7d3adc4512
We do use some `:latest` images by default for the following services: - matrix-dimension - Goofys (in the matrix-synapse role) - matrix-bridge-appservice-irc - matrix-bridge-appservice-discord - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-whatsapp It's terribly unfortunate that those software projects don't release anything other than `:latest`, but that's how it is for now. Updating that software requires that users manually do `docker pull` on the server. The playbook didn't force-repull images that it already had. With this patch, it starts doing so. Any image tagged `:latest` will be force re-pulled by the playbook every time it's executed. It should be noted that even though we ask the `docker_image` module to force-pull, it only reports "changed" when it actually pulls something new. This is nice, because it lets people know exactly when something gets updated, as opposed to giving the indication that it's always updating the images (even though it isn't).
123 lines
4.1 KiB
YAML
123 lines
4.1 KiB
YAML
---
|
|
|
|
#
|
|
# Tasks related to setting up Coturn
|
|
#
|
|
|
|
- name: Ensure Coturn image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_coturn_docker_image }}"
|
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}"
|
|
when: matrix_coturn_enabled|bool
|
|
|
|
- name: Ensure Coturn configuration path exists
|
|
file:
|
|
path: "{{ matrix_coturn_base_path }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: matrix_coturn_enabled|bool
|
|
|
|
- name: Ensure turnserver.conf installed
|
|
template:
|
|
src: "{{ role_path }}/templates/turnserver.conf.j2"
|
|
dest: "{{ matrix_coturn_config_path }}"
|
|
mode: 0644
|
|
when: matrix_coturn_enabled|bool
|
|
|
|
# `docker_network` doesn't work as expected when the given network
|
|
# is a substring of a network that already exists.
|
|
#
|
|
# See our other comments in `roles/matrix-base/tasks/setup_matrix_base.yml`
|
|
- name: Check existence of Coturn network in Docker
|
|
shell:
|
|
cmd: "docker network ls -q --filter='name=^{{ matrix_coturn_docker_network }}$'"
|
|
register: matrix_coturn_result_docker_network
|
|
changed_when: false
|
|
when: matrix_coturn_enabled|bool
|
|
|
|
- name: Create Coturn network in Docker
|
|
shell:
|
|
cmd: "docker network create --driver=bridge {{ matrix_coturn_docker_network }}"
|
|
when: "matrix_coturn_enabled|bool and matrix_coturn_result_docker_network.stdout == ''"
|
|
|
|
- name: Ensure matrix-coturn.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-coturn.service.j2"
|
|
dest: "/etc/systemd/system/matrix-coturn.service"
|
|
mode: 0644
|
|
register: matrix_coturn_systemd_service_result
|
|
when: matrix_coturn_enabled|bool
|
|
|
|
- name: Ensure systemd reloaded after matrix-coturn.service installation
|
|
service:
|
|
daemon_reload: yes
|
|
when: "matrix_coturn_enabled|bool and matrix_coturn_systemd_service_result.changed"
|
|
|
|
# This may be unnecessary when more long-lived certificates are used.
|
|
# We optimize for the common use-case though (short-lived Let's Encrypt certificates).
|
|
# Reloading doesn't hurt anyway, so there's no need to make this more flexible.
|
|
- name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
|
|
cron:
|
|
user: root
|
|
cron_file: matrix-coturn-ssl-reload
|
|
name: matrix-coturn-ssl-reload
|
|
state: present
|
|
hour: "4"
|
|
minute: "20"
|
|
day: "*/5"
|
|
job: /bin/systemctl reload matrix-coturn.service
|
|
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of Coturn (if it was previously enabled)
|
|
#
|
|
|
|
- name: Ensure matrix-coturn-ssl-reload cronjob removed
|
|
cron:
|
|
user: root
|
|
cron_file: matrix-coturn-ssl-reload
|
|
state: absent
|
|
when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
|
|
|
|
- name: Check existence of matrix-coturn service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-coturn.service"
|
|
register: matrix_coturn_service_stat
|
|
when: "not matrix_coturn_enabled|bool"
|
|
|
|
- name: Ensure matrix-coturn is stopped
|
|
service:
|
|
name: matrix-coturn
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-coturn.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-coturn.service"
|
|
state: absent
|
|
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
|
|
|
- name: Ensure systemd reloaded after matrix-coturn.service removal
|
|
service:
|
|
daemon_reload: yes
|
|
when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix coturn paths don't exist
|
|
file:
|
|
path: "{{ matrix_coturn_base_path }}"
|
|
state: absent
|
|
when: "not matrix_coturn_enabled|bool"
|
|
|
|
- name: Ensure coturn Docker image doesn't exist
|
|
docker_image:
|
|
name: "{{ matrix_coturn_docker_image }}"
|
|
state: absent
|
|
when: "not matrix_coturn_enabled|bool"
|