From fbe22289bd4da6246cb2d00f002d03da25b6fa05 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Apr 2021 11:41:06 +0800 Subject: [PATCH] merge with upstream and testing branch --- docs/configuring-awx-system.md | 2 +- .../matrix-awx/surveys/backup_server.json.j2 | 2 +- .../surveys/configure_dimension.json.j2 | 30 +++++ .../surveys/configure_synapse.json.j2 | 24 ++-- roles/matrix-awx/tasks/backup_server.yml | 31 +++-- .../tasks/cache_matrix_variables.yml | 12 ++ .../tasks/customise_website_access_export.yml | 23 ++-- .../tasks/load_hosting_and_org_variables.yml | 1 + .../tasks/load_matrix_variables.yml | 14 ++- roles/matrix-awx/tasks/main.yml | 28 ++++- roles/matrix-awx/tasks/self_check.yml | 12 ++ .../tasks/set_variables_corporal.yml | 54 ++++----- .../tasks/set_variables_dimension.yml | 109 ++++++++++++++++++ .../tasks/set_variables_element.yml | 18 +-- .../matrix-awx/tasks/set_variables_jitsi.yml | 10 +- .../matrix-awx/tasks/set_variables_ma1sd.yml | 31 ++--- .../tasks/set_variables_synapse.yml | 54 ++++----- .../tasks/set_variables_synapse_admin.yml | 10 +- roles/matrix-common-after/tasks/awx_post.yml | 19 ++- 19 files changed, 333 insertions(+), 151 deletions(-) create mode 100644 roles/matrix-awx/surveys/configure_dimension.json.j2 create mode 100644 roles/matrix-awx/tasks/cache_matrix_variables.yml create mode 100644 roles/matrix-awx/tasks/set_variables_dimension.yml diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md index 2bc2699b3..f391a4574 100644 --- a/docs/configuring-awx-system.md +++ b/docs/configuring-awx-system.md @@ -19,7 +19,7 @@ The following repositories allow you to copy and use this setup: [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you. -[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. +[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers. [Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server. diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 index 232d1968d..9b9cddbd6 100644 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ b/roles/matrix-awx/surveys/backup_server.json.j2 @@ -5,7 +5,7 @@ { "question_name": "Enable Backup", "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": true, + "required": false, "min": null, "max": null, "default": "{{ matrix_awx_backup_enabled | string | lower }}", diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 new file mode 100644 index 000000000..3acbaaaff --- /dev/null +++ b/roles/matrix-awx/surveys/configure_dimension.json.j2 @@ -0,0 +1,30 @@ +{ + "name": "Configure Dimension", + "description": "", + "spec": [ + { + "question_name": "Enable Dimension", + "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", + "required": false, + "min": null, + "max": null, + "default": "{{ matrix_dimension_enabled | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_dimension_enabled", + "type": "multiplechoice" + }, + { + "question_name": "Dimension Users", + "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", + "required": false, + "min": 0, + "max": 65536, + "default": {{ ext_dimension_users_raw_final | to_json }}, + "choices": "", + "new_question": true, + "variable": "ext_dimension_users_raw", + "type": "textarea" + } + ] +} diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 index 8d3b5daf3..e3fca6a2a 100755 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ b/roles/matrix-awx/surveys/configure_synapse.json.j2 @@ -8,7 +8,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_enable_registration|string|lower }}", + "default": "{{ matrix_synapse_enable_registration | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_enable_registration", @@ -20,7 +20,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_federation_enabled|string|lower }}", + "default": "{{ matrix_synapse_federation_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_federation_enabled", @@ -32,7 +32,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}", + "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_allow_public_rooms_over_federation", @@ -44,7 +44,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_enable_group_creation|string|lower }}", + "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_enable_group_creation", @@ -56,7 +56,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_use_presence|string|lower }}", + "default": "{{ matrix_synapse_use_presence | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_use_presence", @@ -68,7 +68,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_url_preview_enabled|string|lower }}", + "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_url_preview_enabled", @@ -80,7 +80,7 @@ "required": false, "min": null, "max": null, - "default": "{{ matrix_synapse_allow_guest_access|string|lower }}", + "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "matrix_synapse_allow_guest_access", @@ -92,7 +92,7 @@ "required": false, "min": null, "max": null, - "default": "{{ ext_registrations_require_3pid|string|lower }}", + "default": "{{ ext_registrations_require_3pid | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "ext_registrations_require_3pid", @@ -128,7 +128,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ ext_url_preview_accept_language_default|to_json }}, + "default": {{ ext_url_preview_accept_language_default | to_json }}, "choices": "", "new_question": true, "variable": "ext_url_preview_accept_language_raw", @@ -140,7 +140,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ ext_federation_whitelist_raw|to_json }}, + "default": {{ ext_federation_whitelist_raw | to_json }}, "choices": "", "new_question": true, "variable": "ext_federation_whitelist_raw", @@ -152,7 +152,7 @@ "required": false, "min": 0, "max": 65536, - "default": {{ matrix_synapse_auto_join_rooms_raw|to_json }}, + "default": {{ matrix_synapse_auto_join_rooms_raw | to_json }}, "choices": "", "new_question": true, "variable": "matrix_synapse_auto_join_rooms_raw", @@ -164,7 +164,7 @@ "required": false, "min": null, "max": null, - "default": "{{ ext_enable_registration_captcha|string|lower }}", + "default": "{{ ext_enable_registration_captcha | string | lower }}", "choices": "true\nfalse", "new_question": true, "variable": "ext_enable_registration_captcha", diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index 2459fc8a8..a82f46b06 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -5,27 +5,24 @@ path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings' + insertafter: '# AWX Settings Start' with_dict: 'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}' - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' + tags: use-survey - name: Save new 'Backup Server' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: src: 'roles/matrix-awx/surveys/backup_server.json.j2' dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' + tags: use-survey - name: Copy new 'Backup Server' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' dest: '/matrix/awx/backup_server.json' mode: '0660' + tags: use-survey - name: Collect AWX admin token the hard way! delegate_to: 127.0.0.1 @@ -33,6 +30,7 @@ curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' register: tower_token no_log: True + tags: use-survey - name: Recreate 'Backup Server' job template delegate_to: 127.0.0.1 @@ -41,7 +39,7 @@ description: "Performs a backup of the entire service to a remote location." extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" job_type: run - job_tags: "backup-server" + job_tags: "backup-server,use-survey" inventory: "{{ member_id }}" project: "{{ member_id }} - Matrix Docker Ansible Deploy" playbook: setup.yml @@ -54,6 +52,23 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes + tags: use-survey + +- name: Run export.sh if this job template is run by the client + command: /bin/sh /root/export.sh + tags: use-survey + +- name: Include vars in matrix_vars.yml + include_vars: + file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + no_log: True + +- name: Copy new 'matrix_vars.yml' to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + dest: '/matrix/awx/matrix_vars.yml' + mode: '0660' + tags: use-survey - name: Perform the borg backup command: borgmatic diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml new file mode 100644 index 000000000..a34b3792c --- /dev/null +++ b/roles/matrix-awx/tasks/cache_matrix_variables.yml @@ -0,0 +1,12 @@ + +- name: Collect current datetime + set_fact: + awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" + +- name: Create cached matrix_vars.yml file location + set_fact: + awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' + +- name: Create cached matrix_vars.yml + delegate_to: 127.0.0.1 + shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index 40ae1bfd5..580d8bc9b 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -1,12 +1,11 @@ - - name: Enable index.html creation if user doesn't wish to customise base domain delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings' + insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' when: customise_base_domain_website|bool == false @@ -14,10 +13,10 @@ - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings' + insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' when: customise_base_domain_website|bool == true @@ -25,27 +24,23 @@ - name: Record custom 'Customise Website + Access Export' variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings' + insertafter: '# Custom Settings Start' with_dict: 'customise_base_domain_website': '{{ customise_base_domain_website }}' 'sftp_auth_method': '"{{ sftp_auth_method }}"' 'sftp_password': '"{{ sftp_password }}"' 'sftp_public_key': '"{{ sftp_public_key }}"' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Reload vars in matrix_vars.yml include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + file: '{{ awx_cached_matrix_vars }}' no_log: True +# ^ Is this even needed? + - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml index 6789431a7..ea8662549 100644 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml @@ -8,3 +8,4 @@ include_vars: file: '/var/lib/awx/projects/hosting/hosting_vars.yml' no_log: True + diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index ff0986d72..2a9f9a0de 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -1,5 +1,15 @@ -- name: Include vars in matrix_vars.yml +- name: Include new vars in matrix_vars.yml include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + file: '{{ awx_cached_matrix_vars }}' no_log: True + +- name: If include_vars succeeds overwrite the old matrix_vars.yml + delegate_to: 127.0.0.1 + shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" + +- name: Copy new 'matrix_vars.yml' to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + dest: '/matrix/awx/matrix_vars.yml' + mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 4965ae39d..2f8c6df20 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -26,6 +26,15 @@ tags: - create-user +# Import configs, media repo from /chroot/backup import +- include_tasks: + file: "import_awx.yml" + apply: + tags: import-awx + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - import-awx + # Perform extra self-check functions - include_tasks: file: "self_check.yml" @@ -35,14 +44,14 @@ tags: - self-check -# Import configs, media repo from /chroot/backup import +# Create caches matrix_vars.yml file - include_tasks: - file: "import_awx.yml" + file: "cache_matrix_variables.yml" apply: - tags: import-awx + tags: always when: run_setup|bool and matrix_awx_enabled|bool tags: - - import-awx + - always # Configure SFTP so user can upload a static website or access the servers export - include_tasks: @@ -98,6 +107,15 @@ tags: - setup-corporal +# Additional playbook to set the variable file during Dimension configuration +- include_tasks: + file: "set_variables_dimension.yml" + apply: + tags: setup-dimension + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - setup-dimension + # Additional playbook to set the variable file during Synapse Admin configuration - include_tasks: file: "set_variables_synapse_admin.yml" @@ -107,7 +125,7 @@ tags: - setup-synapse-admin -# Load newly formed matrix variables from tower volume +# Load newly formed matrix variables from AWX volume - include_tasks: file: "load_matrix_variables.yml" apply: diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index 8d647574d..edf6b8b31 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -3,6 +3,7 @@ apt: name: - sysstat + - curl state: present - name: Install prerequisite yum packages on AWX @@ -19,6 +20,17 @@ - dnspython state: present +- name: Calculate MAU value + shell: | + curl -s localhost:9000 | grep "^synapse_admin_mau_current " + register: mau_stat + no_log: True + +- name: Print MAU value + debug: + msg: "{{ mau_stat.stdout.split('\n') }}" + when: mau_stat is defined + - name: Calculate CPU usage statistics shell: iostat -c register: cpu_usage_stat diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index d8ac038d9..6ae187c70 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -2,20 +2,20 @@ - name: Record Corporal Enabled/Disabled variable delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - name: Enable Shared Secret Auth if Corporal enabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings' + insertafter: '# Shared Secret Auth Settings Start' with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' when: matrix_corporal_enabled|bool @@ -23,10 +23,10 @@ - name: Disable Shared Secret Auth if Corporal disabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings' + insertafter: '# Shared Secret Auth Settings Start' with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' when: not matrix_corporal_enabled|bool @@ -34,10 +34,10 @@ - name: Enable Rest Auth Endpoint if Corporal enabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' when: matrix_corporal_enabled|bool @@ -45,10 +45,10 @@ - name: Disable Rest Auth Endpoint if Corporal disabled delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' when: not matrix_corporal_enabled|bool @@ -56,10 +56,10 @@ - name: Disable Corporal API if Simple Static File mode selected delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_enabled': 'false' when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) @@ -67,10 +67,10 @@ - name: Enable Corporal API if Push/Pull mode delected delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_enabled': 'true' when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) @@ -78,10 +78,10 @@ - name: Record Corporal API Access Token if it's defined delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings' + insertafter: '# Corporal Settings Start' with_dict: 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' when: matrix_corporal_http_api_auth_token|length > 0 @@ -89,8 +89,8 @@ - name: Record 'Simple Static File' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -151,8 +151,8 @@ - name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -168,8 +168,8 @@ - name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml delegate_to: 127.0.0.1 blockinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - insertafter: "# Corporal Policy Provider Settings" + path: '{{ awx_cached_matrix_vars }}' + insertafter: "# Corporal Policy Provider Settings Start" block: | matrix_corporal_policy_provider_config: | { @@ -181,7 +181,7 @@ - name: Lower RateLimit if set to 'Normal' delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' when: matrix_corporal_raise_ratelimits == "Normal" @@ -189,17 +189,11 @@ - name: Raise RateLimit if set to 'Raised' delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' when: matrix_corporal_raise_ratelimits == "Raised" -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0664' - - name: Save new 'Configure Corporal' survey.json to the AWX tower delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml new file mode 100644 index 000000000..2d5eb6192 --- /dev/null +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -0,0 +1,109 @@ + +- name: Include vars in matrix_vars.yml + include_vars: + file: '{{ awx_cached_matrix_vars }}' + no_log: True + +- name: Install jq on remote machine + apt: + name: jq + state: present + +- name: Collect access token of Dimension user + shell: | + curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + register: dimension_user_access_token + +- name: Record Synapse variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Dimension Settings Start' + with_dict: + 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' + 'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"' + +- name: Set final users list if users are defined + set_fact: + ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}" + when: ext_dimension_users_raw|length > 0 + +- name: Set final users list if no users are defined + set_fact: + ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}' + when: ext_dimension_users_raw|length == 0 + +- name: Remove Dimension Users + delegate_to: 127.0.0.1 + replace: + path: '{{ awx_cached_matrix_vars }}' + regexp: '^ - .*\n' + after: 'matrix_dimension_admins:' + before: '# Dimension Settings End' + +- name: Set Dimension Users Header + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + insertbefore: '# Dimension Settings End' + line: "matrix_dimension_admins:" + +- name: Set Dimension Users + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + insertafter: '^matrix_dimension_admins:' + line: ' - "{{ item }}"' + with_items: "{{ ext_dimension_users_raw_final.splitlines() }}" + +- name: Record Dimension Custom variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Custom Settings Start' + with_dict: + 'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}' + +- name: Save new 'Configure Dimension' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' + +- name: Copy new 'Configure Dimension' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' + dest: '/matrix/awx/configure_dimension.json' + mode: '0660' + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Recreate 'Configure Dimension' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Configure Dimension" + description: "Configure Dimension, the self-hosted integrations server." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-all,setup-dimension" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index a21a9dd87..a0e41770c 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -2,10 +2,10 @@ - name: Record Element-Web variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings' + insertafter: '# Element Settings Start' with_dict: 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' 'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}' @@ -16,24 +16,18 @@ - name: Set fact for 'https' string set_fact: - https_string: "https" + awx_https_string: "https" - name: Record Element-Web Background variable locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings' + insertafter: '# Element Settings Start' with_dict: 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 ) - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' + when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 ) - name: Save new 'Configure Element' survey.json to the AWX tower, template delegate_to: 127.0.0.1 diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index 4a871a189..9c610685f 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -2,20 +2,14 @@ - name: Record Jitsi variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings' + insertafter: '# Jitsi Settings Start' with_dict: 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Jitsi' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 32dadc0a4..853d8c091 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -2,20 +2,20 @@ - name: Record ma1sd variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings' + insertafter: '# ma1sd Settings Start' with_dict: 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' when: ext_matrix_ma1sd_auth_store == 'Synapse Internal' @@ -23,10 +23,10 @@ - name: Enable REST auth if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension' + insertafter: '# Synapse Extension Start' with_dict: 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' 'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090' @@ -40,7 +40,7 @@ - name: Remove entire ma1sd configuration extension delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^.*\n' after: '# Start ma1sd Extension' before: '# End ma1sd Extension' @@ -48,14 +48,14 @@ - name: Replace conjoined ma1sd configuration extension limiters delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^# Start ma1sd Extension# End ma1sd Extension' replace: '# Start ma1sd Extension\n# End ma1sd Extension' - name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' line: "matrix_ma1sd_configuration_extension_yaml: |" insertafter: '# Start ma1sd Extension' when: ext_matrix_ma1sd_auth_store == 'LDAP/AD' @@ -63,7 +63,7 @@ - name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertbefore: '# End ma1sd Extension' line: '{{ item }}' with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}" @@ -72,20 +72,14 @@ - name: Record ma1sd Custom variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Custom Settings' + insertbefore: '# Custom Settings Start' with_dict: 'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}' 'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: @@ -126,4 +120,3 @@ tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes -# ^ This playbook isn't executing so the survey isn't being updated! :P diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index ef7c70ef1..e481d3993 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -12,10 +12,10 @@ - name: Record Synapse variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' @@ -29,7 +29,7 @@ - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^matrix_synapse_auto_join_rooms: .*$" replace: "matrix_synapse_auto_join_rooms: []" when: matrix_synapse_auto_join_rooms_raw|length == 0 @@ -43,10 +43,10 @@ - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: "matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}" when: matrix_synapse_auto_join_rooms_raw|length > 0 @@ -54,10 +54,10 @@ - name: Record Synapse Shared Secret if it's defined delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings' + insertafter: '# Synapse Settings Start' with_dict: 'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}' when: matrix_synapse_registration_shared_secret|length > 0 @@ -65,10 +65,10 @@ - name: Record registations_require_3pid extra variable if true delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "{{ item }}:" line: "{{ item }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' with_items: - " registrations_require_3pid:" - " - email" @@ -77,10 +77,10 @@ - name: Remove registrations_require_3pid extra variable if false delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "{{ item }}:" line: "{{ item }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' state: absent with_items: - " registrations_require_3pid:" @@ -90,10 +90,10 @@ - name: Remove URL Languages delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' after: ' url_preview_accept_language:' - before: '# End Synapse Extension' + before: '# Synapse Extension End' - name: Set URL languages default if raw inputs empty set_fact: @@ -108,7 +108,7 @@ - name: Set URL languages if raw inputs empty delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ url_preview_accept_language:' line: " - {{ ext_url_preview_accept_language_default }}" when: ext_url_preview_accept_language_raw|length == 0 @@ -116,7 +116,7 @@ - name: Set URL languages if raw inputs not empty delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ url_preview_accept_language:' line: " - {{ item }}" with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}" @@ -125,22 +125,22 @@ - name: Remove Federation Whitelisting 1 delegate_to: 127.0.0.1 replace: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' after: ' federation_domain_whitelist:' - before: '# End Synapse Extension' + before: '# Synapse Extension End' - name: Remove Federation Whitelisting 2 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' line: " federation_domain_whitelist:" state: absent - name: Set Federation Whitelisting 1 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^matrix_synapse_configuration_extension_yaml: \|' line: " federation_domain_whitelist:" when: ext_federation_whitelist_raw|length > 0 @@ -148,7 +148,7 @@ - name: Set Federation Whitelisting 2 delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' insertafter: '^ federation_domain_whitelist:' line: " - {{ item }}" with_items: "{{ ext_federation_whitelist_raw.splitlines() }}" @@ -157,10 +157,10 @@ - name: Record Synapse Custom variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Custom Settings' + insertafter: '# Custom Settings Start' with_dict: 'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}' 'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}' @@ -176,21 +176,15 @@ - name: Record Synapse Extension variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# End Synapse Extension' + insertbefore: '# Synapse Extension End' with_dict: ' enable_registration_captcha': '{{ ext_enable_registration_captcha }}' ' recaptcha_public_key': '{{ ext_recaptcha_public_key }}' ' recaptcha_private_key': '{{ ext_recaptcha_private_key }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Synapse' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 42084ad72..fa922de44 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -2,19 +2,13 @@ - name: Record Synapse Admin variables locally on AWX delegate_to: 127.0.0.1 lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + path: '{{ awx_cached_matrix_vars }}' regexp: "^#? *{{ item.key | regex_escape() }}:" line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings' + insertafter: '# Synapse Admin Settings Start' with_dict: 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - - name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 6497acf7b..568ccd23a 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -1,6 +1,6 @@ --- -- name: Create user account +- name: Create user account @janitor command: | /usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1 register: cmd @@ -18,3 +18,20 @@ 'matrix_awx_janitor_user_created': 'true' when: not matrix_awx_janitor_user_created|bool +- name: Create user account @dimension + command: | + /usr/local/bin/matrix-synapse-register-user dimension {{ matrix_awx_dimension_user_password | quote }} 0 + register: cmd + when: not matrix_awx_dimension_user_created|bool + no_log: True + +- name: Update AWX dimension user created variable + delegate_to: 127.0.0.1 + lineinfile: + path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: 'AWX Settings' + with_dict: + 'matrix_awx_dimension_user_created': 'true' + when: not matrix_awx_dimension_user_created|bool