summaryrefslogtreecommitdiffstats
path: root/tasks/webmap.yml
diff options
context:
space:
mode:
Diffstat (limited to 'tasks/webmap.yml')
-rw-r--r--tasks/webmap.yml433
1 files changed, 433 insertions, 0 deletions
diff --git a/tasks/webmap.yml b/tasks/webmap.yml
new file mode 100644
index 0000000..de320d4
--- /dev/null
+++ b/tasks/webmap.yml
@@ -0,0 +1,433 @@
+- name: Install gdal-bin
+ apt: pkg=gdal-bin install-recommends=true
+
+- name: Install unzip and brotli
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - unzip
+ - brotli
+
+- name: Install python dependencies
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - python3
+ - python3-brotli
+ - python3-gdal
+ - python3-requests
+ - python3-systemd
+ - python3-tqdm
+ - python3-urllib3
+ - python3-xdg
+ - python3-yaml
+
+- name: Create directory /etc/webmap
+ file: path=/etc/webmap
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy /etc/webmap/config.yml
+ copy: src=webmap-tools/config.yml
+ dest=/etc/webmap/config.yml
+ owner=root group=root
+ mode=0644
+
+- name: Create directory /usr/local/share/webmap
+ file: path=/usr/local/share/webmap
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy /usr/local/share/webmap/*.py modules
+ copy: src=webmap-tools/{{ item }}
+ dest=/usr/local/share/webmap/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ # TODO these should be compiled
+ - common.py
+ - common_gdal.py
+ - import_source.py
+ - export_mvt.py
+ - rename_exchange.py
+
+- name: Copy webmap-update@.target
+ copy: src=etc/systemd/system/webmap-update@.target
+ dest=/etc/systemd/system/webmap-update@.target
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Copy webmap-update@.timer
+ copy: src=etc/systemd/system/webmap-update@.timer
+ dest=/etc/systemd/system/webmap-update@.timer
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Create directory /etc/systemd/system/webmap-update@*.timer.d
+ file: path=/etc/systemd/system/webmap-update@{{ item }}.timer.d
+ state=directory
+ owner=root group=root
+ mode=0755
+ with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}"
+
+- name: Copy /etc/systemd/system/webmap-update@*.timer.d/override.conf
+ template: src=etc/systemd/system/webmap-update@.timer.d/override.conf.j2
+ dest=/etc/systemd/system/webmap-update@{{ item }}.timer.d/override.conf
+ owner=root group=root
+ mode=0644
+ with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}"
+ notify:
+ - systemctl daemon-reload
+
+- name: Enable webmap-update.timer
+ service: name=webmap-update@{{ item }}.timer state=started enabled=true
+ with_items: "{{ webmap_layer_groups }}"
+
+- meta: flush_handlers
+
+
+- name: Create system group '_webmap'
+ group: name=_webmap system=true
+ state=present
+
+- name: Create system user '_webmap-download'
+ user: name=_webmap-download system=true
+ group=_webmap
+ createhome=false
+ home=/nonexistent
+ shell=/usr/sbin/nologin
+ comment="Webmap update (download)"
+ password="!"
+ state=present
+
+- name: Copy /usr/local/share/webmap/download.py
+ copy: src=webmap-tools/webmap-download
+ dest=/usr/local/share/webmap/download.py
+ owner=root group=root
+ mode=0755
+
+- name: Create /usr/local/bin/webmap-download
+ file: src=../share/webmap/download.py
+ dest=/usr/local/bin/webmap-download
+ owner=root group=root
+ state=link force=yes
+
+- name: Create directory /var/cache/webmap
+ file: path=/var/cache/webmap
+ state=directory
+ owner=_webmap-download group=root
+ mode=0755
+
+- name: Create directory /var/cache/webmap/custom
+ file: path=/var/cache/webmap/custom
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy custom layers into /var/cache/webmap/custom
+ copy: src=webmap-tools/layers/custom/
+ dest=/var/cache/webmap/custom/
+ owner=root group=root
+ mode=0644
+ directory_mode=0755
+
+- name: Copy webmap-download@.service
+ copy: src=etc/systemd/system/webmap-download@.service
+ dest=/etc/systemd/system/webmap-download@.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Enable webmap-download@.service
+ service: name=webmap-download@{{ item }}.service enabled=true
+ with_items: "{{ webmap_layer_groups | difference(webmap_layer_groups_nodownload) }}"
+
+- name: Disable some webmap-download@.service
+ service: name=webmap-download@{{ item }}.service enabled=false
+ with_items: "{{ webmap_layer_groups_nodownload }}"
+
+- meta: flush_handlers
+
+
+- name: Create system user '_webmap'
+ user: name=_webmap system=true
+ group=_webmap
+ createhome=false
+ home=/nonexistent
+ shell=/usr/sbin/nologin
+ comment="Webmap update (extract/import)"
+ password="!"
+ state=present
+
+- name: Install PostgreSQL and PostGIS
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - postgresql
+ - postgresql-postgis
+ - postgis
+ # for ansible
+ - python3-psycopg
+
+- name: Generate sv_SE.UTF-8 locales
+ locale_gen: name=sv_SE.UTF-8 state=present
+ # PostgreSQL needs to be restarted to see the new locale
+ notify: Restart PostgreSQL
+
+- name: Configure PostgreSQL
+ copy: src=etc/postgresql/postgresql.conf
+ dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf
+ owner=postgres group=postgres
+ mode=0644
+ notify: Restart PostgreSQL
+
+- name: Start PostgreSQL
+ service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started
+
+- meta: flush_handlers
+
+# Usage: \sudo -u postgres psql </usr/local/share/webmap/schema.sql
+- name: Copy /usr/local/share/webmap/schema.sql
+ copy: src=webmap-tools/schema.sql
+ dest=/usr/local/share/webmap/schema.sql
+ owner=root group=root
+ mode=0644
+
+- name: Create PostgreSQL database
+ become: true
+ # XXX: this creates /var/lib/postgresql/.ansible/tmp
+ become_user: postgres
+ community.postgresql.postgresql_db:
+ name: webmap
+ comment: Backend PostGIS database for KlimatanalysNorr tooling
+ encoding: UTF-8
+ lc_collate: sv_SE.UTF-8
+ lc_ctype: sv_SE.UTF-8
+ locale_provider: icu
+ icu_locale: sv-SE-x-icu
+ template: template0
+ owner: postgres
+
+- name: Create 'webmap_import' and 'webmap_guest' PostgreSQL users (roles)
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_user:
+ login_db: webmap
+ name: "{{ item }}"
+ with_items:
+ - webmap_import
+ - webmap_guest
+
+- name: Add a rule for 'webmap_import' user in pg_hba.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_hba.conf
+ regexp: '^local\s+webmap\s'
+ line: 'local webmap all peer map=pgmap_webmap'
+ # must come before 'local all all peer', cf.
+ # https://dba.stackexchange.com/questions/177142/postgresql-cannot-peer-authenticate-using-usermap-provided-user-name-dbuser
+ insertbefore: '^local\s+all\s+all\s'
+ create: false
+ notify: Reload PostgreSQL
+
+- name: Add a mapping rule for 'webmap_import' user in pg_ident.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf
+ regexp: '^pgmap_webmap\s.*\swebmap_import\s*$'
+ line: 'pgmap_webmap _webmap webmap_import'
+ create: false
+ notify: Reload PostgreSQL
+
+- name: Add a mapping rule for 'webmap_guest' user in pg_ident.conf
+ ansible.builtin.lineinfile:
+ path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf
+ regexp: '^pgmap_webmap\s.*\swebmap_guest\s*$'
+ line: 'pgmap_webmap /^_?[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$ webmap_guest'
+ create: false
+ notify: Reload PostgreSQL
+
+- name: Create 'postgis' PostgreSQL schema
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_schema:
+ name: postgis
+ login_db: webmap
+ owner: postgres
+
+- name: Install 'postgis' PostgreSQL extension to the webmap database in the postgis schema
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_ext:
+ name: postgis
+ login_db: webmap
+ schema: postgis
+ comment: Geographic objects support for PostgreSQL
+
+- name: GRANT CONNECT ON DATABASE webmap TO webmap_import, webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: CONNECT
+ type: database
+ role: webmap_import,webmap_guest
+
+- name: GRANT USAGE ON SCHEMA postgis TO webmap_import, webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: USAGE
+ type: schema
+ obj: postgis
+ role: webmap_import,webmap_guest
+
+# webmap-import should TRUNCATE existing output layers
+- name: REVOKE CREATE ON SCHEMA postgis FROM webmap_import
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: CREATE
+ type: schema
+ obj: postgis
+ role: webmap_import
+ state: absent
+
+- name: GRANT SELECT ON TABLES IN SCHEMA postgis TO webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: SELECT
+ type: table
+ obj: ALL_IN_SCHEMA
+ schema: postgis
+ role: webmap_guest
+
+- name: GRANT USAGE, SELECT ON SEQUENCES IN SCHEMA postgis TO webmap_guest
+ become: true
+ become_user: postgres
+ community.postgresql.postgresql_privs:
+ login_db: webmap
+ privs: USAGE,SELECT
+ type: sequence
+ obj: ALL_IN_SCHEMA
+ schema: postgis
+ role: webmap_guest
+
+- name: Copy /usr/local/share/webmap/import.py
+ copy: src=webmap-tools/webmap-import
+ dest=/usr/local/share/webmap/import.py
+ owner=root group=root
+ mode=0755
+
+- name: Create /usr/local/bin/webmap-import
+ file: src=../share/webmap/import.py
+ dest=/usr/local/bin/webmap-import
+ owner=root group=root
+ state=link force=yes
+
+- name: Copy webmap-import@.service
+ copy: src=etc/systemd/system/webmap-import@.service
+ dest=/etc/systemd/system/webmap-import@.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Enable webmap-import@.service
+ service: name=webmap-import@{{ item }}.service enabled=true
+ with_items: "{{ webmap_layer_groups }}"
+
+
+- name: Build administrative-codes.json*
+ become: false
+ local_action:
+ module: community.general.make
+ chdir: ./webmap-tools/administrative-codes
+ target: all
+
+- name: Create directory /var/www/webmap/data
+ file: path=/var/www/webmap/data
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy /var/www/webmap/data/administrative-codes.json*
+ copy: src=./webmap-tools/administrative-codes/{{ item }}
+ dest=/var/www/webmap/data/{{ item }}
+ owner=root group=root
+ mode=0644
+ with_items:
+ - administrative-codes.json
+ - administrative-codes.json.br
+
+- meta: flush_handlers
+
+
+- name: Create directory /var/www/webmap/tiles
+ file: path=/var/www/webmap/tiles
+ state=directory
+ owner=_webmap group=root
+ mode=0755
+
+
+- name: Copy /etc/tmpfiles.d/webmap.conf
+ copy: src=etc/tmpfiles.d/webmap.conf
+ dest=/etc/tmpfiles.d/webmap.conf
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemd-tmpfiles --create
+
+- meta: flush_handlers
+
+
+- name: Install Python/WSGI dependencies
+ apt: pkg={{ packages }}
+ vars:
+ packages:
+ - uwsgi-core
+ - uwsgi-plugin-python3
+ # TODO[trixie]: install python3-psycopg-c instead
+ - python3-psycopg
+
+- name: Copy webmap-cgi.socket
+ copy: src=etc/systemd/system/webmap-cgi.socket
+ dest=/etc/systemd/system/webmap-cgi.socket
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+
+- name: Copy webmap-cgi.service
+ copy: src=etc/systemd/system/webmap-cgi.service
+ dest=/etc/systemd/system/webmap-cgi.service
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+ - Stop webmap-cgi.service
+
+- name: Copy /usr/libexec/webmap-cgi
+ copy: src=./webmap-tools/webmap-cgi
+ dest=/usr/libexec/webmap-cgi
+ owner=root group=root
+ mode=0755
+ notify:
+ - Stop webmap-cgi.service
+
+- meta: flush_handlers
+
+- name: Enable webmap-cgi.socket
+ service: name=webmap-cgi.socket state=started enabled=true
+
+- name: Disable webmap-cgi.service
+ service: name=webmap-cgi.service enabled=false
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 00:46:17 +0000