2021-10-10 05:23:49 +00:00
|
|
|
---
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Record Corporal Enabled/Disabled variable
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Corporal Settings Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
|
|
|
|
|
|
|
|
- name: Enable Shared Secret Auth if Corporal enabled
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Shared Secret Auth Settings Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
|
|
|
|
when: matrix_corporal_enabled|bool
|
|
|
|
|
|
|
|
- name: Disable Shared Secret Auth if Corporal disabled
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Shared Secret Auth Settings Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
|
|
|
|
when: not matrix_corporal_enabled|bool
|
|
|
|
|
|
|
|
- name: Enable Rest Auth Endpoint if Corporal enabled
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Synapse Extension Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
|
|
|
when: matrix_corporal_enabled|bool
|
|
|
|
|
|
|
|
- name: Disable Rest Auth Endpoint if Corporal disabled
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Synapse Extension Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
|
|
|
when: not matrix_corporal_enabled|bool
|
|
|
|
|
|
|
|
- name: Disable Corporal API if Simple Static File mode selected
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Corporal Settings Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_corporal_http_api_enabled': 'false'
|
2021-10-10 06:10:06 +00:00
|
|
|
when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Enable Corporal API if Push/Pull mode delected
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Corporal Settings Start'
|
|
|
|
with_dict:
|
|
|
|
'matrix_corporal_http_api_enabled': 'true'
|
2021-10-10 06:10:06 +00:00
|
|
|
when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Record Corporal API Access Token if it's defined
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
lineinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
|
|
|
line: "{{ item.key }}: {{ item.value }}"
|
|
|
|
insertafter: '# Corporal Settings Start'
|
|
|
|
with_dict:
|
2021-10-19 09:45:15 +00:00
|
|
|
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
|
|
|
|
when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
blockinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
2021-10-19 09:45:15 +00:00
|
|
|
insertbefore: "# Corporal Policy Provider Settings End"
|
|
|
|
marker_begin: "Corporal"
|
|
|
|
marker_end: "Corporal"
|
2021-08-13 08:05:57 +00:00
|
|
|
block: |
|
|
|
|
matrix_corporal_policy_provider_config: |
|
|
|
|
{
|
|
|
|
"Type": "static_file",
|
|
|
|
"Path": "/etc/matrix-corporal/corporal-policy.json"
|
|
|
|
}
|
2021-10-10 06:10:06 +00:00
|
|
|
when: awx_corporal_policy_provider_mode == "Simple Static File"
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Touch the /matrix/corporal/ directory
|
|
|
|
file:
|
|
|
|
path: "/matrix/corporal/"
|
|
|
|
state: directory
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '750'
|
|
|
|
|
|
|
|
- name: Touch the /matrix/corporal/config/ directory
|
|
|
|
file:
|
|
|
|
path: "/matrix/corporal/config/"
|
|
|
|
state: directory
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '750'
|
|
|
|
|
|
|
|
- name: Touch the /matrix/corporal/cache/ directory
|
|
|
|
file:
|
|
|
|
path: "/matrix/corporal/cache/"
|
|
|
|
state: directory
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '750'
|
|
|
|
|
|
|
|
- name: Touch the corporal-policy.json file to ensure it exists
|
|
|
|
file:
|
|
|
|
path: "/matrix/corporal/config/corporal-policy.json"
|
|
|
|
state: touch
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '660'
|
|
|
|
|
|
|
|
- name: Touch the last-policy.json file to ensure it exists
|
|
|
|
file:
|
|
|
|
path: "/matrix/corporal/config/last-policy.json"
|
|
|
|
state: touch
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '660'
|
|
|
|
|
|
|
|
- name: Record 'Simple Static File' configuration content in corporal-policy.json
|
|
|
|
copy:
|
2021-10-10 06:10:06 +00:00
|
|
|
content: "{{ awx_corporal_simple_static_config | string }}"
|
2021-08-13 08:05:57 +00:00
|
|
|
dest: "/matrix/corporal/config/corporal-policy.json"
|
|
|
|
owner: matrix
|
|
|
|
group: matrix
|
|
|
|
mode: '660'
|
2021-10-10 06:10:06 +00:00
|
|
|
when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
blockinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
insertafter: "# Corporal Policy Provider Settings Start"
|
|
|
|
block: |
|
|
|
|
matrix_corporal_policy_provider_config: |
|
|
|
|
{
|
|
|
|
"Type": "http",
|
2021-10-10 06:10:06 +00:00
|
|
|
"Uri": "{{ awx_corporal_pull_mode_uri }}",
|
|
|
|
"AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
|
2021-08-13 08:05:57 +00:00
|
|
|
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
|
|
|
"ReloadIntervalSeconds": 1800,
|
|
|
|
"TimeoutMilliseconds": 30000
|
|
|
|
}
|
2021-10-10 06:10:06 +00:00
|
|
|
when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
blockinfile:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
insertafter: "# Corporal Policy Provider Settings Start"
|
|
|
|
block: |
|
|
|
|
matrix_corporal_policy_provider_config: |
|
|
|
|
{
|
|
|
|
"Type": "last_seen_store_policy",
|
|
|
|
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
|
|
|
|
}
|
2021-10-10 06:10:06 +00:00
|
|
|
when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Lower RateLimit if set to 'Normal'
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
replace:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
|
|
|
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
2021-10-10 06:10:06 +00:00
|
|
|
when: awx_corporal_raise_ratelimits == "Normal"
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Raise RateLimit if set to 'Raised'
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
replace:
|
|
|
|
path: '{{ awx_cached_matrix_vars }}'
|
|
|
|
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
|
|
|
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
2021-10-10 06:10:06 +00:00
|
|
|
when: awx_corporal_raise_ratelimits == "Raised"
|
2021-08-13 08:05:57 +00:00
|
|
|
|
|
|
|
- name: Save new 'Configure Corporal' survey.json to the AWX tower
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
template:
|
|
|
|
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
|
|
|
|
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
|
|
|
|
|
|
|
- name: Copy new 'Configure Corporal' survey.json to target machine
|
|
|
|
copy:
|
|
|
|
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
|
|
|
dest: '/matrix/awx/configure_corporal.json'
|
|
|
|
mode: '0660'
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
|
|
|
|
|
|
|
- name: Recreate 'Configure Corporal (Advanced)' job template
|
|
|
|
delegate_to: 127.0.0.1
|
|
|
|
awx.awx.tower_job_template:
|
|
|
|
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
|
|
|
|
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
|
|
|
|
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
|
|
|
job_type: run
|
|
|
|
job_tags: "start,setup-corporal"
|
|
|
|
inventory: "{{ member_id }}"
|
|
|
|
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
|
|
|
playbook: setup.yml
|
|
|
|
credential: "{{ member_id }} - AWX SSH Key"
|
|
|
|
survey_enabled: true
|
|
|
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
2022-02-05 20:32:54 +00:00
|
|
|
become_enabled: true
|
2021-08-13 08:05:57 +00:00
|
|
|
state: present
|
|
|
|
verbosity: 1
|
2021-10-01 10:56:38 +00:00
|
|
|
tower_host: "https://{{ awx_host }}"
|
|
|
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
2022-02-05 20:32:54 +00:00
|
|
|
validate_certs: true
|