151 lines
5.2 KiB
YAML
151 lines
5.2 KiB
YAML
---
|
|
- name: GPLI Docker Container
|
|
ansible.builtin.include_role:
|
|
name: docker_management
|
|
vars:
|
|
docker_images:
|
|
- name: "{{ docker_image_name_glpi }}"
|
|
tag: "{{ docker_image_tag_glpi }}"
|
|
|
|
docker_networks:
|
|
- name: "{{ docker_container_name_glpi }}-access"
|
|
internal: false # this needs to be added to the docker role
|
|
- name: "{{ docker_container_name_glpi }}-smtp-access"
|
|
internal: true
|
|
|
|
docker_containers:
|
|
- name: "{{ docker_container_name_glpi }}"
|
|
image: "{{ docker_image_name_glpi }}:{{ docker_image_tag_glpi }}"
|
|
env:
|
|
TIMEZONE: UTC
|
|
networks:
|
|
- name: "{{ docker_container_name_glpi }}-access"
|
|
- name: "ingress-access"
|
|
- name: "{{ docker_container_name_glpi }}-smtp-access"
|
|
- name: ldap-access
|
|
- name: mysql-access
|
|
# published_ports:
|
|
# - 80:80
|
|
volumes:
|
|
- /usr/share/zoneinfo/Etc/UTC:/etc/timezone:ro
|
|
- /usr/share/zoneinfo/Etc/UTC:/etc/localtime:ro
|
|
- "config_{{ docker_container_name_glpi }}:/var/www/html/config"
|
|
- "data_{{ docker_container_name_glpi }}:/var/www/html/files"
|
|
- "log_{{ docker_container_name_glpi }}:/var/log"
|
|
- "marketplace_{{ docker_container_name_glpi }}:/var/www/html/marketplace"
|
|
- "plugins_{{ docker_container_name_glpi }}:/var/www/html/plugins"
|
|
|
|
docker_volumes:
|
|
- name: "plugins_{{ docker_container_name_glpi }}"
|
|
- name: "data_{{ docker_container_name_glpi }}"
|
|
- name: "config_{{ docker_container_name_glpi }}"
|
|
- name: "marketplace_{{ docker_container_name_glpi }}"
|
|
- name: "log_{{ docker_container_name_glpi }}"
|
|
- name: "varlog_{{ docker_container_name_glpi }}"
|
|
|
|
|
|
- name: Create GLPI database
|
|
community.mysql.mysql_db:
|
|
name: "{{ mysql_database_glpi }}"
|
|
state: present
|
|
login_unix_socket: "{{ mysql_unix_socket }}"
|
|
login_user: "{{ mysql_login_user }}"
|
|
login_password: "{{ mysql_login_password }}"
|
|
login_host: "{{ mysql_login_host | default('') }}"
|
|
config_file: ''
|
|
|
|
|
|
- name: Create user with password, all database privileges and 'WITH GRANT OPTION' in db1 and db2
|
|
community.mysql.mysql_user:
|
|
state: "{{ item.state | default('present') }}"
|
|
name: "{{ item.name }}"
|
|
password: "{{ item.password }}"
|
|
host: "{{ item.host | default('localhost') }}"
|
|
priv: "{{ item.priv | default(omit) | from_yaml }}"
|
|
update_password: "{{ item.update_password | default('on_create') }}"
|
|
login_host: "{{ mysql_login_host | default('') }}"
|
|
login_unix_socket: "{{ mysql_unix_socket }}"
|
|
login_user: "{{ mysql_login_user }}"
|
|
login_password: "{{ mysql_login_password }}"
|
|
config_file: ''
|
|
loop: "{{ database_mysql_users }}"
|
|
vars:
|
|
database_mysql_users:
|
|
- name: glpi
|
|
password: admin
|
|
host: '%'
|
|
priv:
|
|
'glpi.*': 'ALL,GRANT'
|
|
|
|
# sudo cp -r /var/www/html/glpi/config/* /var/lib/docker/volumes/glpi_config_glpi/_data/
|
|
# sudo cp -r /var/www/html/glpi/files/* /var/lib/docker/volumes/glpi_data_glpi/_data/
|
|
# sudo cp -r /var/www/html/glpi/plugins/* /var/lib/docker/volumes/glpi_glpi_plugins/_data/
|
|
# sudo cp -r /var/www/html/glpi/marketplace/* /var/lib/docker/volumes/glpi_marketplace_glpi/_data/
|
|
|
|
|
|
# sudo chmod -R 777 /var/lib/docker/volumes/glpi_config_glpi/_data/
|
|
# sudo chmod -R 777 /var/lib/docker/volumes/glpi_data_glpi/_data/
|
|
# sudo chmod -R 777 /var/lib/docker/volumes/glpi_glpi_plugins/_data/
|
|
# sudo chmod -R 777 /var/lib/docker/volumes/glpi_marketplace_glpi/_data/
|
|
|
|
- name: Add fail2ban filters
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: '760'
|
|
owner: root
|
|
group: root
|
|
loop: "{{ the_files }}"
|
|
# notify: reload_fail2ban
|
|
when: >
|
|
install_fail2ban | default(false) | bool
|
|
vars:
|
|
the_files:
|
|
- src: fail2ban.filter.conf
|
|
dest: "/etc/fail2ban/filter.d/glpi.local"
|
|
- src: fail2ban.filter.conf
|
|
dest: "/etc/fail2ban/filter.d/glpi-api.local"
|
|
|
|
|
|
- name: "Fail2Ban Jail for GLPI"
|
|
ansible.builtin.include_role:
|
|
name: nfc_firewall
|
|
when: >
|
|
install_fail2ban | default(false) | bool
|
|
vars:
|
|
fail2ban:
|
|
config:
|
|
- name: "glpi-{{ docker_container_name_glpi }}"
|
|
sub_path: jail.d
|
|
sections:
|
|
DEFAULT:
|
|
"glpi_log": "/var/lib/docker/volumes/data_{{ docker_container_name_glpi }}/_data/_log/event.log"
|
|
glpi:
|
|
enabled: true
|
|
mode: polling
|
|
chain: DOCKER-USER
|
|
port: http,https
|
|
logpath: "%(glpi_log)s"
|
|
filter: glpi
|
|
findtime: 600
|
|
maxretry: 5
|
|
- name: "api_glpi-{{ docker_container_name_glpi }}"
|
|
sub_path: jail.d
|
|
sections:
|
|
DEFAULT:
|
|
"api_glpi_log": "/var/lib/docker/volumes/log_{{ docker_container_name_glpi }}/_data/apache2/access-glpi.log"
|
|
api_glpi:
|
|
enabled: true
|
|
mode: polling
|
|
chain: DOCKER-USER
|
|
port: http,https
|
|
logpath: "%(api_glpi_log)s"
|
|
filter: glpi-api
|
|
findtime: 600
|
|
maxretry: 5
|
|
|
|
|
|
- name: Task Final playbook variables
|
|
ansible.builtin.set_fact:
|
|
glpi_installed: true
|