diff options
Diffstat (limited to 'tasks')
| -rw-r--r-- | tasks/apt.yml | 9 | ||||
| -rw-r--r-- | tasks/network.yml | 1 | ||||
| -rw-r--r-- | tasks/webmap.yml | 173 |
3 files changed, 127 insertions, 56 deletions
diff --git a/tasks/apt.yml b/tasks/apt.yml index 1023908..f17a2e4 100644 --- a/tasks/apt.yml +++ b/tasks/apt.yml @@ -5,8 +5,13 @@ - apt - lsb-release -- name: Remove /etc/apt/sources.list - file: path=/etc/apt/sources.list state=absent +# something keeps recreating (without content) it if we delete it, so we +# leave it instead but ensure it's empty instead +- name: Create empty /etc/apt/sources.list + copy: content="" + dest=/etc/apt/sources.list + owner=root group=root + mode=0644 notify: - apt-get update diff --git a/tasks/network.yml b/tasks/network.yml index 1551f82..a02b07c 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -32,6 +32,7 @@ packages: - systemd-resolved - libnss-resolve + - libnss-myhostname - name: Create directory /etc/systemd/resolved.conf.d file: path=/etc/systemd/resolved.conf.d diff --git a/tasks/webmap.yml b/tasks/webmap.yml index 9e2c2f6..de320d4 100644 --- a/tasks/webmap.yml +++ b/tasks/webmap.yml @@ -15,7 +15,6 @@ - python3 - python3-brotli - python3-gdal - - python3-lxml - python3-requests - python3-systemd - python3-tqdm @@ -41,11 +40,18 @@ owner=root group=root mode=0755 -- name: Copy /usr/local/share/webmap/common.py - copy: src=webmap-tools/common.py - dest=/usr/local/share/webmap/common.py +- name: Copy /usr/local/share/webmap/*.py modules + copy: src=webmap-tools/{{ item }} + dest=/usr/local/share/webmap/{{ item }} owner=root group=root mode=0644 + with_items: + # TODO these should be compiled + - common.py + - common_gdal.py + - import_source.py + - export_mvt.py + - rename_exchange.py - name: Copy webmap-update@.target copy: src=etc/systemd/system/webmap-update@.target @@ -63,6 +69,22 @@ notify: - systemctl daemon-reload +- name: Create directory /etc/systemd/system/webmap-update@*.timer.d + file: path=/etc/systemd/system/webmap-update@{{ item }}.timer.d + state=directory + owner=root group=root + mode=0755 + with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}" + +- name: Copy /etc/systemd/system/webmap-update@*.timer.d/override.conf + template: src=etc/systemd/system/webmap-update@.timer.d/override.conf.j2 + dest=/etc/systemd/system/webmap-update@{{ item }}.timer.d/override.conf + owner=root group=root + mode=0644 + with_items: "{{ webmap_layer_groups_update_calendar.keys() | list }}" + notify: + - systemctl daemon-reload + - name: Enable webmap-update.timer service: name=webmap-update@{{ item }}.timer state=started enabled=true with_items: "{{ webmap_layer_groups }}" @@ -96,18 +118,25 @@ owner=root group=root state=link force=yes -- name: Copy /usr/local/share/webmap/webmap-download-mrr.py - copy: src=webmap-tools/webmap-download-mrr.py - dest=/usr/local/share/webmap/webmap-download-mrr.py - owner=root group=root - mode=0644 - - name: Create directory /var/cache/webmap file: path=/var/cache/webmap state=directory owner=_webmap-download group=root mode=0755 +- name: Create directory /var/cache/webmap/custom + file: path=/var/cache/webmap/custom + state=directory + owner=root group=root + mode=0755 + +- name: Copy custom layers into /var/cache/webmap/custom + copy: src=webmap-tools/layers/custom/ + dest=/var/cache/webmap/custom/ + owner=root group=root + mode=0644 + directory_mode=0755 + - name: Copy webmap-download@.service copy: src=etc/systemd/system/webmap-download@.service dest=/etc/systemd/system/webmap-download@.service @@ -118,13 +147,17 @@ - name: Enable webmap-download@.service service: name=webmap-download@{{ item }}.service enabled=true - with_items: "{{ webmap_layer_groups }}" + with_items: "{{ webmap_layer_groups | difference(webmap_layer_groups_nodownload) }}" + +- name: Disable some webmap-download@.service + service: name=webmap-download@{{ item }}.service enabled=false + with_items: "{{ webmap_layer_groups_nodownload }}" - meta: flush_handlers -- name: Create system user '_webmap-import' - user: name=_webmap-import system=true +- name: Create system user '_webmap' + user: name=_webmap system=true group=_webmap createhome=false home=/nonexistent @@ -148,6 +181,13 @@ # PostgreSQL needs to be restarted to see the new locale notify: Restart PostgreSQL +- name: Configure PostgreSQL + copy: src=etc/postgresql/postgresql.conf + dest=/etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/conf.d/local.conf + owner=postgres group=postgres + mode=0644 + notify: Restart PostgreSQL + - name: Start PostgreSQL service: name=postgresql@{{ postgresql.version }}-{{ postgresql.cluster }}.service state=started @@ -179,7 +219,7 @@ become: true become_user: postgres community.postgresql.postgresql_user: - db: webmap + login_db: webmap name: "{{ item }}" with_items: - webmap_import @@ -200,7 +240,7 @@ ansible.builtin.lineinfile: path: /etc/postgresql/{{ postgresql.version }}/{{ postgresql.cluster }}/pg_ident.conf regexp: '^pgmap_webmap\s.*\swebmap_import\s*$' - line: 'pgmap_webmap _webmap-import webmap_import' + line: 'pgmap_webmap _webmap webmap_import' create: false notify: Reload PostgreSQL @@ -217,7 +257,7 @@ become_user: postgres community.postgresql.postgresql_schema: name: postgis - db: webmap + login_db: webmap owner: postgres - name: Install 'postgis' PostgreSQL extension to the webmap database in the postgis schema @@ -225,7 +265,7 @@ become_user: postgres community.postgresql.postgresql_ext: name: postgis - db: webmap + login_db: webmap schema: postgis comment: Geographic objects support for PostgreSQL @@ -233,7 +273,7 @@ become: true become_user: postgres community.postgresql.postgresql_privs: - database: webmap + login_db: webmap privs: CONNECT type: database role: webmap_import,webmap_guest @@ -242,7 +282,7 @@ become: true become_user: postgres community.postgresql.postgresql_privs: - database: webmap + login_db: webmap privs: USAGE type: schema obj: postgis @@ -253,7 +293,7 @@ become: true become_user: postgres community.postgresql.postgresql_privs: - database: webmap + login_db: webmap privs: CREATE type: schema obj: postgis @@ -264,7 +304,7 @@ become: true become_user: postgres community.postgresql.postgresql_privs: - database: webmap + login_db: webmap privs: SELECT type: table obj: ALL_IN_SCHEMA @@ -275,7 +315,7 @@ become: true become_user: postgres community.postgresql.postgresql_privs: - database: webmap + login_db: webmap privs: USAGE,SELECT type: sequence obj: ALL_IN_SCHEMA @@ -306,6 +346,7 @@ service: name=webmap-import@{{ item }}.service enabled=true with_items: "{{ webmap_layer_groups }}" + - name: Build administrative-codes.json* become: false local_action: @@ -313,56 +354,80 @@ chdir: ./webmap-tools/administrative-codes target: all -- meta: flush_handlers - - -- name: Create system user '_webmap-publish' - user: name=_webmap-publish system=true - group=_webmap - createhome=false - home=/nonexistent - shell=/usr/sbin/nologin - comment="Webmap update (publication as MVT)" - password="!" - state=present - -- name: Copy /usr/local/share/webmap/publish.py - copy: src=webmap-tools/webmap-publish - dest=/usr/local/share/webmap/publish.py +- name: Create directory /var/www/webmap/data + file: path=/var/www/webmap/data + state=directory owner=root group=root mode=0755 -- name: Create /usr/local/bin/webmap-publish - file: src=../share/webmap/publish.py - dest=/usr/local/bin/webmap-publish +- name: Copy /var/www/webmap/data/administrative-codes.json* + copy: src=./webmap-tools/administrative-codes/{{ item }} + dest=/var/www/webmap/data/{{ item }} owner=root group=root - state=link force=yes + mode=0644 + with_items: + - administrative-codes.json + - administrative-codes.json.br + +- meta: flush_handlers + - name: Create directory /var/www/webmap/tiles file: path=/var/www/webmap/tiles state=directory - owner=_webmap-publish group=root + owner=_webmap group=root mode=0755 -- name: Copy webmap-publish@.service - copy: src=etc/systemd/system/webmap-publish@.service - dest=/etc/systemd/system/webmap-publish@.service + +- name: Copy /etc/tmpfiles.d/webmap.conf + copy: src=etc/tmpfiles.d/webmap.conf + dest=/etc/tmpfiles.d/webmap.conf owner=root group=root mode=0644 notify: - - systemctl daemon-reload + - systemd-tmpfiles --create -#- name: Enable webmap-publish@.service -# service: name=webmap-publish@{{ item }}.service enabled=true -# with_items: "{{ webmap_layer_groups }}" +- meta: flush_handlers -- name: Copy /etc/tmpfiles.d/webmap.conf - copy: src=etc/tmpfiles.d/webmap.conf - dest=/etc/tmpfiles.d/webmap.conf +- name: Install Python/WSGI dependencies + apt: pkg={{ packages }} + vars: + packages: + - uwsgi-core + - uwsgi-plugin-python3 + # TODO[trixie]: install python3-psycopg-c instead + - python3-psycopg + +- name: Copy webmap-cgi.socket + copy: src=etc/systemd/system/webmap-cgi.socket + dest=/etc/systemd/system/webmap-cgi.socket owner=root group=root mode=0644 notify: - - systemd-tmpfiles --create + - systemctl daemon-reload + +- name: Copy webmap-cgi.service + copy: src=etc/systemd/system/webmap-cgi.service + dest=/etc/systemd/system/webmap-cgi.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + - Stop webmap-cgi.service + +- name: Copy /usr/libexec/webmap-cgi + copy: src=./webmap-tools/webmap-cgi + dest=/usr/libexec/webmap-cgi + owner=root group=root + mode=0755 + notify: + - Stop webmap-cgi.service - meta: flush_handlers + +- name: Enable webmap-cgi.socket + service: name=webmap-cgi.socket state=started enabled=true + +- name: Disable webmap-cgi.service + service: name=webmap-cgi.service enabled=false |