summaryrefslogtreecommitdiffstats
path: root/tasks/webmap.yml
diff options
context:
space:
mode:
Diffstat (limited to 'tasks/webmap.yml')
-rw-r--r--tasks/webmap.yml319
1 files changed, 301 insertions, 18 deletions
diff --git a/tasks/webmap.yml b/tasks/webmap.yml
index 10a6555..2db575d 100644
--- a/tasks/webmap.yml
+++ b/tasks/webmap.yml
@@ -1,17 +1,22 @@
- name: Install gdal-bin
apt: pkg=gdal-bin install-recommends=true
-- name: Install unzip
- apt: pkg=unzip
+- name: Install unzip and brotli
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - unzip
+ - brotli
- name: Install python dependencies
apt: pkg={{ packages }}
vars:
packages:
- python3
+ - python3-brotli
- python3-gdal
- - python3-lxml
- python3-requests
+ - python3-systemd
- python3-tqdm
- python3-urllib3
- python3-xdg
@@ -35,11 +40,19 @@
owner=root group=root
mode=0755
-- name: Copy /usr/local/share/webmap/common.py
- copy: src=webmap-tools/common.py
- dest=/usr/local/share/webmap/common.py
+- name: Copy /usr/local/share/webmap/*.py modules
+ copy: src=webmap-tools/{{ item }}
+ dest=/usr/local/share/webmap/{{ item }}
owner=root group=root
mode=0644
+ with_items:
+ # TODO these should be compiled
+ - common.py
+ - common_gdal.py
+ - import_source.py
+ - export_mvt.py
+ - export_raster.py
+ - rename_exchange.py
- name: Copy webmap-update@.target
copy: src=etc/systemd/system/webmap-update@.target
@@ -57,16 +70,36 @@
notify:
- systemctl daemon-reload
+- name: Create directory /etc/systemd/system/webmap-update@*.timer.d
+ file: path=/etc/systemd/system/webmap-update@{{ item }}.timer.d
+ state=directory
+ owner=root group=root
+ mode=0755
+ with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}"
+
+- name: Copy /etc/systemd/system/webmap-update@*.timer.d/override.conf
+ template: src=etc/systemd/system/webmap-update@.timer.d/override.conf.j2
+ dest=/etc/systemd/system/webmap-update@{{ item }}.timer.d/override.conf
+ owner=root group=root
+ mode=0644
+ with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}"
+ notify:
+ - systemctl daemon-reload
+
- name: Enable webmap-update.timer
service: name=webmap-update@{{ item }}.timer state=started enabled=true
- with_items: "{{ webmap_layer_groups }}"
+ with_items: "{{ webmap_layer_groups | union(webmap_raster) }}"
- meta: flush_handlers
+- name: Create system group '_webmap'
+ group: name=_webmap system=true
+ state=present
+
- name: Create system user '_webmap-download'
user: name=_webmap-download system=true
- group=nogroup
+ group=_webmap
createhome=false
home=/nonexistent
shell=/usr/sbin/nologin
@@ -86,18 +119,25 @@
owner=root group=root
state=link force=yes
-- name: Copy /usr/local/share/webmap/webmap-download-mrr.py
- copy: src=webmap-tools/webmap-download-mrr.py
- dest=/usr/local/share/webmap/webmap-download-mrr.py
- owner=root group=root
- mode=0644
-
- name: Create directory /var/cache/webmap
file: path=/var/cache/webmap
state=directory
- owner=_webmap-download group=nogroup
+ owner=_webmap-download group=root
mode=0755
+- name: Create directory /var/cache/webmap/custom
+ file: path=/var/cache/webmap/custom
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy custom layers into /var/cache/webmap/custom
+ copy: src=webmap-tools/layers/custom/
+ dest=/var/cache/webmap/custom/
+ owner=root group=root
+ mode=0644
+ directory_mode=0755
+
- name: Copy webmap-download@.service
copy: src=etc/systemd/system/webmap-download@.service
dest=/etc/systemd/system/webmap-download@.service
@@ -108,11 +148,25 @@
- name: Enable webmap-download@.service
service: name=webmap-download@{{ item }}.service enabled=true
- with_items: "{{ webmap_layer_groups }}"
+ with_items: "{{ webmap_layer_groups | union(webmap_raster) | difference(webmap_layer_groups_nodownload) }}"
+
+- name: Disable some webmap-download@.service
+ service: name=webmap-download@{{ item }}.service enabled=false
+ with_items: "{{ webmap_layer_groups_nodownload }}"
- meta: flush_handlers
+- name: Create system user '_webmap'
+ user: name=_webmap system=true
+ group=_webmap
+ createhome=false
+ home=/nonexistent
+ shell=/usr/sbin/nologin
+ comment="Webmap update (extract/import)"
+ password="!"
+ state=present
+
- name: Install PostgreSQL and PostGIS
apt: pkg={{ packages }}
vars:
@@ -128,11 +182,25 @@
# PostgreSQL needs to be restarted to see the new locale
notify: Restart PostgreSQL
+- name: Configure PostgreSQL
+ copy: src=etc/postgresql/postgresql.conf
+ dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf
+ owner=postgres group=postgres
+ mode=0644
+ notify: Restart PostgreSQL
+
- name: Start PostgreSQL
service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started
- meta: flush_handlers
+# Usage: \sudo -u postgres psql </usr/local/share/webmap/schema.sql
+- name: Copy /usr/local/share/webmap/schema.sql
+ copy: src=webmap-tools/schema.sql
+ dest=/usr/local/share/webmap/schema.sql
+ owner=root group=root
+ mode=0644
+
- name: Create PostgreSQL database
become: true
# XXX: this creates /var/lib/postgresql/.ansible/tmp
@@ -148,12 +216,49 @@
template: template0
owner: postgres
+- name: Create 'webmap_import' and 'webmap_guest' PostgreSQL users (roles)
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_user:
+ login_db: webmap
+ name: "{{ item }}"
+ with_items:
+ - webmap_import
+ - webmap_guest
+
+- name: Add a rule for 'webmap_import' user in pg_hba.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_hba.conf
+ regexp: '^local\s+webmap\s'
+ line: 'local webmap all peer map=pgmap_webmap'
+ # must come before 'local all all peer', cf.
+ # https://dba.stackexchange.com/questions/177142/postgresql-cannot-peer-authenticate-using-usermap-provided-user-name-dbuser
+ insertbefore: '^local\s+all\s+all\s'
+ create: false
+ notify: Reload PostgreSQL
+
+- name: Add a mapping rule for 'webmap_import' user in pg_ident.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf
+ regexp: '^pgmap_webmap\s.*\swebmap_import\s*$'
+ line: 'pgmap_webmap _webmap webmap_import'
+ create: false
+ notify: Reload PostgreSQL
+
+- name: Add a mapping rule for 'webmap_guest' user in pg_ident.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf
+ regexp: '^pgmap_webmap\s.*\swebmap_guest\s*$'
+ line: 'pgmap_webmap /^_?[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$ webmap_guest'
+ create: false
+ notify: Reload PostgreSQL
+
- name: Create 'postgis' PostgreSQL schema
become: true
become_user: postgres
community.postgresql.postgresql_schema:
name: postgis
- db: webmap
+ login_db: webmap
owner: postgres
- name: Install 'postgis' PostgreSQL extension to the webmap database in the postgis schema
@@ -161,8 +266,186 @@
become_user: postgres
community.postgresql.postgresql_ext:
name: postgis
- db: webmap
+ login_db: webmap
schema: postgis
comment: Geographic objects support for PostgreSQL
+- name: GRANT CONNECT ON DATABASE webmap TO webmap_import, webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: CONNECT
+ type: database
+ role: webmap_import,webmap_guest
+
+- name: GRANT USAGE ON SCHEMA postgis TO webmap_import, webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: USAGE
+ type: schema
+ obj: postgis
+ role: webmap_import,webmap_guest
+
+# webmap-import should TRUNCATE existing output layers
+- name: REVOKE CREATE ON SCHEMA postgis FROM webmap_import
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: CREATE
+ type: schema
+ obj: postgis
+ role: webmap_import
+ state: absent
+
+- name: GRANT SELECT ON TABLES IN SCHEMA postgis TO webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: SELECT
+ type: table
+ obj: ALL_IN_SCHEMA
+ schema: postgis
+ role: webmap_guest
+
+- name: GRANT USAGE, SELECT ON SEQUENCES IN SCHEMA postgis TO webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: USAGE,SELECT
+ type: sequence
+ obj: ALL_IN_SCHEMA
+ schema: postgis
+ role: webmap_guest
+
+- name: Copy /usr/local/share/webmap/import.py
+ copy: src=webmap-tools/webmap-import
+ dest=/usr/local/share/webmap/import.py
+ owner=root group=root
+ mode=0755
+
+- name: Create /usr/local/bin/webmap-import
+ file: src=../share/webmap/import.py
+ dest=/usr/local/bin/webmap-import
+ owner=root group=root
+ state=link force=yes
+
+- name: Copy webmap-import@.service
+ copy: src=etc/systemd/system/webmap-import@.service
+ dest=/etc/systemd/system/webmap-import@.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Enable webmap-import@.service
+ service: name=webmap-import@{{ item }}.service enabled=true
+ with_items: "{{ webmap_layer_groups }}"
+
+- name: Copy webmap-raster@.service
+ copy: src=etc/systemd/system/webmap-raster@.service
+ dest=/etc/systemd/system/webmap-raster@.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Enable webmap-raster@.service
+ service: name=webmap-raster@{{ item }}.service enabled=true
+ with_items: "{{ webmap_raster }}"
+
+
+- name: Build administrative-codes.json*
+ become: false
+ delegate_to: localhost
+ community.general.make:
+ chdir: ./webmap-tools/administrative-codes
+ target: all
+
+- name: Create directory /var/www/webmap/data
+ file: path=/var/www/webmap/data
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy /var/www/webmap/data/administrative-codes.json*
+ copy: src=./webmap-tools/administrative-codes/{{ item }}
+ dest=/var/www/webmap/data/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ - administrative-codes.json
+ - administrative-codes.json.br
+
+- meta: flush_handlers
+
+
+- name: Create directory /var/www/webmap/tiles
+ file: path=/var/www/webmap/tiles
+ state=directory
+ owner=_webmap group=root
+ mode=0755
+
+- name: Create directory /var/www/webmap/raster
+ file: path=/var/www/webmap/raster
+ state=directory
+ owner=_webmap group=root
+ mode=0755
+
+
+- name: Copy /etc/tmpfiles.d/webmap.conf
+ copy: src=etc/tmpfiles.d/webmap.conf
+ dest=/etc/tmpfiles.d/webmap.conf
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemd-tmpfiles --create
+
- meta: flush_handlers
+
+
+- name: Install Python/WSGI dependencies
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - uwsgi-core
+ - uwsgi-plugin-python3
+ - python3-psycopg-c
+
+- name: Copy webmap-cgi.socket
+ copy: src=etc/systemd/system/webmap-cgi.socket
+ dest=/etc/systemd/system/webmap-cgi.socket
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Copy webmap-cgi.service
+ copy: src=etc/systemd/system/webmap-cgi.service
+ dest=/etc/systemd/system/webmap-cgi.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+ - Stop webmap-cgi.service
+
+- name: Copy /usr/libexec/webmap-cgi
+ copy: src=./webmap-tools/webmap-cgi
+ dest=/usr/libexec/webmap-cgi
+ owner=root group=root
+ mode=0755
+ notify:
+ - Stop webmap-cgi.service
+
+- meta: flush_handlers
+
+- name: Enable webmap-cgi.socket
+ service: name=webmap-cgi.socket state=started enabled=true
+
+- name: Disable webmap-cgi.service
+ service: name=webmap-cgi.service enabled=false
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 00:38:53 +0000