Add support for Debian (9+) and Ubuntu (16.04+)

This commit is contained in:
Slavi Pantaleev 2017-09-11 23:24:05 +03:00
parent 13ab9eb238
commit ded7c274f6
6 changed files with 49 additions and 4 deletions

View File

@ -31,6 +31,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
- this one **can be re-ran many times** without causing trouble - this one **can be re-ran many times** without causing trouble
- works on both **CentOS** (7.0+) and Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+)
- this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable - this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you - this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
@ -50,7 +52,7 @@ Special thanks goes to:
## Prerequisites ## Prerequisites
- **CentOS server** with no services running on port 80/443 (making this run on non-CentOS servers should be possible in the future) - **CentOS** (7.0+), **Debian** (9/Stretch+) or **Ubuntu** (16.04+) server with no services running on port 80/443
- the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you - the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you

View File

@ -17,7 +17,7 @@
key: https://download.docker.com/linux/centos/gpg key: https://download.docker.com/linux/centos/gpg
when: ansible_distribution == 'CentOS' when: ansible_distribution == 'CentOS'
- name: Ensure yum packages are installed (base) - name: Ensure yum packages are installed (CentOS)
yum: name="{{ item }}" state=latest update_cache=yes yum: name="{{ item }}" state=latest update_cache=yes
with_items: with_items:
- bash-completion - bash-completion
@ -27,14 +27,54 @@
- ntp - ntp
when: ansible_distribution == 'CentOS' when: ansible_distribution == 'CentOS'
- name: Ensure APT usage dependencies are installed (Debian)
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
when: ansible_os_family == 'Debian'
- name: Ensure Docker's APT key is trusted (Debian)
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: true
when: ansible_os_family == 'Debian'
- name: Ensure Docker repository is enabled (Debian)
apt_repository:
repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: ansible_os_family == 'Debian'
- name: Ensure APT packages are installed (Debian)
apt: name="{{ item }}" state=latest update_cache=yes
with_items:
- bash-completion
- docker-ce
- python-docker
- ntp
when: ansible_os_family == 'Debian'
- name: Ensure firewalld is started and autoruns - name: Ensure firewalld is started and autoruns
service: name=firewalld state=started enabled=yes service: name=firewalld state=started enabled=yes
when: ansible_os_family == 'RedHat'
- name: Ensure Docker is started and autoruns - name: Ensure Docker is started and autoruns
service: name=docker state=started enabled=yes service: name=docker state=started enabled=yes
- name: Ensure ntpd is started and autoruns - name: Ensure ntpd is started and autoruns
service: name=ntpd state=started enabled=yes service:
name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}"
state: started
enabled: yes
- name: Ensure SELinux disabled - name: Ensure SELinux disabled
selinux: state=disabled selinux: state=disabled
when: ansible_os_family == 'RedHat'

View File

@ -33,6 +33,7 @@
with_items: with_items:
- "http" - "http"
- "https" - "https"
when: ansible_os_family == 'RedHat'
- name: Ensure matrix-nginx-proxy.service installed - name: Ensure matrix-nginx-proxy.service installed
template: template:

View File

@ -9,6 +9,7 @@
with_items: with_items:
- http - http
- https - https
when: ansible_os_family == 'RedHat'
- name: Ensure acmetool Docker image is pulled - name: Ensure acmetool Docker image is pulled
docker_image: docker_image:

View File

@ -136,6 +136,7 @@
- '3478/tcp' # STUN - '3478/tcp' # STUN
- '3478/udp' # STUN - '3478/udp' # STUN
- "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
when: ansible_os_family == 'RedHat'
- name: Ensure matrix-synapse.service installed - name: Ensure matrix-synapse.service installed
template: template:

View File

@ -15,7 +15,7 @@ Requires=matrix-s3fs.service
Type=simple Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-synapse ExecStartPre=-/usr/bin/docker kill matrix-synapse
ExecStartPre=-/usr/bin/docker rm matrix-synapse ExecStartPre=-/usr/bin/docker rm matrix-synapse
ExecStartPre=-/usr/bin/chown {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
{% if not matrix_postgres_use_external %} {% if not matrix_postgres_use_external %}
--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \ --link matrix-postgres:{{ matrix_postgres_connection_hostname }} \