diff options
Diffstat (limited to 'tasks/webmap.yml')
| -rw-r--r-- | tasks/webmap.yml | 379 |
1 files changed, 4 insertions, 375 deletions
diff --git a/tasks/webmap.yml b/tasks/webmap.yml index 1ff8ea3..682e785 100644 --- a/tasks/webmap.yml +++ b/tasks/webmap.yml @@ -1,367 +1,5 @@ -- name: Install gdal-bin - apt: pkg=gdal-bin install-recommends=true - -- name: Install unzip and brotli - apt: pkg={{ packages }} - vars: - packages: - - unzip - - brotli - -- name: Install python dependencies - apt: pkg={{ packages }} - vars: - packages: - - python3 - - python3-brotli - - python3-gdal - - python3-requests - - python3-systemd - - python3-tqdm - - python3-urllib3 - - python3-xdg - - python3-yaml - -- name: Create directory /etc/webmap - file: path=/etc/webmap - state=directory - owner=root group=root - mode=0755 - -- name: Copy /etc/webmap/config.yml - copy: src=webmap-tools/config.yml - dest=/etc/webmap/config.yml - owner=root group=root - mode=0644 - -- name: Create directory /usr/local/share/webmap - file: path=/usr/local/share/webmap - state=directory - owner=root group=root - mode=0755 - -- name: Copy /usr/local/share/webmap/*.py modules - copy: src=webmap-tools/{{ item }} - dest=/usr/local/share/webmap/{{ item }} - owner=root group=root - mode=0644 - with_items: - # TODO these should be compiled - - common.py - - common_gdal.py - - import_source.py - - export_mvt.py - - export_raster.py - - rename_exchange.py - -- name: Copy webmap-update@.target - copy: src=etc/systemd/system/webmap-update@.target - dest=/etc/systemd/system/webmap-update@.target - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Copy webmap-update@.timer - copy: src=etc/systemd/system/webmap-update@.timer - dest=/etc/systemd/system/webmap-update@.timer - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Create directory /etc/systemd/system/webmap-update@*.timer.d - file: path=/etc/systemd/system/webmap-update@{{ item }}.timer.d - state=directory - owner=root group=root - mode=0755 - with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}" - -- name: Copy /etc/systemd/system/webmap-update@*.timer.d/override.conf - template: src=etc/systemd/system/webmap-update@.timer.d/override.conf.j2 - dest=/etc/systemd/system/webmap-update@{{ item }}.timer.d/override.conf - owner=root group=root - mode=0644 - with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}" - notify: - - systemctl daemon-reload - -- name: Enable webmap-update.timer - service: name=webmap-update@{{ item }}.timer state=started enabled=true - with_items: "{{ webmap_layer_groups | union(webmap_raster) }}" - -- meta: flush_handlers - - -- name: Create system group '_webmap' - group: name=_webmap system=true - state=present - -- name: Create system user '_webmap-download' - user: name=_webmap-download system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (download)" - password="!" - state=present - -- name: Copy /usr/local/share/webmap/download.py - copy: src=webmap-tools/webmap-download - dest=/usr/local/share/webmap/download.py - owner=root group=root - mode=0755 - -- name: Create /usr/local/bin/webmap-download - file: src=../share/webmap/download.py - dest=/usr/local/bin/webmap-download - owner=root group=root - state=link force=yes - -- name: Create directory /var/cache/webmap - file: path=/var/cache/webmap - state=directory - owner=_webmap-download group=root - mode=0755 - -- name: Create directory /var/cache/webmap/custom - file: path=/var/cache/webmap/custom - state=directory - owner=root group=root - mode=0755 - -- name: Copy custom layers into /var/cache/webmap/custom - copy: src=webmap-tools/layers/custom/ - dest=/var/cache/webmap/custom/ - owner=root group=root - mode=0644 - directory_mode=0755 - -- name: Copy webmap-download@.service - copy: src=etc/systemd/system/webmap-download@.service - dest=/etc/systemd/system/webmap-download@.service - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Enable webmap-download@.service - service: name=webmap-download@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups | union(webmap_raster) | difference(webmap_layer_groups_nodownload) }}" - -- name: Disable some webmap-download@.service - service: name=webmap-download@{{ item }}.service enabled=false - with_items: "{{ webmap_layer_groups_nodownload }}" - -- meta: flush_handlers - - -- name: Create system user '_webmap' - user: name=_webmap system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (extract/import)" - password="!" - state=present - -- name: Install PostgreSQL and PostGIS - apt: pkg={{ packages }} - vars: - packages: - - postgresql - - postgresql-postgis - - postgis - # for ansible - - python3-psycopg - -- name: Generate sv_SE.UTF-8 locales - locale_gen: name=sv_SE.UTF-8 state=present - # PostgreSQL needs to be restarted to see the new locale - notify: Restart PostgreSQL - -- name: Configure PostgreSQL - copy: src=etc/postgresql/postgresql.conf - dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf - owner=postgres group=postgres - mode=0644 - notify: Restart PostgreSQL - -- name: Start PostgreSQL - service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started - -- meta: flush_handlers - -# Usage: \sudo -u postgres psql </usr/local/share/webmap/schema.sql -- name: Copy /usr/local/share/webmap/schema.sql - copy: src=webmap-tools/schema.sql - dest=/usr/local/share/webmap/schema.sql - owner=root group=root - mode=0644 - -- name: Create PostgreSQL database - become: true - # XXX: this creates /var/lib/postgresql/.ansible/tmp - become_user: postgres - community.postgresql.postgresql_db: - name: webmap - comment: Backend PostGIS database for KlimatanalysNorr tooling - encoding: UTF-8 - lc_collate: sv_SE.UTF-8 - lc_ctype: sv_SE.UTF-8 - locale_provider: icu - icu_locale: sv-SE-x-icu - template: template0 - owner: postgres - -- name: Create 'webmap_import' and 'webmap_guest' PostgreSQL users (roles) - become: true - become_user: postgres - community.postgresql.postgresql_user: - login_db: webmap - name: "{{ item }}" - with_items: - - webmap_import - - webmap_guest - -- name: Add a rule for 'webmap_import' user in pg_hba.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_hba.conf - regexp: '^local\s+webmap\s' - line: 'local webmap all peer map=pgmap_webmap' - # must come before 'local all all peer', cf. - # https://dba.stackexchange.com/questions/177142/postgresql-cannot-peer-authenticate-using-usermap-provided-user-name-dbuser - insertbefore: '^local\s+all\s+all\s' - create: false - notify: Reload PostgreSQL - -- name: Add a mapping rule for 'webmap_import' user in pg_ident.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf - regexp: '^pgmap_webmap\s.*\swebmap_import\s*$' - line: 'pgmap_webmap _webmap webmap_import' - create: false - notify: Reload PostgreSQL - -- name: Add a mapping rule for 'webmap_guest' user in pg_ident.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf - regexp: '^pgmap_webmap\s.*\swebmap_guest\s*$' - line: 'pgmap_webmap /^_?[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$ webmap_guest' - create: false - notify: Reload PostgreSQL - -- name: Create PostgreSQL schemas - become: true - become_user: postgres - community.postgresql.postgresql_schema: - login_db: webmap - name: "{{ item.name }}" - owner: postgres - comment: "{{ item.comment }}" - with_items: "{{ postgis_schemas }}" - -- name: Install 'postgis' PostgreSQL extension to the webmap database - become: true - become_user: postgres - community.postgresql.postgresql_ext: - name: postgis - login_db: webmap - comment: Geographic objects support for PostgreSQL - -- name: GRANT CONNECT ON DATABASE webmap TO webmap_import, webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - login_db: webmap - privs: CONNECT - type: database - role: webmap_import,webmap_guest - -- name: GRANT USAGE ON SCHEMA * TO webmap_import, webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - login_db: webmap - privs: USAGE - type: schema - objs: "{{ (['public'] + (postgis_schemas | map(attribute='name'))) | join(',') }}" - role: webmap_import,webmap_guest - -# tooling should TRUNCATE existing output layers instead -- name: REVOKE CREATE ON SCHEMA * FROM webmap_import - become: true - become_user: postgres - community.postgresql.postgresql_privs: - login_db: webmap - privs: CREATE - type: schema - objs: "{{ (['public'] + (postgis_schemas | map(attribute='name'))) | join(',') }}" - role: webmap_import - state: absent - -- name: GRANT SELECT ON TABLES IN SCHEMA * TO webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - login_db: webmap - privs: SELECT - type: table - obj: ALL_IN_SCHEMA - schema: "{{ item }}" - role: webmap_guest - with_items: "{{ ['public'] + (postgis_schemas | map(attribute='name')) }}" - -- name: GRANT USAGE, SELECT ON SEQUENCES IN SCHEMA * TO webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - login_db: webmap - privs: USAGE,SELECT - type: sequence - obj: ALL_IN_SCHEMA - schema: "{{ item }}" - role: webmap_guest - with_items: "{{ ['public'] + (postgis_schemas | map(attribute='name')) }}" - -- name: Copy /usr/local/share/webmap/import.py - copy: src=webmap-tools/webmap-import - dest=/usr/local/share/webmap/import.py - owner=root group=root - mode=0755 - -- name: Create /usr/local/bin/webmap-import - file: src=../share/webmap/import.py - dest=/usr/local/bin/webmap-import - owner=root group=root - state=link force=yes - -- name: Copy webmap-import@.service - copy: src=etc/systemd/system/webmap-import@.service - dest=/etc/systemd/system/webmap-import@.service - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Enable webmap-import@.service - service: name=webmap-import@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups }}" - -- name: Copy webmap-raster@.service - copy: src=etc/systemd/system/webmap-raster@.service - dest=/etc/systemd/system/webmap-raster@.service - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Enable webmap-raster@.service - service: name=webmap-raster@{{ item }}.service enabled=true - with_items: "{{ webmap_raster }}" - +- name: Install brotli + apt: pkg=brotli - name: Build administrative-codes.json* become: false @@ -391,24 +29,15 @@ - name: Create directory /var/www/webmap/tiles file: path=/var/www/webmap/tiles state=directory - owner=_webmap group=root + owner=_geodata group=root mode=0755 - name: Create directory /var/www/webmap/raster file: path=/var/www/webmap/raster state=directory - owner=_webmap group=root + owner=_geodata group=root mode=0755 - -- name: Copy /etc/tmpfiles.d/webmap.conf - copy: src=etc/tmpfiles.d/webmap.conf - dest=/etc/tmpfiles.d/webmap.conf - owner=root group=root - mode=0644 - notify: - - systemd-tmpfiles --create - - meta: flush_handlers |