diff options
Diffstat (limited to 'tasks')
| -rw-r--r-- | tasks/apt.yml | 9 | ||||
| -rw-r--r-- | tasks/firewall.yml | 2 | ||||
| -rw-r--r-- | tasks/geodata.yml | 211 | ||||
| -rw-r--r-- | tasks/mail.yml | 8 | ||||
| -rw-r--r-- | tasks/network.yml | 2 | ||||
| -rw-r--r-- | tasks/postgis.yml | 158 | ||||
| -rw-r--r-- | tasks/ssh.yml | 2 | ||||
| -rw-r--r-- | tasks/webmap.yml | 379 |
8 files changed, 431 insertions, 340 deletions
diff --git a/tasks/apt.yml b/tasks/apt.yml index 1023908..f17a2e4 100644 --- a/tasks/apt.yml +++ b/tasks/apt.yml @@ -5,8 +5,13 @@ - apt - lsb-release -- name: Remove /etc/apt/sources.list - file: path=/etc/apt/sources.list state=absent +# something keeps recreating (without content) it if we delete it, so we +# leave it instead but ensure it's empty instead +- name: Create empty /etc/apt/sources.list + copy: content="" + dest=/etc/apt/sources.list + owner=root group=root + mode=0644 notify: - apt-get update diff --git a/tasks/firewall.yml b/tasks/firewall.yml index fa46ade..a4a7fee 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -3,7 +3,7 @@ - name: Configure nftables copy: src=etc/nftables.conf - dest=/etc/nftables + dest=/etc/nftables.conf owner=root group=root mode=0644 notify: diff --git a/tasks/geodata.yml b/tasks/geodata.yml new file mode 100644 index 0000000..fcf3471 --- /dev/null +++ b/tasks/geodata.yml @@ -0,0 +1,211 @@ +- name: Install gdal-bin + apt: pkg=gdal-bin install-recommends=true + +- name: Install unzip + apt: pkg=unzip + +- name: Install python dependencies + apt: pkg={{ packages }} + vars: + packages: + - python3 + - python3-brotli + - python3-gdal + - python3-requests + - python3-systemd + - python3-tqdm + - python3-urllib3 + - python3-xdg + - python3-yaml + +- name: Create directory /etc/geodata + file: path=/etc/geodata + state=directory + owner=root group=root + mode=0755 + +- name: Copy /etc/geodata/config.yml + copy: src=webmap-tools/config.yml + dest=/etc/geodata/config.yml + owner=root group=root + mode=0644 + +- name: Create directory /usr/local/share/geodata + file: path=/usr/local/share/geodata + state=directory + owner=root group=root + mode=0755 + +- name: Copy /usr/local/share/geodata/*.py modules + copy: src=webmap-tools/{{ item }} + dest=/usr/local/share/geodata/{{ item }} + owner=root group=root + mode=0644 + with_items: + # TODO these should be compiled + - common.py + - common_gdal.py + - import_source.py + - export_mvt.py + - export_raster.py + - rename_exchange.py + +- name: Copy geodata-update@.target + copy: src=etc/systemd/system/geodata-update@.target + dest=/etc/systemd/system/geodata-update@.target + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Copy geodata-update@.timer + copy: src=etc/systemd/system/geodata-update@.timer + dest=/etc/systemd/system/geodata-update@.timer + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Create directory /etc/systemd/system/geodata-update@*.timer.d + file: path=/etc/systemd/system/geodata-update@{{ item }}.timer.d + state=directory + owner=root group=root + mode=0755 + with_items: "{{ geodata_layer_groups_update_calendar.keys() | list }}" + +- name: Copy /etc/systemd/system/geodata-update@*.timer.d/override.conf + template: src=etc/systemd/system/geodata-update@.timer.d/override.conf.j2 + dest=/etc/systemd/system/geodata-update@{{ item }}.timer.d/override.conf + owner=root group=root + mode=0644 + with_items: "{{ geodata_layer_groups_update_calendar.keys() | list }}" + notify: + - systemctl daemon-reload + +- name: Enable geodata-update.timer + service: name=geodata-update@{{ item }}.timer state=started enabled=true + with_items: "{{ geodata_layer_groups | union(geodata_raster) }}" + +- meta: flush_handlers + + +- name: Create system group '_geodata' + group: name=_geodata system=true + state=present + +- name: Create system user '_geodata-download' + user: name=_geodata-download system=true + group=_geodata + createhome=false + home=/nonexistent + shell=/usr/sbin/nologin + comment="geodata update (download)" + password="!" + state=present + +- name: Copy /usr/local/share/geodata/download.py + copy: src=webmap-tools/geodata-download + dest=/usr/local/share/geodata/download.py + owner=root group=root + mode=0755 + +- name: Create /usr/local/bin/geodata-download + file: src=../share/geodata/download.py + dest=/usr/local/bin/geodata-download + owner=root group=root + state=link force=yes + +- name: Create directory /var/cache/geodata + file: path=/var/cache/geodata + state=directory + owner=_geodata-download group=root + mode=0755 + +- name: Create directory /var/cache/geodata/custom + file: path=/var/cache/geodata/custom + state=directory + owner=root group=root + mode=0755 + +- name: Copy custom layers into /var/cache/geodata/custom + copy: src=webmap-tools/layers/custom/ + dest=/var/cache/geodata/custom/ + owner=root group=root + mode=0644 + directory_mode=0755 + +- name: Copy geodata-download@.service + copy: src=etc/systemd/system/geodata-download@.service + dest=/etc/systemd/system/geodata-download@.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Enable geodata-download@.service + service: name=geodata-download@{{ item }}.service enabled=true + with_items: "{{ geodata_layer_groups | union(geodata_raster) | difference(geodata_layer_groups_nodownload) }}" + +- name: Disable some geodata-download@.service + service: name=geodata-download@{{ item }}.service enabled=false + with_items: "{{ geodata_layer_groups_nodownload }}" + +- meta: flush_handlers + + +- name: Copy /etc/tmpfiles.d/geodata.conf + copy: src=etc/tmpfiles.d/geodata.conf + dest=/etc/tmpfiles.d/geodata.conf + owner=root group=root + mode=0644 + notify: + - systemd-tmpfiles --create + +- meta: flush_handlers + + +- name: Create system user '_geodata' + user: name=_geodata system=true + group=_geodata + createhome=false + home=/nonexistent + shell=/usr/sbin/nologin + comment="geodata update (extract/import)" + password="!" + state=present + +- name: Copy /usr/local/share/geodata/import.py + copy: src=webmap-tools/geodata-import + dest=/usr/local/share/geodata/import.py + owner=root group=root + mode=0755 + +- name: Create /usr/local/bin/geodata-import + file: src=../share/geodata/import.py + dest=/usr/local/bin/geodata-import + owner=root group=root + state=link force=yes + +- name: Copy geodata-import@.service + copy: src=etc/systemd/system/geodata-import@.service + dest=/etc/systemd/system/geodata-import@.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Enable geodata-import@.service + service: name=geodata-import@{{ item }}.service enabled=true + with_items: "{{ geodata_layer_groups }}" + +- name: Copy geodata-raster@.service + copy: src=etc/systemd/system/geodata-raster@.service + dest=/etc/systemd/system/geodata-raster@.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + +- name: Enable geodata-raster@.service + service: name=geodata-raster@{{ item }}.service enabled=true + with_items: "{{ geodata_raster }}" diff --git a/tasks/mail.yml b/tasks/mail.yml index 8f58c8a..9c5ef5e 100644 --- a/tasks/mail.yml +++ b/tasks/mail.yml @@ -6,10 +6,10 @@ regexp='^{{ item.src }}{{':'}} ' line='{{ item.src }}{{':'}} {{ item.dst }}' with_items: - - { src: mailer-daemon, dst: 'postmaster' } - - { src: postmaster, dst: 'root' } - - { src: nobody, dst: 'root' } - - { src: root, dst: 'hostmaster@{{ ansible_domain }}' } + - { src: mailer-daemon, dst: 'postmaster' } + - { src: postmaster, dst: 'root' } + - { src: nobody, dst: 'root' } + - { src: root, dst: 'hostmaster@{{ ansible_facts.domain }}' } notify: - Run newaliases diff --git a/tasks/network.yml b/tasks/network.yml index 1551f82..5c1af1a 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -18,6 +18,7 @@ - ifupdown - isc-dhcp-client - isc-dhcp-common + - dhcpcd-base - name: Remove /etc/network/interfaces and /etc/network/interfaces.d file: path={{ item }} state=absent @@ -32,6 +33,7 @@ packages: - systemd-resolved - libnss-resolve + - libnss-myhostname - name: Create directory /etc/systemd/resolved.conf.d file: path=/etc/systemd/resolved.conf.d diff --git a/tasks/postgis.yml b/tasks/postgis.yml new file mode 100644 index 0000000..3e156a9 --- /dev/null +++ b/tasks/postgis.yml @@ -0,0 +1,158 @@ +- name: Install PostgreSQL and PostGIS + apt: pkg={{ packages }} + vars: + packages: + - postgresql + - postgresql-postgis + - postgis + # for ansible + - python3-psycopg + +- name: Generate sv_SE.UTF-8 locales + locale_gen: name=sv_SE.UTF-8 state=present + # PostgreSQL needs to be restarted to see the new locale + notify: Restart PostgreSQL + +- name: Configure PostgreSQL + copy: src=etc/postgresql/postgresql.conf + dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf + owner=postgres group=postgres + mode=0644 + notify: Restart PostgreSQL + +- name: Start PostgreSQL + service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started + +- meta: flush_handlers + +# Usage: \sudo -u postgres psql </usr/local/share/geodata/schema.sql +- name: Copy /usr/local/share/geodata/schema.sql + copy: src=webmap-tools/schema.sql + dest=/usr/local/share/geodata/schema.sql + owner=root group=root + mode=0644 + +- name: Create PostgreSQL database + become: true + # XXX: this creates /var/lib/postgresql/.ansible/tmp + become_user: postgres + community.postgresql.postgresql_db: + name: geodata + comment: Backend PostGIS database for KlimatanalysNorr tooling + encoding: UTF-8 + lc_collate: sv_SE.UTF-8 + lc_ctype: sv_SE.UTF-8 + locale_provider: icu + icu_locale: sv-SE-x-icu + template: template0 + owner: postgres + +- name: Create 'geodata' and 'guest' PostgreSQL users (roles) + become: true + become_user: postgres + community.postgresql.postgresql_user: + login_db: geodata + name: "{{ item }}" + with_items: + - geodata + - guest + +- name: Add a rule for 'geodata' user in pg_hba.conf + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_hba.conf + regexp: '^local\s+geodata\s' + line: 'local geodata all peer map=pgmap_geodata' + # must come before 'local all all peer', cf. + # https://dba.stackexchange.com/questions/177142/postgresql-cannot-peer-authenticate-using-usermap-provided-user-name-dbuser + insertbefore: '^local\s+all\s+all\s' + create: false + notify: Reload PostgreSQL + +- name: Add a mapping rule for 'geodata' user in pg_ident.conf + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf + regexp: '^pgmap_geodata\s.*\sgeodata\s*$' + line: 'pgmap_geodata _geodata geodata' + create: false + notify: Reload PostgreSQL + +- name: Add a mapping rule for 'guest' user in pg_ident.conf + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf + regexp: '^pgmap_geodata\s.*\sguest\s*$' + line: 'pgmap_geodata /^_?[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$ guest' + create: false + notify: Reload PostgreSQL + +- name: Create PostgreSQL schemas + become: true + become_user: postgres + community.postgresql.postgresql_schema: + login_db: geodata + name: "{{ item.name }}" + owner: postgres + comment: "{{ item.comment }}" + with_items: "{{ postgis_schemas }}" + +- name: Install 'postgis' PostgreSQL extension to the geodata database + become: true + become_user: postgres + community.postgresql.postgresql_ext: + name: postgis + login_db: geodata + comment: Geographic objects support for PostgreSQL + +- name: GRANT CONNECT ON DATABASE geodata TO geodata, guest + become: true + become_user: postgres + community.postgresql.postgresql_privs: + login_db: geodata + privs: CONNECT + type: database + role: geodata,guest + +- name: GRANT USAGE ON SCHEMA * TO geodata, guest + become: true + become_user: postgres + community.postgresql.postgresql_privs: + login_db: geodata + privs: USAGE + type: schema + objs: "{{ (['public'] + (postgis_schemas | map(attribute='name'))) | join(',') }}" + role: geodata,guest + +# tooling should TRUNCATE existing output layers instead +- name: REVOKE CREATE ON SCHEMA * FROM geodata + become: true + become_user: postgres + community.postgresql.postgresql_privs: + login_db: geodata + privs: CREATE + type: schema + objs: "{{ (['public'] + (postgis_schemas | map(attribute='name'))) | join(',') }}" + role: geodata + state: absent + +- name: GRANT SELECT ON TABLES IN SCHEMA * TO guest + become: true + become_user: postgres + community.postgresql.postgresql_privs: + login_db: geodata + privs: SELECT + type: table + obj: ALL_IN_SCHEMA + schema: "{{ item }}" + role: guest + with_items: "{{ ['public'] + (postgis_schemas | map(attribute='name')) }}" + +- name: GRANT USAGE, SELECT ON SEQUENCES IN SCHEMA * TO guest + become: true + become_user: postgres + community.postgresql.postgresql_privs: + login_db: geodata + privs: USAGE,SELECT + type: sequence + obj: ALL_IN_SCHEMA + schema: "{{ item }}" + role: guest + with_items: "{{ ['public'] + (postgis_schemas | map(attribute='name')) }}" diff --git a/tasks/ssh.yml b/tasks/ssh.yml index 341a96d..e568036 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -16,5 +16,5 @@ notify: - Restart OpenSSH -- name: Start Openssh +- name: Start OpenSSH service: name=ssh enabled=true state=started diff --git a/tasks/webmap.yml b/tasks/webmap.yml index 9e2c2f6..682e785 100644 --- a/tasks/webmap.yml +++ b/tasks/webmap.yml @@ -1,368 +1,83 @@ -- name: Install gdal-bin - apt: pkg=gdal-bin install-recommends=true +- name: Install brotli + apt: pkg=brotli -- name: Install unzip and brotli - apt: pkg={{ packages }} - vars: - packages: - - unzip - - brotli - -- name: Install python dependencies - apt: pkg={{ packages }} - vars: - packages: - - python3 - - python3-brotli - - python3-gdal - - python3-lxml - - python3-requests - - python3-systemd - - python3-tqdm - - python3-urllib3 - - python3-xdg - - python3-yaml - -- name: Create directory /etc/webmap - file: path=/etc/webmap - state=directory - owner=root group=root - mode=0755 - -- name: Copy /etc/webmap/config.yml - copy: src=webmap-tools/config.yml - dest=/etc/webmap/config.yml - owner=root group=root - mode=0644 +- name: Build administrative-codes.json* + become: false + delegate_to: localhost + community.general.make: + chdir: ./webmap-tools/administrative-codes + target: all -- name: Create directory /usr/local/share/webmap - file: path=/usr/local/share/webmap +- name: Create directory /var/www/webmap/data + file: path=/var/www/webmap/data state=directory owner=root group=root mode=0755 -- name: Copy /usr/local/share/webmap/common.py - copy: src=webmap-tools/common.py - dest=/usr/local/share/webmap/common.py - owner=root group=root - mode=0644 - -- name: Copy webmap-update@.target - copy: src=etc/systemd/system/webmap-update@.target - dest=/etc/systemd/system/webmap-update@.target - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Copy webmap-update@.timer - copy: src=etc/systemd/system/webmap-update@.timer - dest=/etc/systemd/system/webmap-update@.timer +- name: Copy /var/www/webmap/data/administrative-codes.json* + copy: src=./webmap-tools/administrative-codes/{{ item }} + dest=/var/www/webmap/data/{{ item }} owner=root group=root mode=0644 - notify: - - systemctl daemon-reload - -- name: Enable webmap-update.timer - service: name=webmap-update@{{ item }}.timer state=started enabled=true - with_items: "{{ webmap_layer_groups }}" + with_items: + - administrative-codes.json + - administrative-codes.json.br - meta: flush_handlers -- name: Create system group '_webmap' - group: name=_webmap system=true - state=present - -- name: Create system user '_webmap-download' - user: name=_webmap-download system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (download)" - password="!" - state=present - -- name: Copy /usr/local/share/webmap/download.py - copy: src=webmap-tools/webmap-download - dest=/usr/local/share/webmap/download.py - owner=root group=root +- name: Create directory /var/www/webmap/tiles + file: path=/var/www/webmap/tiles + state=directory + owner=_geodata group=root mode=0755 -- name: Create /usr/local/bin/webmap-download - file: src=../share/webmap/download.py - dest=/usr/local/bin/webmap-download - owner=root group=root - state=link force=yes - -- name: Copy /usr/local/share/webmap/webmap-download-mrr.py - copy: src=webmap-tools/webmap-download-mrr.py - dest=/usr/local/share/webmap/webmap-download-mrr.py - owner=root group=root - mode=0644 - -- name: Create directory /var/cache/webmap - file: path=/var/cache/webmap +- name: Create directory /var/www/webmap/raster + file: path=/var/www/webmap/raster state=directory - owner=_webmap-download group=root + owner=_geodata group=root mode=0755 -- name: Copy webmap-download@.service - copy: src=etc/systemd/system/webmap-download@.service - dest=/etc/systemd/system/webmap-download@.service - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - -- name: Enable webmap-download@.service - service: name=webmap-download@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups }}" - - meta: flush_handlers -- name: Create system user '_webmap-import' - user: name=_webmap-import system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (extract/import)" - password="!" - state=present - -- name: Install PostgreSQL and PostGIS +- name: Install Python/WSGI dependencies apt: pkg={{ packages }} vars: packages: - - postgresql - - postgresql-postgis - - postgis - # for ansible - - python3-psycopg + - uwsgi-core + - uwsgi-plugin-python3 + - python3-psycopg-c -- name: Generate sv_SE.UTF-8 locales - locale_gen: name=sv_SE.UTF-8 state=present - # PostgreSQL needs to be restarted to see the new locale - notify: Restart PostgreSQL - -- name: Start PostgreSQL - service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started - -- meta: flush_handlers - -# Usage: \sudo -u postgres psql </usr/local/share/webmap/schema.sql -- name: Copy /usr/local/share/webmap/schema.sql - copy: src=webmap-tools/schema.sql - dest=/usr/local/share/webmap/schema.sql - owner=root group=root - mode=0644 - -- name: Create PostgreSQL database - become: true - # XXX: this creates /var/lib/postgresql/.ansible/tmp - become_user: postgres - community.postgresql.postgresql_db: - name: webmap - comment: Backend PostGIS database for KlimatanalysNorr tooling - encoding: UTF-8 - lc_collate: sv_SE.UTF-8 - lc_ctype: sv_SE.UTF-8 - locale_provider: icu - icu_locale: sv-SE-x-icu - template: template0 - owner: postgres - -- name: Create 'webmap_import' and 'webmap_guest' PostgreSQL users (roles) - become: true - become_user: postgres - community.postgresql.postgresql_user: - db: webmap - name: "{{ item }}" - with_items: - - webmap_import - - webmap_guest - -- name: Add a rule for 'webmap_import' user in pg_hba.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_hba.conf - regexp: '^local\s+webmap\s' - line: 'local webmap all peer map=pgmap_webmap' - # must come before 'local all all peer', cf. - # https://dba.stackexchange.com/questions/177142/postgresql-cannot-peer-authenticate-using-usermap-provided-user-name-dbuser - insertbefore: '^local\s+all\s+all\s' - create: false - notify: Reload PostgreSQL - -- name: Add a mapping rule for 'webmap_import' user in pg_ident.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf - regexp: '^pgmap_webmap\s.*\swebmap_import\s*$' - line: 'pgmap_webmap _webmap-import webmap_import' - create: false - notify: Reload PostgreSQL - -- name: Add a mapping rule for 'webmap_guest' user in pg_ident.conf - ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf - regexp: '^pgmap_webmap\s.*\swebmap_guest\s*$' - line: 'pgmap_webmap /^_?[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$ webmap_guest' - create: false - notify: Reload PostgreSQL - -- name: Create 'postgis' PostgreSQL schema - become: true - become_user: postgres - community.postgresql.postgresql_schema: - name: postgis - db: webmap - owner: postgres - -- name: Install 'postgis' PostgreSQL extension to the webmap database in the postgis schema - become: true - become_user: postgres - community.postgresql.postgresql_ext: - name: postgis - db: webmap - schema: postgis - comment: Geographic objects support for PostgreSQL - -- name: GRANT CONNECT ON DATABASE webmap TO webmap_import, webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - database: webmap - privs: CONNECT - type: database - role: webmap_import,webmap_guest - -- name: GRANT USAGE ON SCHEMA postgis TO webmap_import, webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - database: webmap - privs: USAGE - type: schema - obj: postgis - role: webmap_import,webmap_guest - -# webmap-import should TRUNCATE existing output layers -- name: REVOKE CREATE ON SCHEMA postgis FROM webmap_import - become: true - become_user: postgres - community.postgresql.postgresql_privs: - database: webmap - privs: CREATE - type: schema - obj: postgis - role: webmap_import - state: absent - -- name: GRANT SELECT ON TABLES IN SCHEMA postgis TO webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - database: webmap - privs: SELECT - type: table - obj: ALL_IN_SCHEMA - schema: postgis - role: webmap_guest - -- name: GRANT USAGE, SELECT ON SEQUENCES IN SCHEMA postgis TO webmap_guest - become: true - become_user: postgres - community.postgresql.postgresql_privs: - database: webmap - privs: USAGE,SELECT - type: sequence - obj: ALL_IN_SCHEMA - schema: postgis - role: webmap_guest - -- name: Copy /usr/local/share/webmap/import.py - copy: src=webmap-tools/webmap-import - dest=/usr/local/share/webmap/import.py - owner=root group=root - mode=0755 - -- name: Create /usr/local/bin/webmap-import - file: src=../share/webmap/import.py - dest=/usr/local/bin/webmap-import - owner=root group=root - state=link force=yes - -- name: Copy webmap-import@.service - copy: src=etc/systemd/system/webmap-import@.service - dest=/etc/systemd/system/webmap-import@.service +- name: Copy webmap-cgi.socket + copy: src=etc/systemd/system/webmap-cgi.socket + dest=/etc/systemd/system/webmap-cgi.socket owner=root group=root mode=0644 notify: - systemctl daemon-reload -- name: Enable webmap-import@.service - service: name=webmap-import@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups }}" - -- name: Build administrative-codes.json* - become: false - local_action: - module: community.general.make - chdir: ./webmap-tools/administrative-codes - target: all - -- meta: flush_handlers - - -- name: Create system user '_webmap-publish' - user: name=_webmap-publish system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (publication as MVT)" - password="!" - state=present - -- name: Copy /usr/local/share/webmap/publish.py - copy: src=webmap-tools/webmap-publish - dest=/usr/local/share/webmap/publish.py - owner=root group=root - mode=0755 - -- name: Create /usr/local/bin/webmap-publish - file: src=../share/webmap/publish.py - dest=/usr/local/bin/webmap-publish - owner=root group=root - state=link force=yes - -- name: Create directory /var/www/webmap/tiles - file: path=/var/www/webmap/tiles - state=directory - owner=_webmap-publish group=root - mode=0755 - -- name: Copy webmap-publish@.service - copy: src=etc/systemd/system/webmap-publish@.service - dest=/etc/systemd/system/webmap-publish@.service - owner=root group=root - mode=0644 +- name: Copy webmap-cgi.service + template: src=etc/systemd/system/webmap-cgi.service + dest=/etc/systemd/system/webmap-cgi.service + owner=root group=root + mode=0644 notify: - systemctl daemon-reload + - Stop webmap-cgi.service -#- name: Enable webmap-publish@.service -# service: name=webmap-publish@{{ item }}.service enabled=true -# with_items: "{{ webmap_layer_groups }}" - - -- name: Copy /etc/tmpfiles.d/webmap.conf - copy: src=etc/tmpfiles.d/webmap.conf - dest=/etc/tmpfiles.d/webmap.conf +- name: Copy /usr/local/libexec/webmap-cgi + copy: src=./webmap-tools/webmap-cgi + dest=/usr/local/libexec/webmap-cgi owner=root group=root - mode=0644 + mode=0755 notify: - - systemd-tmpfiles --create + - Stop webmap-cgi.service - meta: flush_handlers + +- name: Enable webmap-cgi.socket + service: name=webmap-cgi.socket state=started enabled=true + +- name: Disable webmap-cgi.service + service: name=webmap-cgi.service enabled=false |