From 8b4b79bd37894d31b0674eb32ebcd6146d35bba2 Mon Sep 17 00:00:00 2001 From: qiaofeng1227 <76487013@qq.com> Date: Mon, 11 Jul 2022 14:40:24 +0800 Subject: [PATCH] rewrite init --- apps/roles/role_init/defaults/main.yml | 37 +--- apps/roles/role_init/tasks/main.yml | 39 ++-- .../templates/init-apps.service.jinja2 | 41 +--- apps/roles/role_init/templates/init.sh.jinja2 | 195 +----------------- .../role_init/templates/password.txt.jinja2 | 50 ----- 5 files changed, 26 insertions(+), 336 deletions(-) delete mode 100644 apps/roles/role_init/templates/password.txt.jinja2 diff --git a/apps/roles/role_init/defaults/main.yml b/apps/roles/role_init/defaults/main.yml index f180968e..b28b04f6 100644 --- a/apps/roles/role_init/defaults/main.yml +++ b/apps/roles/role_init/defaults/main.yml @@ -1,38 +1,3 @@ -# dictionary variable for interface -init_db: -init_application: -init_docker: - -# init_db sample for you -init_db_example: - mysql: - admin: root - users: ["discuz"] - password: "123456" - service_before: - service_after: - config_paths: - - /data/wwwroot/discuz/upload/config/config_global_default.php - command: - - echo "hello world" - -# these meta data ony for inner coding, not for interface -init_service_unit: - mysql: - before: - after: mysqld.service - mariadb: - before: - after: mysqld.service - mongodb: - before: - after: mongod.service - postgresql: - before: - after: postgresql.service - neo4j: - before: - after: neo4j.service - + diff --git a/apps/roles/role_init/tasks/main.yml b/apps/roles/role_init/tasks/main.yml index 8717de7b..37945321 100644 --- a/apps/roles/role_init/tasks/main.yml +++ b/apps/roles/role_init/tasks/main.yml @@ -1,21 +1,22 @@ - block: - - name: Create credentials Folder - file: - path: /credentials - state: directory + - name: Create credentials Folder + file: + path: /credentials + state: directory - - name: Upload Databases Password - template: - src: password.txt.jinja2 - dest: /credentials/password.txt - mode: 0640 + - name: Create a PHP symbolic link + file: + src: "{{installpath}}/{{app}}/.env" + dest: "/credentials/{{item}}_password.txt" + state: link + loop: "{{applist.stdout_lines}}" - name: Copy Init Script template: src: init.sh.jinja2 dest: /credentials/init.sh mode: 0750 - + - name: Upload init-apps.service template: src: init-apps.service.jinja2 @@ -26,13 +27,13 @@ name: init-apps enabled: yes -- block: - - name: Check init, if /credentials/* file not exist or no content, stop and exit Ansible - shell: | - [ -s /credentials/password.txt ] && [ -s /credentials/init.sh ] && init_initpasswd=true || init_initpasswd=false - echo $init_initpasswd - register: init_check +- block: + - name: Check init, if /credentials/* file not exist or no content, stop and exit Ansible + shell: | + [ -s /credentials/password.txt ] && [ -s /credentials/init.sh ] && init_initpasswd=true || init_initpasswd=false + echo $init_initpasswd + register: init_check - - name: Output error when init.sh fail - fail: msg="init role is not done,exit!" - when: init_check.stdout == "false" + - name: Output error when init.sh fail + fail: msg="init role is not done,exit!" + when: init_check.stdout == "false" diff --git a/apps/roles/role_init/templates/init-apps.service.jinja2 b/apps/roles/role_init/templates/init-apps.service.jinja2 index 054a60de..ab7308c7 100644 --- a/apps/roles/role_init/templates/init-apps.service.jinja2 +++ b/apps/roles/role_init/templates/init-apps.service.jinja2 @@ -1,45 +1,6 @@ [Unit] Description=Init image powered by Websoft9 -After=network.target systemd-networkd-wait-online.service -{############## init databases ##############} -{% if init_db %} -{% for dbs_name, dbs_attr in init_db.items() %} -{% if init_service_unit[dbs_name].before is defined and init_service_unit[dbs_name].before is not none %} -Before={{init_service_unit[dbs_name].before}} -{% endif %} -{% if dbs_attr.service_before is defined and dbs_attr.service_before is not none %} -Before={{dbs_attr.service_before}} -{% endif %} -{% if init_service_unit[dbs_name].after is defined and init_service_unit[dbs_name].after is not none %} -After={{init_service_unit[dbs_name].after}} -{% endif %} -{% if dbs_attr.service_after is defined and dbs_attr.service_after is not none %} -After={{dbs_attr.service_after}} -{% endif %} -{% endfor %} -{% endif %} -{############## init applications ##############} -{% if init_application %} -{% for app_name,app_attr in init_application.items() %} -{% if app_attr.service_before is defined and app_attr.service_before is not none %} -Before={{app_attr.service_before}} -{% endif %} -{% if app_attr.service_after is defined and app_attr.service_after is not none %} -After={{app_attr.service_after}} -{% endif %} -{% endfor %} -{% endif %} -{############## init docker applications ##############} -{% if init_docker %} -{% for docker_name,docker_attr in init_docker.items() %} -{% if docker_attr.service_before is defined and docker_attr.service_before is not none %} -Before={{docker_attr.service_before}} -{% endif %} -{% if docker_attr.service_after is defined and docker_attr.service_after is not none %} -After={{docker_attr.service_after}} -{% endif %} -{% endfor %} -{% endif %} +After=network.target systemd-networkd-wait-online.service docker.service [Service] Type=simple diff --git a/apps/roles/role_init/templates/init.sh.jinja2 b/apps/roles/role_init/templates/init.sh.jinja2 index 8de9a653..e8f09c40 100644 --- a/apps/roles/role_init/templates/init.sh.jinja2 +++ b/apps/roles/role_init/templates/init.sh.jinja2 @@ -4,196 +4,9 @@ new_password=$(pwgen -ncCs 14 1)! sudo sleep 10s sudo sh -c 'echo "init-password started at" $(date -d now) 1>> /tmp/init_debug.txt' -#1 database password init -{% if init_db %} -{% for db_names,dbs in init_db.items() %} - -{% if db_names == 'mysql' or db_names == 'mariadb' %} -sudo sh -c 'echo "init mysql&mariadb started at" $(date -d now) 1>> /tmp/init_debug.txt' -mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h ::1 password $new_password -mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h 127.0.0.1 password $new_password -mysqladmin -u{{dbs.admin}} -p{{dbs.password }} -h localhost password $new_password - -{% if dbs.users is defined and dbs.users is not none %} -{% for dbs_app_user in dbs.users %} -{% if mysql_version == '8.0' %} -echo " -SET PASSWORD FOR {{dbs_app_user}} = '$new_password'; -" |mysql -uroot -p$new_password -h 127.0.0.1 - -echo " -SET PASSWORD FOR {{dbs_app_user}}@localhost = '$new_password'; -" |mysql -uroot -p$new_password -h 127.0.0.1 -{% else %} -echo " -SET PASSWORD FOR {{dbs_app_user}} = PASSWORD('$new_password'); -" |mysql -uroot -p$new_password -h 127.0.0.1 - -echo " -SET PASSWORD FOR {{dbs_app_user}}@localhost = PASSWORD('$new_password'); -" |mysql -uroot -p$new_password -h 127.0.0.1 -{% endif %} - +#1 init for applist of .env +{% for app_name in applist.stdout_lines %} +sudo sed -i "s/_PASSWORD=.*/_PASSWORD=$new_password/g" /data/apps/{{app_name}}/.env {% endfor %} -{% endif %} -sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt -{% endif %} -{% if db_names == 'mongodb' %} -sudo sh -c 'echo "init mongodb started at" $(date -d now) 1>> /tmp/init_debug.txt' -echo " -use admin -db.changeUserPassword('{{dbs.admin}}', '${new_password}') -exit -" | mongo admin -u {{dbs.admin}} -p {{dbs.password}} -{% if dbs.users is defined and dbs.users is not none %} -{% for dbs_app_user in dbs.users %} -echo " -use admin -db.changeUserPassword('{{dbs_app_user}}', '${new_password}') -exit -" | mongo admin -u {{dbs_app_user}} -p {{dbs.password}} -{% endfor %} -{% endif %} -sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt -{% endif %} - -{% if db_names == 'rethinkdb' %} -sudo sh -c 'echo "init rethinkdb started at" $(date -d now) 1>> /tmp/init_debug.txt' -sudo sh -c 'echo "{{dbs.password}}" > /tmp/pw' -echo "r.db('rethinkdb').table('users').get('{{dbs.admin}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw -{% if dbs.users is defined and dbs.users is not none %} -{% for dbs_app_user in dbs.users %} -echo "r.db('rethinkdb').table('users').get('{{dbs_app_user}}').update({'password': '$new_password'}).run()" | rethinkdb-repl --password-file /tmp/pw -{% endfor %} -{% endif %} -sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt -sudo rm -f /tmp/pw -{% endif %} - - -{% if db_names == 'postgresql' %} -sudo sh -c 'echo "init postgresql started at" $(date -d now) 1>> /tmp/init_debug.txt' -echo " -ALTER USER {{dbs.admin}} WITH PASSWORD '${new_password}'; -" | sudo -u {{dbs.admin}} psql -{% if dbs.users is defined and dbs.users is not none %} -{% for dbs_app_user in dbs.users %} -echo " -ALTER USER {{dbs_app_user}} WITH PASSWORD '${new_password}'; -" | sudo -u {{dbs.admin}} psql -{% endfor %} -{% endif %} -sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt -{% endif %} - -{% if db_names == 'neo4j' %} -sudo sh -c 'echo "init neo4j started at" $(date -d now) 1>> /tmp/init_debug.txt' - -# wait neo4j service started -sleep 60 - -while [ $? -eq 0 ] -do - {% if neo4j_version <= '3.5' %} - echo " - CALL dbms.changePassword('${new_password}'); - " | cypher-shell -u {{dbs.admin}} -p {{dbs.password}} - {% else %} - echo " - ALTER CURRENT USER SET PASSWORD FROM '{{dbs.password}}' TO '${new_password}'; - " | cypher-shell -u {{dbs.admin}} -p {{dbs.password}} -d system - {% endif %} - echo ":exit" |cypher-shell -u neo4j -p neo4j -d system -done - -sudo sed -i "s/neo4j administrator password:{{dbs.password}}/neo4j administrator password:$new_password/g" /credentials/password.txt -{% endif %} - -{% if db_names == 'redis' %} -sudo sed -i "s/{{dbs.password}}/$new_password/g" /credentials/password.txt -{% endif %} - -{% if dbs.config_paths is defined and dbs.config_paths is not none %} -{% for path in dbs.config_paths %} -sudo sed -i "s/{{dbs.password}}/$new_password/g" {{path}} -{% endfor %} -{% endif %} - -{% if dbs.commands is defined and dbs.commands is not none %} -{% for cmd in dbs.commands %} -{{cmd}} -{% endfor %} -{% endif %} - -{% endfor %} -{% endif %} - - -#2 application password init -{% if init_application %} -sudo sh -c 'echo "init application started at" $(date -d now) 1>> /tmp/init_debug.txt' -{% for app_name,app_attr in init_application.items() %} - -{% if app_attr.config_paths is defined and app_attr.config_paths is not none %} -{% for path in app_attr.config_paths %} -sudo sed -i "s/{{app_attr.password}}/$new_password/g" {{path}} -{% endfor %} -{% endif %} - -{% if app_attr.commands is defined and app_attr.commands is not none %} -{% for cmd in app_attr.commands %} -{{cmd}} -{% endfor %} -{% endif %} - -sudo sed -i "s/{{ app_name }} administrator Password:.*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt -{% endfor %} -sudo sh -c 'echo "init application ended at" $(date -d now) 1>> /tmp/init_debug.txt' -{% endif %} - -#3 docker password init -{% if init_docker %} -sudo sh -c 'echo "init docker started at" $(date -d now) 1>> /tmp/init_debug.txt' -sudo systemctl restart docker -{% for app_name,app_attr in init_docker.items() %} - -{% if app_attr.admin_password is defined and app_attr.admin_password is not none %} -sudo sed -i "s/{{ app_name }} administrator Password: .*/{{ app_name }} administrator Password: $new_password/g" /credentials/password.txt -{% endif %} - -{% if app_attr.db_password is defined and app_attr.db_password is not none %} -sudo sed -i "s/database password:.*/database password:$new_password/g" /credentials/password.txt -{% endif %} - -{% if app_attr.compose_path is defined and app_attr.compose_path is not none %} -{% if app_attr.compose_down is not defined or app_attr.compose_down == True %} -sudo docker compose -f {{app_attr.compose_path}} down -v -sudo sleep 20s -{% endif %} - -{% if app_attr.volumes is defined and app_attr.volumes is not none %} -{% for volume in app_attr.volumes %} -sudo rm -rf {{volume}} -{% endfor %} -{% endif %} - -{% if app_attr.compose_commands is defined and app_attr.compose_commands is not none %} -{% for cmd in app_attr.compose_commands %} -{{cmd}} -{% endfor %} -{% endif %} - -sudo docker compose -f {{app_attr.compose_path}} up -d --no-recreate -sudo sleep 20s -{% endif %} - -{% if app_attr.commands is defined and app_attr.commands is not none %} -{% for cmd in app_attr.commands %} -{{cmd}} -{% endfor %} -{% endif %} - -{% endfor %} -sudo sh -c 'echo "init docker ended at" $(date -d now) 1>> /tmp/init_debug.txt' -{% endif %} +2 init for applist of special \ No newline at end of file diff --git a/apps/roles/role_init/templates/password.txt.jinja2 b/apps/roles/role_init/templates/password.txt.jinja2 deleted file mode 100644 index 17c8b27e..00000000 --- a/apps/roles/role_init/templates/password.txt.jinja2 +++ /dev/null @@ -1,50 +0,0 @@ -{% if init_db %} -{% for db_names,dbs in init_db.items() %} -{{db_names}} administrator username:{{dbs.admin}} -{{db_names}} administrator password:{{dbs.password}} -{% if dbs.users is defined and dbs.users is not none %} -{% for dbs_app_user in dbs.users %} - ---- {{db_names}} connections for your {{ dbs_app_user }} installation--- -database hostname: localhost or 127.0.0.1 -database name:{{dbs_app_user}} -database username:{{dbs_app_user}} -database password:{{dbs.password}} - -{% endfor %} -{% endif %} - ---- - -{% endfor %} -{% endif %} - -{% if init_application %} -{% for app_name,app_attr in init_application.items() %} -### Username and Password for your {{ app_name }} login ### -{% if app_attr.username is defined and app_attr.username is not none %} -{{app_name}} administrator Username: {{app_attr.username}} -{{app_name}} administrator Password: {{app_attr.password}} -{% endif %} -{% endfor %} -{% endif %} - -{% if init_docker %} -{% for app_name,app_attr in init_docker.items() %} - -{% if app_attr.admin_password is defined and app_attr.admin_password is not none %} -### Username and Password for your {{ app_name }} login ### - -{{app_name}} administrator Username: {{app_attr.admin_username}} -{{app_name}} administrator Password: {{app_attr.admin_password}} -{% endif %} - -{% if app_attr.db_password is defined and app_attr.db_password is not none %} ---- {{app_attr.db}} (Docker) connections for your {{app_name}} installation--- -database name:{{app_attr.db_name}} -database username:{{app_attr.db_username}} -database password:{{app_attr.db_password}} -{% endif %} - -{% endfor %} -{% endif %}