websoft9/apps/roles/role_init/README.md

Ansible Role: init
=========

本 Role 用于在 Cloud Installer 项目的随机密码处理，确保任何用户每一次安装都可以生成随机密码

## Requirements

运行本 Role，请确认符合如下的必要条件：

| **Items**      | **Details** |
| ------------------| ------------------|
| Operating system | CentOS7.x Ubuntu AmazonLinux |
| Python 版本 | Python2  |
| Python 组件 |    |
| Runtime | MySQL, MariaDB, PostgreSQL, MongoDB |


## Related roles

本 Role 在语法上引用了主变量，程序运行时需要确保已经运行： mysql | mariadb | postgresql | mongodb 等 Role。以 mysql 为例：

```
  roles:
   - {role: role_common, tags: "role_common"}   
   - {role: role_cloud, tags: "role_cloud"}
   - {role: role_mysql, tags: "role_mysql"}
   - {role: role_docker, tags: "role_docker"}
   - {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
   - {role: role_init_password, tags: "role_init_password"} 
```


## Variables

本 Role 主要变量以及使用方法如下：

| **Items**      | **Details** | **Format**  | **是否初始化** |
| ------------------| ------------------|-----|-----|
| init_db | 参考下方  | 字典 | 否 |
| init_application | [...]   | 字典 | 否 |

注意：
1. init_db, init_application, init_docker 初始化在项目主变量文件中统一修改。
2. 默认数据库管理员密码初始化范例（程序已经自动处理随机密码脚本与其service的先后关系）
    ```
    init_db: 
      mongodb:
        admin: root
        users: ["react"]
        password: "123456"

    init_db: 
      mysql:
        admin: root
        users: ["wordpress","discuz"]
        password: "123456"

    init_db: 
      postgresql:
        admin: postgres
        users: ["wordpress","discuz"]
        password: "123456"
        service_before:
        service_after: php-fpm.service
    
    init_db: 
      postgresql:
        admin: postgres
        users: ["wordpress","discuz"]
        password: "123456"
        
    init_db: 
      mysql:
        admin: root
        users: ["discuz"]
        password: "123456"  
        config_paths:
          - /data/wwwroot/discuz/upload/config/config_global_default.php
          
    init_db: 
      mysql:
        admin: root
        users: ["discuz"]
        password: "123456"  
        config_paths:
          - /data/wwwroot/discuz/upload/config/config_global_default.php
        commands:
          - sudo wp change -u default_account -p default_password to $new_password
          - sudo systemctl restart xxxx 
    ```
3. 默认应用管理员密码初始范例（此方案只适用于修改文件）
    ```
    init_application:
      wordpress:
        username: admin
        password: "123456"
        service_before:
        service_after: php-fpm.service
        config_paths: 
          - /data/wwwroot/wordpress/wp-config.php
          - /data/wwwroot/wordpress/wp-config2.php
        commands: 
          - sudo wp change -u default_account -p default_password to $new_password
          - sudo systemctl restart xxxx  
          
       discuz:   
         username: admin
         password: "123456"
         service_before:
         service_after: php-fpm.service
         config_paths: 
            - /data/wwwroot/wordpress/wp-config.php
            - /data/wwwroot/wordpress/wp-config3.php
         commands: 
            - sudo wp change -u default_account -p default_password to $new_password
            - sudo systemctl restart xxxx  
       
    init_application:
      grafana:
        username: admin
        password: "admin"
        service_before:
        service_after: grafana-server
        commands: 
          - sudo grafana-cli admin reset-admin-password $new_password        
    ```
4. 默认Docker应用管理员密码初始范例（此方案适用于修改Docker相关）
    ```
    init_docker:
      pgadmin:
        admin_username: user@domain.com
        admin_password: "SuperSecret"
        service_after: "docker.service"
        compose_path: "/data/apps/pgadmin/docker-compose.yml"
        compose_commands:
          - sudo sed -i "s/SuperSecret/$new_password/g" /data/apps/pgadmin/docker-compose.yml
        
    init_docker:
      seafile:
        admin_username: me@example.com
        admin_password: "admin123"
        db: mysql
        db_name: seafile_db
        db_username: root
        db_password: "123456"
        service_after: "docker.service"
        compose_path: "/data/docker-compose.yml"
        compose_commands:
          - 'sudo sed -i "s/MYSQL_ROOT_PASSWORD=.*/MYSQL_ROOT_PASSWORD=$new_password/g" /data/docker-compose.yml'
          - 'sudo sed -i "s/DB_ROOT_PASSWD=.*/DB_ROOT_PASSWD=$new_password/g" /data/docker-compose.yml'
          - 'sudo sed -i "s/SEAFILE_ADMIN_PASSWORD=.*/SEAFILE_ADMIN_PASSWORD=$new_password/g" /data/docker-compose.yml'
        volumes: 
          - /opt/seafile-mysql
          - /opt/seafile-data
        commands: 
          - sudo sudo sh -c "cat /data/config/onlyoffice.conf 1>> /opt/seafile-data/seafile/conf/seahub_settings.py"
          - sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/seahub_settings.py
          - sudo sed -i "s/seafile.example.com/$(curl ifconfig.me)/g" /opt/seafile-data/seafile/conf/ccnet.conf
          - sudo docker restart seafile
    ```

## Example

```
- name: MySQL
  hosts: all
  become: yes
  become_method: sudo 
  vars_files:
    - vars/main.yml 

  roles:
   - {role: role_common, tags: "role_common"}   
   - {role: role_cloud, tags: "role_cloud"}
   - {role: role_mysql, tags: "role_mysql"}
   - {role: role_docker, tags: "role_docker"}
   - {role: role_docker_phpmyadmin, tags: "role_docker_phpmyadmin"}
   - {role: role_init_password, tags: "role_init_password"}
   - {role: role_end, tags: "role_end"} 
```

## FAQ

#### 采用哪种方式实现开机运行一次？

systemd