feat(migration): initial adding of role to repo

!1

tasks/configure.yaml

@@ -0,0 +1,111 @@
+---
+- name: Clear  Any downloaded files
+  ansible.builtin.file:
+    name: "/tmp/ansible"
+    state: absent
+  #loop: "{{ glpi_plugins }}"
+
+- name: Clear  Any downloaded files
+  ansible.builtin.file:
+    name: "/tmp/ansible"
+    state: directory
+  #loop: "{{ glpi_plugins }}"
+
+# - name: Download Plugins
+#   ansible.builtin.get_url:
+#     url: "{{ item.url }}"
+#     dest: "/tmp/{{ item.filename }}"
+#   loop: "{{ glpi_plugins }}"
+
+# - name: Download plugins
+#   ansible.builtin.command:
+#     cmd: "bash -c echo $({{ item.url }})"
+#   loop: "{{ glpi_plugins }}"
+
+# wget https://github.com/pluginsGLPI/formcreator/releases/download/2.13.6/glpi-formcreator-2.13.6.tar.bz2 -O /tmp/plugin-form-creator.tar.bz2
+# tar -xjf /tmp/plugin-form-creator.tar.bz2 -C /var/lib/docker/volumes/glpi_glpi_plugins/_data/
+
+# wget https://github.com/glpi-project/glpi-inventory-plugin/releases/download/1.2.3/glpi-glpiinventory-1.2.3.tar.bz2 -O /tmp/glpi-glpiinventory-1.2.3.tar.bz2
+# tar -xjf /tmp/glpi-glpiinventory-1.2.3.tar.bz2 -C /var/lib/docker/volumes/glpi_glpi_plugins/_data/
+# chown www-data:www-data -R /var/lib/docker/volumes/glpi_glpi_plugins/_data/
+
+- name: Install bzip
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ apps }}"
+  vars:
+    apps:
+      - bzip2
+      - jq
+      - wget
+
+
+# - name: Example clone of a single branch
+#   ansible.builtin.git:
+#     repo: "{{ item.repo }}.git"
+#     dest: "/var/lib/docker/volumes/plugins_glpi/_data/{{ item.name }}"
+#     single_branch: true
+#     version: "{{ item.version }}"
+#     depth: 1
+#     force: true
+#   loop: "{{ plugins }}"
+#   vars:
+#     plugins:
+#       - name: actualtime
+#         repo: https://github.com/ticgal/actualtime
+#         version: 2.1.0
+
+#       - name: glpiinventory
+#         repo: https://github.com/glpi-project/glpi-inventory-plugin
+#         version: 1.2.3
+#       # for creator doesnt work
+#       # - name: formcreator
+#       #   repo: https://github.com/pluginsGLPI/formcreator
+#       #   version: 2.13.6
+
+#       - name: geninventorynumber
+#         repo: https://github.com/pluginsGLPI/geninventorynumber
+#         version: 2.8.3
+
+#       - name: releases
+#         repo: https://github.com/InfotelGLPI/releases
+#         version: 2.0.3
+
+#       - name: phpsaml
+#         repo: https://github.com/DonutsNL/phpsaml
+#         # version: e7357a49ca9f0b612bc28879a0c703cdbfc4463b
+#         version: master
+
+# - name: Download and Extract the plugins
+#   ansible.builtin.shell:
+#     cmd: |
+#       export URL=$(curl -s {{ item.url }} | jq .assets[0].browser_download_url | tr -d \");
+#       wget $URL -O /tmp/ansible/$(basename ${URL});
+#       tar -xjf /tmp/ansible/$(basename ${URL}) -C /var/lib/docker/volumes/plugins_glpi/_data/;
+#   loop: "{{ glpi_plugins }}"
+#   changed_when: false
+
+
+- name: Fix file perms
+  ansible.builtin.command:
+    cmd: chown www-data:www-data -R /var/lib/docker/volumes/plugins_glpi/_data/
+  changed_when: false
+
+# - name: Unarchive a file that needs to be downloaded (added in 2.0)
+#   ansible.builtin.unarchive:
+#     src: /tmp/{{ item.filename }}
+#     dest: /var/lib/docker/volumes/plugins_glpi/_data/
+#     remote_src: true
+#     extra_opts:
+#       - -j
+#   loop: "{{ glpi_plugins }}"
+
+- name: Clear  Any downloaded files
+  ansible.builtin.file:
+    name: "{{ item.filename }}"
+    state: absent
+  loop: "{{ glpi_plugins }}"
+
+- name: Reload logroate if required
+  ansible.builtin.meta: flush_handlers

tasks/install.yaml

@@ -0,0 +1,150 @@
+---
+- name: GPLI Docker Container
+  ansible.builtin.include_role:
+    name: docker_management
+  vars:
+    docker_images:
+      - name: "{{ docker_image_name_glpi }}"
+        tag: "{{ docker_image_tag_glpi }}"
+
+    docker_networks:
+      - name: "{{ docker_container_name_glpi }}-access"
+        internal: false # this needs to be added to the docker role
+      - name: "{{ docker_container_name_glpi }}-smtp-access"
+        internal: true
+
+    docker_containers:
+      - name: "{{ docker_container_name_glpi }}"
+        image: "{{ docker_image_name_glpi }}:{{ docker_image_tag_glpi }}"
+        env:
+          TIMEZONE: UTC
+        networks:
+          - name: "{{ docker_container_name_glpi }}-access"
+          - name: "ingress-access"
+          - name: "{{ docker_container_name_glpi }}-smtp-access"
+          - name: ldap-access
+          - name: mysql-access
+        # published_ports:
+        #   - 80:80
+        volumes:
+          - /usr/share/zoneinfo/Etc/UTC:/etc/timezone:ro
+          - /usr/share/zoneinfo/Etc/UTC:/etc/localtime:ro
+          - "config_{{ docker_container_name_glpi }}:/var/www/html/config"
+          - "data_{{ docker_container_name_glpi }}:/var/www/html/files"
+          - "log_{{ docker_container_name_glpi }}:/var/log"
+          - "marketplace_{{ docker_container_name_glpi }}:/var/www/html/marketplace"
+          - "plugins_{{ docker_container_name_glpi }}:/var/www/html/plugins"
+
+    docker_volumes:
+      - name: "plugins_{{ docker_container_name_glpi }}"
+      - name: "data_{{ docker_container_name_glpi }}"
+      - name: "config_{{ docker_container_name_glpi }}"
+      - name: "marketplace_{{ docker_container_name_glpi }}"
+      - name: "log_{{ docker_container_name_glpi }}"
+      - name: "varlog_{{ docker_container_name_glpi }}"
+
+
+- name: Create GLPI database
+  community.mysql.mysql_db:
+    name: "{{ mysql_database_glpi }}"
+    state: present
+    login_unix_socket: "{{ mysql_unix_socket }}"
+    login_user: "{{ mysql_login_user }}"
+    login_password: "{{ mysql_login_password }}"
+    login_host: "{{ mysql_login_host | default('') }}"
+    config_file: ''
+
+
+- name: Create user with password, all database privileges and 'WITH GRANT OPTION' in db1 and db2
+  community.mysql.mysql_user:
+    state: "{{ item.state | default('present') }}"
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    host: "{{ item.host | default('localhost') }}"
+    priv: "{{ item.priv | default(omit) | from_yaml }}"
+    update_password: "{{ item.update_password | default('on_create') }}"
+    login_host: "{{ mysql_login_host | default('') }}"
+    login_unix_socket: "{{ mysql_unix_socket }}"
+    login_user: "{{ mysql_login_user }}"
+    login_password: "{{ mysql_login_password }}"
+    config_file: ''
+  loop: "{{ database_mysql_users }}"
+  vars:
+    database_mysql_users:
+      - name: glpi
+        password: admin
+        host: '%'
+        priv:
+          'glpi.*': 'ALL,GRANT'
+
+# sudo cp -r /var/www/html/glpi/config/* /var/lib/docker/volumes/glpi_config_glpi/_data/
+# sudo cp -r /var/www/html/glpi/files/* /var/lib/docker/volumes/glpi_data_glpi/_data/
+# sudo cp -r /var/www/html/glpi/plugins/* /var/lib/docker/volumes/glpi_glpi_plugins/_data/
+# sudo cp -r /var/www/html/glpi/marketplace/* /var/lib/docker/volumes/glpi_marketplace_glpi/_data/
+
+
+# sudo chmod -R 777 /var/lib/docker/volumes/glpi_config_glpi/_data/
+# sudo chmod -R 777 /var/lib/docker/volumes/glpi_data_glpi/_data/
+# sudo chmod -R 777 /var/lib/docker/volumes/glpi_glpi_plugins/_data/
+# sudo chmod -R 777 /var/lib/docker/volumes/glpi_marketplace_glpi/_data/
+
+- name: Add fail2ban filters
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: '760'
+    owner: root
+    group: root
+  loop: "{{ the_files }}"
+  # notify: reload_fail2ban
+  when: >
+    install_fail2ban | default(false) | bool
+  vars:
+    the_files:
+      - src: fail2ban.filter.conf
+        dest: "/etc/fail2ban/filter.d/glpi.local"
+      - src: fail2ban.filter.conf
+        dest: "/etc/fail2ban/filter.d/glpi-api.local"
+      
+
+- name: "Fail2Ban Jail for GLPI"
+  ansible.builtin.include_role:
+    name: nfc_firewall
+  when: >
+    install_fail2ban | default(false) | bool
+  vars:
+    fail2ban:
+      config:
+        - name: "glpi-{{ docker_container_name_glpi }}"
+          sub_path: jail.d
+          sections:
+            DEFAULT:
+              "glpi_log": "/var/lib/docker/volumes/data_{{ docker_container_name_glpi }}/_data/_log/event.log"
+            glpi:
+              enabled: true
+              mode: polling
+              chain: DOCKER-USER
+              port: http,https
+              logpath: "%(glpi_log)s"
+              filter: glpi
+              findtime: 600
+              maxretry: 5
+        - name: "api_glpi-{{ docker_container_name_glpi }}"
+          sub_path: jail.d
+          sections:
+            DEFAULT:
+              "api_glpi_log": "/var/lib/docker/volumes/log_{{ docker_container_name_glpi }}/_data/apache2/access-glpi.log"
+            api_glpi:
+              enabled: true
+              mode: polling
+              chain: DOCKER-USER
+              port: http,https
+              logpath: "%(api_glpi_log)s"
+              filter: glpi-api
+              findtime: 600
+              maxretry: 5
+
+
+- name: Task Final playbook variables
+  ansible.builtin.set_fact:
+    glpi_installed: true

tasks/main.yaml

@@ -0,0 +1,33 @@
+---
+- name: Install GLPI
+  ansible.builtin.include_tasks:
+    file: install.yaml
+    apply:
+      tags:
+        - always
+  tags:
+    - always
+  when: >
+    install_glpi | bool
+      and
+    not glpi_installed | bool
+
+
+
+- name: Configure Log Rotate
+  ansible.builtin.include_tasks:
+    file: configure.yaml
+    apply:
+      tags:
+        - always
+  tags:
+    - always
+  when: glpi_installed | bool
+#       and
+#     ansible_os_family == "Debian"
+#       and
+#     (
+#       logrotate is defined
+#         and
+#       logrotate | default([]) | length | int > 0
+#     )