bedah/ansible
1
0
Fork 0
forked from infra/ansible
Code Issues Pull Requests Releases Wiki Activity

omm: new role (SIP-DECT OMM)

Browse Source
This commit is contained in:
Markus 2021-11-19 23:23:45 +01:00
parent 4a56b35fdd
commit b61d00aeca
10 changed files with 175 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/vars.yml
View File

@ -141,6 +141,8 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de
omm_domain: omm.binary.kitchen
pretalx_domain: fahrplan.eh21.easterhegg.eu pretalx_domain: fahrplan.eh21.easterhegg.eu
pretalx_dbname: pretalx pretalx_dbname: pretalx
pretalx_dbuser: pretalx pretalx_dbuser: pretalx

4
roles/omm/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
omm_http_port: 8000
omm_https_port: 8443

10
roles/omm/handlers/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Reload systemd
systemd: daemon_reload=yes
- name: Restart sip-dect-ics
service: name=sip-dect-ics state=restarted
- name: Restart sip-dect-omm
service: name=sip-dect-omm state=restarted

5
roles/omm/meta/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
dependencies:
- { role: acertmgr }
- { role: nginx, nginx_ssl: True }

72
roles/omm/tasks/main.yml Normal file
View File

@ -0,0 +1,72 @@
---
- name: Install dependencies
apt:
name:
- alien
- sysvinit-utils
- name: Add i386 architecture
command: dpkg --add-architecture i386
args:
creates: /var/lib/dpkg/arch
when: ansible_architecture != 'i386'
register: add_i386
- name: Install 32bit dependencies
apt:
name:
- libstdc++6:i386
- zlib1g:i386
update_cache: "{{ add_i386.changed }}"
# TODO manual steps
# alien --target=amd64 /tmp/SIP-DECT-OMM-8.1_SP4_GE30-0.i686.rpm
# dpkg -i sip-dect-omm_8.1SP4GE30-1_amd64.deb
# alien --target=amd64 /tmp/SIP-DECT-HANDSET-8.1_SP4_GE30-0.i686.rpm
# dpkg -i sip-dect-handset_8.1SP4GE30-1_amd64.deb
# rm /etc/init.d/sip-dect-omm
# rm /etc/sysconfig/SIP-DECT
- name: Install systemd units
template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
with_items:
- sip-dect-ics
- sip-dect-omm
notify:
- Reload systemd
- Restart sip-dect-ics
- Restart sip-dect-omm
- name: Enable services
service: name={{ item }} state=started enabled=yes
with_items:
- sip-dect-ics
- sip-dect-omm
- name: Ensure certificates are available
command:
cmd: >
openssl req -x509 -nodes -newkey rsa:2048
-keyout /etc/nginx/ssl/{{ omm_domain }}.key -out /etc/nginx/ssl/{{ omm_domain }}.crt
-days 730 -subj "/CN={{ omm_domain }}"
creates: /etc/nginx/ssl/{{ omm_domain }}.crt
notify: Restart nginx
- name: Request nsupdate key for certificate
include_role: name=acme-dnskey-generate
vars:
acme_dnskey_san_domains:
- "{{ omm_domain }}"
- name: Configure certificate manager for omm
template: src=certs.j2 dest=/etc/acertmgr/{{ omm_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/omm
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/omm dest=/etc/nginx/sites-enabled/omm state=link
notify: Restart nginx

18
roles/omm/templates/certs.j2 Normal file
View File

@ -0,0 +1,18 @@
---
{{ omm_domain }}:
- mode: dns.nsupdate
nsupdate_server: {{ acme_dnskey_server }}
nsupdate_keyfile: {{ acme_dnskey_file }}
- path: /etc/nginx/ssl/{{ omm_domain }}.key
user: root
group: root
perm: '400'
format: key
action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ omm_domain }}.crt
user: root
group: root
perm: '400'
format: crt,ca
action: '/usr/sbin/service nginx restart'

15
roles/omm/templates/sip-dect-ics.service.j2 Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Mitel SIP-DECT ICS (Integrated Conference Server)
After=syslog.target
After=network.target
Requires=sip-dect-omm.service
[Service]
RestartSec=2s
Type=forking
WorkingDirectory=/opt/SIP-DECT/
ExecStart=/opt/SIP-DECT/bin/ics -d
Restart=always
[Install]
WantedBy=multi-user.target

14
roles/omm/templates/sip-dect-omm.service.j2 Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Mitel SIP-DECT OMM (Open Mobility Manager)
After=syslog.target
After=network.target
[Service]
RestartSec=2s
Type=forking
WorkingDirectory=/opt/SIP-DECT/
ExecStart=/opt/SIP-DECT/bin/SIP-DECT -f /opt/SIP-DECT/tmp/omm_conf.txt -http {{ omm_http_port }} -https {{ omm_https_port }} -d
Restart=always
[Install]
WantedBy=multi-user.target

30
roles/omm/templates/vhost.j2 Normal file
View File

@ -0,0 +1,30 @@
server {
listen 80;
listen [::]:80;
server_name {{ omm_domain }};
location /.well-known/acme-challenge {
default_type "text/plain";
alias /var/www/acme-challenge;
}
location / {
return 301 https://{{ omm_domain }}$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ omm_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ omm_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ omm_domain }}.crt;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://localhost:{{ omm_https_port }};
}
}

5
site.yml
View File

@ -47,6 +47,11 @@
roles: roles:
- xrdp_apphost - xrdp_apphost
- name: Setup SIP-DECT OMM
hosts: knoedel.binary.kitchen
roles:
- omm
- name: Setup gitea runner - name: Setup gitea runner
hosts: bob.binary.kitchen hosts: bob.binary.kitchen
roles: roles: