From d2ab076b4462024e91370e05c610d788df949c81 Mon Sep 17 00:00:00 2001 From: AnsibleGuy Date: Thu, 12 May 2022 14:26:04 +0200 Subject: [PATCH] added basic testing, fixes --- README.md | 11 ++-- defaults/main.yml | 10 ++-- .../default/Dockerfile_debian11_systemd.j2 | 14 +++++ molecule/default/Usage.md | 10 ++++ molecule/default/converge.yml | 28 +++++++++ molecule/default/molecule.yml | 47 +++++++++++++++ molecule/default/verify.yml | 10 ++++ playbook.yml | 2 +- tasks/debian/db.yml | 3 +- tasks/debian/main.yml | 60 +++++++++++-------- tasks/debian/web.yml | 2 +- .../zoneminder.conf.j2 | 1 + templates/etc/zm/conf.d/custom.conf.j2 | 2 +- 13 files changed, 158 insertions(+), 42 deletions(-) create mode 100644 molecule/default/Dockerfile_debian11_systemd.j2 create mode 100644 molecule/default/Usage.md create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml rename templates/etc/apache2/{conf-available => sites-available}/zoneminder.conf.j2 (98%) diff --git a/README.md b/README.md index 43ac3fa..c9857db 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Read into the [official documentation](https://zoneminder.readthedocs.io/en/stab **Tested:** -* None +* Debian 11 ## Functionality @@ -36,14 +36,15 @@ Read into the [official documentation](https://zoneminder.readthedocs.io/en/stab ## Info -* **Warning:** THIS ROLE IS NOT YET IN A STABLE STATE! - - * **Note:** this role currently only supports debian-based systems * **Note:** Most of this functionality can be opted in or out using the main defaults file and variables! + +* **Warning:** You should AT LEAST [set a login password after the installation finished](https://zoneminder.readthedocs.io/en/stable/userguide/gettingstarted.html#enabling-authentication). + + ## Setup For this role to work - you must install its dependencies first: @@ -101,5 +102,3 @@ ansible-playbook -K -D -i inventory/hosts.yml playbook.yml --ask-vault-pass There are also some useful **tags** available: * config -* install -* db diff --git a/defaults/main.yml b/defaults/main.yml index 12618c8..4da1ca0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,8 +9,8 @@ ZM_HC: tools: ['ncdu', 'iotop', 'iftop'] base: ['zoneminder'] - repo_key: 'https://zmrepo.zoneminder.com/debian/archive-keyring.gpg' - repo: "deb https://zmrepo.zoneminder.com/debian/release {{ ansible_lsb.codename }}/" + repo_key: "https://zmrepo.zoneminder.com/{{ ansible_distribution | lower }}/archive-keyring.gpg" + repo: "deb https://zmrepo.zoneminder.com/{{ ansible_distribution | lower }}/release {{ ansible_lsb.codename | default('buster') }}/" php_version: '7.4' apache: @@ -23,6 +23,7 @@ ZM_HC: default_zm: tools: false # install admin-tools for disk-space & i/o troubleshooting timezone: '' + add_repo: false # not needed on debian manage: db: true @@ -67,10 +68,7 @@ default_zm: update_password: 'always' # or 'on_create' type: 'mysql' host: 'localhost' - - release: "{{ zoneminder.release | default(ansible_lsb.codename) }}" - db_user: 'zoneminder' - store: '/var/local/zoneminder' + # port_socket: ZM_CONFIG: "{{ default_zm | combine(zoneminder, recursive=true) }}" diff --git a/molecule/default/Dockerfile_debian11_systemd.j2 b/molecule/default/Dockerfile_debian11_systemd.j2 new file mode 100644 index 0000000..24c57ad --- /dev/null +++ b/molecule/default/Dockerfile_debian11_systemd.j2 @@ -0,0 +1,14 @@ +# docker build -t mantest - < ./Dockerfile.j2 +# docker run -it --privileged --name mantest mantest:latest /sbin/init --tmpfs /tmp --tmpfs /run --tmpfs /run/lock + +FROM debian:11-slim + +ENV container docker +ENV LC_ALL C +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update \ + && apt-get install -y systemd systemd-sysv python3 sudo \ + && apt-get clean + +CMD ["/sbin/init"] diff --git a/molecule/default/Usage.md b/molecule/default/Usage.md new file mode 100644 index 0000000..f774e41 --- /dev/null +++ b/molecule/default/Usage.md @@ -0,0 +1,10 @@ +# Usage + +Check out the [Molecule Tutorial](https://github.com/ansibleguy/ansible_tutorial/blob/main/Molecule.md) on how to get started! + +# Running + +```bash +cd roles/ansibleguy.sw_zoneminder +molecule test +``` diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..885cd59 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,28 @@ +--- + +- name: Converge + hosts: grp_targets + strategy: free # speed-up; comment-out to gain clarity + vars: + no_prompts: true # mariadb prompts + + zoneminder: + tools: true + timezone: 'Europe/Vienna' + + manage: + db: true + webserver: true + + apache: + domain: 'zoneminder.test.ansibleguy.net' + + ssl: + mode: 'selfsigned' + cert: + cn: 'ZoneMinder' + org: 'AnsibleGuy Test' + email: 'webmaster@mail.test.ansibleguy.net' + + roles: + - ansibleguy.sw_zoneminder diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..02e465b --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,47 @@ +--- + +references: + docker: + all: &docker_all + docker_host: 'tcp://molecule-docker.local:2375' + # docker_host: 'unix://var/run/docker.sock' # localhost + purge_networks: true + image: 'debian:11-slim' + # for docker systemd config see: https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-priva + dockerfile: 'Dockerfile_debian11_systemd.j2' + build_image: yes + tmpfs: ['/tmp', '/run', '/run/lock'] + privileged: true + command: '/sbin/init' + +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: test-ag-zm-tester + docker_networks: + - name: 'test-ag-zm' + ipam_config: + - subnet: '192.168.0.0/24' + gateway: '192.168.0.254' + networks: + - name: 'test-ag-zm' + ipv4_address: '192.168.0.1' + groups: [grp_tester] + <<: *docker_all + + - name: test-ag-zm-1 + networks: + - name: 'test-ag-zm' + ipv4_address: '192.168.0.20' + groups: [grp_targets] + <<: *docker_all + +provisioner: + name: ansible + # config_options: + # defaults: + # vault_password_file: '~/.vault_pwd_file' +verifier: + name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..85fba02 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,10 @@ +--- + +- name: Verify + hosts: grp_tester + gather_facts: false + tasks: + - name: Checking if zoneminder web-service is reachable + ansible.builtin.uri: + url: 'https://192.168.0.20' + validate_certs: false diff --git a/playbook.yml b/playbook.yml index 6890eff..a1f4bc8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,7 +6,7 @@ become: yes gather_facts: yes vars: - zabbix: + zoneminder: {} roles: - ansibleguy.sw_zoneminder diff --git a/tasks/debian/db.yml b/tasks/debian/db.yml index 6b268ee..e151ca9 100644 --- a/tasks/debian/db.yml +++ b/tasks/debian/db.yml @@ -7,7 +7,6 @@ mariadb: instances: zoneminder: "{{ ZM_MARIADB_INSTANCE }}" - tags: [config, db] - name: ZoneMinder | Debian | DB | Checking if database is empty community.mysql.mysql_query: @@ -36,7 +35,7 @@ use_shell: true # else it will fail target: "{{ ZM_HC.database.schema_file }}" login_unix_socket: "{{ ZM_MARIADB_INSTANCE.socket }}" - login_user: "{{ ZM_CONFIG.database.pwd }}" + login_user: "{{ ZM_CONFIG.database.user }}" login_password: "{{ ZM_CONFIG.database.pwd }}" when: not zm_db_empty['query_result'][0][0]['count(*)'] | bool diff --git a/tasks/debian/main.yml b/tasks/debian/main.yml index 3f71a7d..67af887 100644 --- a/tasks/debian/main.yml +++ b/tasks/debian/main.yml @@ -5,7 +5,7 @@ name: "{{ ZM_HC.packages.dependencies }}" state: present -- name: ZoneMinder | Debian | Installing dependencies +- name: ZoneMinder | Debian | Installing admin-tools ansible.builtin.apt: name: "{{ ZM_HC.packages.tools }}" state: present @@ -14,6 +14,7 @@ - name: ZoneMinder | Debian | Adding repo-key ansible.builtin.apt_key: url: "{{ ZM_HC.repo_key }}" + when: ZM_CONFIG.add_repo - name: ZoneMinder | Debian | Adding package repository ansible.builtin.apt_repository: @@ -21,11 +22,36 @@ state: present update_cache: yes filename: 'zoneminder' + when: ZM_CONFIG.add_repo + +- name: ZoneMinder | Debian | Installing ZoneMinder + ansible.builtin.apt: + name: "{{ ZM_HC.packages.base }}" + state: present + +- name: ZoneMinder | Debian | Adding zoneminder config + ansible.builtin.template: + src: 'templates/etc/zm/conf.d/custom.conf.j2' + dest: '/etc/zm/conf.d/custom.conf' + owner: 'root' + group: 'www-data' + mode: 0640 + no_log: true + tags: [config] + register: zm_cnf + +- name: ZoneMinder | Debian | Updating config-privileges + ansible.builtin.file: + path: '/etc/zm/zm.conf' + state: file + owner: 'root' + group: 'www-data' + mode: 0640 + tags: [config] - name: ZoneMinder | Debian | Managing database ansible.builtin.import_tasks: db.yml when: ZM_CONFIG.manage.db - tags: [db] - name: ZoneMinder | Debian | Unmanaged DB ansible.builtin.pause: @@ -46,31 +72,15 @@ here: https://github.com/ZoneMinder/zoneminder/tree/master/misc" when: not ZM_CONFIG.manage.webserver -- name: ZoneMinder | Debian | Installing ZoneMinder - ansible.builtin.apt: - name: "{{ ZM_HC.packages.base }}" - state: present - -- name: ZoneMinder | Debian | Adding zoneminder config - ansible.builtin.template: - src: 'templates/etc/zm/conf.d/custom.conf.j2' - dest: '/etc/zm/conf.d/custom.conf' - owner: 'root' - group: 'www-data' - mode: 0640 - no_log: true - -- name: ZoneMinder | Debian | Updating config-privileges - ansible.builtin.file: - path: '/etc/zm/zm.conf' - state: file - owner: 'root' - group: 'www-data' - mode: 0640 - - name: ZoneMinder | Debian | Enabling/Starting service - ansible.builtin.systemd: + ansible.builtin.systemd: daemon_reload: yes name: 'zoneminder.service' enabled: yes state: started + +- name: ZoneMinder | Debian | Restarting service + ansible.builtin.systemd: + name: 'zoneminder.service' + state: restarted + when: zm_cnf.changed diff --git a/tasks/debian/web.yml b/tasks/debian/web.yml index 84b9d19..e9850fd 100644 --- a/tasks/debian/web.yml +++ b/tasks/debian/web.yml @@ -45,6 +45,6 @@ when: ZM_CONFIG.timezone in NONE_VALUES - name: ZoneMinder | Debian | Webserver | Restarting webserver - ansible.builtin.systemd: + ansible.builtin.systemd: name: 'apache2.service' state: restarted diff --git a/templates/etc/apache2/conf-available/zoneminder.conf.j2 b/templates/etc/apache2/sites-available/zoneminder.conf.j2 similarity index 98% rename from templates/etc/apache2/conf-available/zoneminder.conf.j2 rename to templates/etc/apache2/sites-available/zoneminder.conf.j2 index 54b69c4..81acd3e 100644 --- a/templates/etc/apache2/conf-available/zoneminder.conf.j2 +++ b/templates/etc/apache2/sites-available/zoneminder.conf.j2 @@ -2,6 +2,7 @@ # ansibleguy.sw_zoneminder # source: https://github.com/ZoneMinder/zoneminder/tree/master/misc +RedirectMatch ^/$ /zm/ ScriptAlias /zm/cgi-bin "{{ ZM_CONFIG.path.cgi }}" Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch diff --git a/templates/etc/zm/conf.d/custom.conf.j2 b/templates/etc/zm/conf.d/custom.conf.j2 index 661874b..55b6b59 100644 --- a/templates/etc/zm/conf.d/custom.conf.j2 +++ b/templates/etc/zm/conf.d/custom.conf.j2 @@ -9,7 +9,7 @@ ZM_PATH_WEB={{ ZM_CONFIG.path.web }} ZM_PATH_CGI={{ ZM_CONFIG.path.cgi }} ZM_DB_TYPE={{ ZM_CONFIG.database.type }} -ZM_DB_HOST={{ ZM_CONFIG.database.host }} +ZM_DB_HOST={{ ZM_CONFIG.database.host }}:{{ ZM_CONFIG.database.port_socket | default(ZM_MARIADB_INSTANCE.socket) }} ZM_DB_NAME={{ ZM_CONFIG.database.name }} ZM_DB_USER={{ ZM_CONFIG.database.user }} ZM_DB_PASS={{ ZM_CONFIG.database.pwd }}