omm: new role (SIP-DECT OMM)

2021-11-19 23:23:45 +01:00 · 2021-11-19 23:23:45 +01:00 · b61d00aeca
commit b61d00aeca
parent 4a56b35fdd
10 changed files with 175 additions and 0 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -141,6 +141,8 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de
 nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de
 nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de

+omm_domain: omm.binary.kitchen
+
 pretalx_domain: fahrplan.eh21.easterhegg.eu
 pretalx_dbname: pretalx
 pretalx_dbuser: pretalx
--- a/roles/omm/defaults/main.yml
+++ b/roles/omm/defaults/main.yml
@ -0,0 +1,4 @@
+---
+
+omm_http_port: 8000
+omm_https_port: 8443
--- a/roles/omm/handlers/main.yml
+++ b/roles/omm/handlers/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Reload systemd
+  systemd: daemon_reload=yes
+
+- name: Restart sip-dect-ics
+  service: name=sip-dect-ics state=restarted
+
+- name: Restart sip-dect-omm
+  service: name=sip-dect-omm state=restarted
--- a/roles/omm/meta/main.yml
+++ b/roles/omm/meta/main.yml
@ -0,0 +1,5 @@
+---
+
+dependencies:
+- { role: acertmgr }
+- { role: nginx, nginx_ssl: True }
--- a/roles/omm/tasks/main.yml
+++ b/roles/omm/tasks/main.yml
@ -0,0 +1,72 @@
+---
+
+- name: Install dependencies
+  apt:
+    name:
+    - alien
+    - sysvinit-utils
+
+- name: Add i386 architecture
+  command: dpkg --add-architecture i386
+  args:
+    creates: /var/lib/dpkg/arch
+  when: ansible_architecture != 'i386'
+  register: add_i386
+
+- name: Install 32bit dependencies
+  apt:
+    name:
+    - libstdc++6:i386
+    - zlib1g:i386
+    update_cache: "{{ add_i386.changed }}"
+
+# TODO manual steps
+# alien --target=amd64 /tmp/SIP-DECT-OMM-8.1_SP4_GE30-0.i686.rpm
+# dpkg -i sip-dect-omm_8.1SP4GE30-1_amd64.deb
+# alien --target=amd64 /tmp/SIP-DECT-HANDSET-8.1_SP4_GE30-0.i686.rpm
+# dpkg -i sip-dect-handset_8.1SP4GE30-1_amd64.deb
+# rm /etc/init.d/sip-dect-omm
+# rm /etc/sysconfig/SIP-DECT
+
+- name: Install systemd units
+  template: src={{ item }}.service.j2 dest=/lib/systemd/system/{{ item }}.service
+  with_items:
+  - sip-dect-ics
+  - sip-dect-omm
+  notify:
+  - Reload systemd
+  - Restart sip-dect-ics
+  - Restart sip-dect-omm
+
+- name: Enable services
+  service: name={{ item }} state=started enabled=yes
+  with_items:
+  - sip-dect-ics
+  - sip-dect-omm
+
+- name: Ensure certificates are available
+  command:
+    cmd: >
+      openssl req -x509 -nodes -newkey rsa:2048
+      -keyout /etc/nginx/ssl/{{ omm_domain }}.key -out /etc/nginx/ssl/{{ omm_domain }}.crt
+      -days 730 -subj "/CN={{ omm_domain }}"
+    creates: /etc/nginx/ssl/{{ omm_domain }}.crt
+  notify: Restart nginx
+
+- name: Request nsupdate key for certificate
+  include_role: name=acme-dnskey-generate
+  vars:
+    acme_dnskey_san_domains:
+    - "{{ omm_domain }}"
+
+- name: Configure certificate manager for omm
+  template: src=certs.j2 dest=/etc/acertmgr/{{ omm_domain }}.conf
+  notify: Run acertmgr
+
+- name: Configure vhost
+  template: src=vhost.j2 dest=/etc/nginx/sites-available/omm
+  notify: Restart nginx
+
+- name: Enable vhost
+  file: src=/etc/nginx/sites-available/omm dest=/etc/nginx/sites-enabled/omm state=link
+  notify: Restart nginx
--- a/roles/omm/templates/certs.j2
+++ b/roles/omm/templates/certs.j2
@ -0,0 +1,18 @@
+---
+
+{{ omm_domain }}:
+- mode: dns.nsupdate
+  nsupdate_server: {{ acme_dnskey_server }}
+  nsupdate_keyfile: {{ acme_dnskey_file }}
+- path: /etc/nginx/ssl/{{ omm_domain }}.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: '/usr/sbin/service nginx restart'
+- path: /etc/nginx/ssl/{{ omm_domain }}.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: '/usr/sbin/service nginx restart'
--- a/roles/omm/templates/sip-dect-ics.service.j2
+++ b/roles/omm/templates/sip-dect-ics.service.j2
@ -0,0 +1,15 @@
+[Unit]
+Description=Mitel SIP-DECT ICS (Integrated Conference Server)
+After=syslog.target
+After=network.target
+Requires=sip-dect-omm.service
+
+[Service]
+RestartSec=2s
+Type=forking
+WorkingDirectory=/opt/SIP-DECT/
+ExecStart=/opt/SIP-DECT/bin/ics -d
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/omm/templates/sip-dect-omm.service.j2
+++ b/roles/omm/templates/sip-dect-omm.service.j2
@ -0,0 +1,14 @@
+[Unit]
+Description=Mitel SIP-DECT OMM (Open Mobility Manager)
+After=syslog.target
+After=network.target
+
+[Service]
+RestartSec=2s
+Type=forking
+WorkingDirectory=/opt/SIP-DECT/
+ExecStart=/opt/SIP-DECT/bin/SIP-DECT -f /opt/SIP-DECT/tmp/omm_conf.txt -http {{ omm_http_port }} -https {{ omm_https_port }} -d
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/omm/templates/vhost.j2
+++ b/roles/omm/templates/vhost.j2
@ -0,0 +1,30 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ omm_domain }};
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://{{ omm_domain }}$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name {{ omm_domain }};
+
+	ssl_certificate_key /etc/nginx/ssl/{{ omm_domain }}.key;
+	ssl_certificate /etc/nginx/ssl/{{ omm_domain }}.crt;
+
+	location / {
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_pass https://localhost:{{ omm_https_port }};
+	}
+}
--- a/site.yml
+++ b/site.yml
@ -47,6 +47,11 @@
  roles:
  - xrdp_apphost

+- name: Setup SIP-DECT OMM
+  hosts: knoedel.binary.kitchen
+  roles:
+  - omm
+
 - name: Setup gitea runner
  hosts: bob.binary.kitchen
  roles: