,7 @@ platforms: networks: - name: 'test-ag-zm' ipv4_address: '192.168.0.1' + etc_hosts: {zoneminder.test.ansibleguy.net: '192.168.0.2'} groups: [grp_tester] <<: *docker_all @@ -42,3 +43,20 @@ provisioner: name: ansible verifier: name: ansible +lint: + name: yamllint +scenario: + name: default + test_sequence: + - lint + - destroy +# - dependency + - syntax + - create +# - prepare + - converge + - idempotence + - check +# - side_effect + - verify + - destroy diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index e0533de..37147a9 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,12 +1,50 @@ --- +- name: Verify + hosts: grp_targets + gather_facts: false + tasks: + - name: Checking that services are running and enabled + ansible.builtin.systemd: + name: "{{ item }}" + enabled: true + state: started + check_mode: true + register: svc_test + loop: + - 'mariadb@zoneminder.service' + - 'apache2.service' + failed_when: svc_test.changed + + - name: Checking that services survive restart + ansible.builtin.systemd: + name: "{{ item }}" + state: restarted + loop: + - 'mariadb@zoneminder.service' + - 'apache2.service' + + - name: Checking ports + wait_for: + port: "{{ item }}" + timeout: 1 + msg: "Checking port {{ item }}" + ignore_errors: true + register: port_test + loop: + - 80 + - 443 + + - debug: + var: port_test + - name: Verify hosts: grp_tester gather_facts: false tasks: - name: Checking if zoneminder web-service is reachable ansible.builtin.uri: - url: 'https://192.168.0.2' + url: 'https://zoneminder.test.ansibleguy.net' return_content: yes validate_certs: false register: page diff --git a/tasks/debian/db.yml b/tasks/debian/db.yml index b591503..02538f2 100644 --- a/tasks/debian/db.yml +++ b/tasks/debian/db.yml @@ -11,10 +11,10 @@ - name: ZoneMinder | Debian | DB | Checking if database is empty community.mysql.mysql_query: login_db: "{{ ZM_CONFIG.database.name }}" - query: "SELECT count(*) FROM information_schema.TABLES WHERE (TABLE_SCHEMA = '{{ ZM_CONFIG.database.name }}') AND (TABLE_NAME = 'users')" + query: "SELECT count(*) FROM information_schema.TABLES WHERE (TABLE_SCHEMA = '{{ ZM_CONFIG.database.name }}')" login_unix_socket: "{{ ZM_MARIADB_INSTANCE.socket }}" login_user: "{{ ZM_CONFIG.database.user }}" - login_password: "{{ ZM_CONFIG.database.pwd }}" + login_password: "{{ zm_db_pwd.stdout | default(ZM_CONFIG.database.pwd) }}" ignore_errors: true register: zm_db_empty @@ -36,9 +36,9 @@ target: "{{ ZM_HC.database.schema_file }}" login_unix_socket: "{{ ZM_MARIADB_INSTANCE.socket }}" login_user: "{{ ZM_CONFIG.database.user }}" - login_password: "{{ ZM_CONFIG.database.pwd }}" - when: not zm_db_empty['query_result'][0][0]['count(*)'] | bool + login_password: "{{ zm_db_pwd.stdout | default(ZM_CONFIG.database.pwd) }}" + when: zm_db_empty['query_result'][0][0]['count(*)'] | int == 0 - name: ZoneMinder | Debian | DB | Running db-update script ansible.builtin.command: "{{ ZM_CONFIG.path.bin }}/zmupdate.pl" - when: not zm_db_empty['query_result'][0][0]['count(*)'] | bool + when: zm_db_empty['query_result'][0][0]['count(*)'] | int == 0 diff --git a/tasks/debian/main.yml b/tasks/debian/main.yml index 67af887..09484e1 100644 --- a/tasks/debian/main.yml +++ b/tasks/debian/main.yml @@ -40,6 +40,34 @@ tags: [config] register: zm_cnf +- name: ZoneMinder | Debian | Checking for database config + ansible.builtin.stat: + path: '/etc/zm/conf.d/custom_db.conf' + register: zm_db_cnf_file + +- name: ZoneMinder | Debian | Adding zoneminder database config + ansible.builtin.template: + src: 'templates/etc/zm/conf.d/custom_db.conf.j2' + dest: '/etc/zm/conf.d/custom_db.conf' + owner: 'root' + group: 'www-data' + mode: 0640 + no_log: true + tags: [config] + register: zm_db_cnf + when: > + ZM_CONFIG.database.update_password == 'always' or + (force_pwd_change is defined and force_pwd_change) or + not zm_db_cnf_file.stat.exists + +- name: ZoneMinder | Debian | Pulling existing database password + ansible.builtin.shell: + cmd: "cat /etc/zm/conf.d/custom_db.conf | grep 'ZM_DB_PASS' | cut -d '=' -f2" + register: zm_db_pwd + when: zm_db_cnf_file.stat.exists + check_mode: false + changed_when: false + - name: ZoneMinder | Debian | Updating config-privileges ansible.builtin.file: path: '/etc/zm/zm.conf' diff --git a/tasks/debian/web.yml b/tasks/debian/web.yml index e9850fd..010bb25 100644 --- a/tasks/debian/web.yml +++ b/tasks/debian/web.yml @@ -48,3 +48,4 @@ ansible.builtin.systemd: name: 'apache2.service' state: restarted + changed_when: false diff --git a/templates/etc/zm/conf.d/custom.conf.j2 b/templates/etc/zm/conf.d/custom.conf.j2 index 55b6b59..5a855b8 100644 --- a/templates/etc/zm/conf.d/custom.conf.j2 +++ b/templates/etc/zm/conf.d/custom.conf.j2 @@ -7,9 +7,3 @@ ZM_PATH_LIB={{ ZM_CONFIG.path.lib }} ZM_PATH_CONF={{ ZM_CONFIG.path.conf }} ZM_PATH_WEB={{ ZM_CONFIG.path.web }} ZM_PATH_CGI={{ ZM_CONFIG.path.cgi }} - -ZM_DB_TYPE={{ ZM_CONFIG.database.type }} -ZM_DB_HOST={{ ZM_CONFIG.database.host }}:{{ ZM_CONFIG.database.port_socket | default(ZM_MARIADB_INSTANCE.socket) }} -ZM_DB_NAME={{ ZM_CONFIG.database.name }} -ZM_DB_USER={{ ZM_CONFIG.database.user }} -ZM_DB_PASS={{ ZM_CONFIG.database.pwd }} diff --git a/templates/etc/zm/conf.d/custom_db.conf.j2 b/templates/etc/zm/conf.d/custom_db.conf.j2 new file mode 100644 index 0000000..f9226f2 --- /dev/null +++ b/templates/etc/zm/conf.d/custom_db.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# ansibleguy.sw_zoneminder + +ZM_DB_TYPE={{ ZM_CONFIG.database.type }} +ZM_DB_HOST={{ ZM_CONFIG.database.host }}:{{ ZM_CONFIG.database.port_socket | default(ZM_MARIADB_INSTANCE.socket) }} +ZM_DB_NAME={{ ZM_CONFIG.database.name }} +ZM_DB_USER={{ ZM_CONFIG.database.user }} +ZM_DB_PASS={{ ZM_CONFIG.database.pwd }}