main.yml - ansible-taler-exchange - Ansible playbook to deploy a production Taler Exchange

main.yml (3714B)
      1 ---
      2 - name: Get the list of services
      3   service_facts:
      4 
      5 - name: Ensure taler-auditor service is stopped before upgrading
      6   systemd:
      7     name: taler-auditor.target
      8     state: stopped
      9     enabled: false
     10   when: "'taler-auditor.target' in services"
     11 
     12 - name: Install Taler auditor package
     13   apt:
     14     name:
     15       - taler-auditor
     16     state: latest
     17   when: ansible_os_family == 'Debian'
     18 
     19 - name: Ensure Taler auditor config dir exists from installation
     20   ansible.builtin.stat:
     21     path: "/etc/taler-auditor"
     22   register: st
     23   failed_when: not (st.stat.exists is defined and st.stat.exists)
     24 
     25 - name: Ensure Taler auditor virtualhost configuration file exists
     26   template:
     27     src: templates/etc/nginx/sites-available/auditor-nginx.conf.j2
     28     dest: "/etc/nginx/sites-available/auditor-nginx.conf"
     29     owner: root
     30     group: root
     31     mode: "0644"
     32   notify: Restart nginx
     33 
     34 - name: Ensure Taler auditor HTTP virtualhost configuration file exists
     35   template:
     36     src: templates/etc/nginx/sites-available/auditor-http.conf.j2
     37     dest: "/etc/nginx/sites-available/auditor-http.conf"
     38     owner: root
     39     group: root
     40     mode: "0644"
     41   notify: Restart nginx
     42 
     43 
     44 # We need to make sure that our handler notifies nginx to restart NOW
     45 - name: Flush handlers
     46   meta: flush_handlers
     47 
     48 - name: Secure the auditor site with Letsencrypt
     49   ansible.builtin.include_role:
     50     name: cert
     51   vars:
     52     cert_name: auditor
     53     wanted_cert_domains:
     54       - "auditor.{{ domain_name }}"
     55     nginx_sites:
     56       - auditor-http.conf
     57       - auditor-nginx.conf
     58 
     59 - name: Ensure /etc/taler-auditor/conf.d/ directory exists
     60   ansible.builtin.stat:
     61     path: "/etc/taler-auditor/conf.d/"
     62   register: st
     63   failed_when: not (st.stat.exists is defined and st.stat.exists)
     64 
     65 - name: Place taler-auditor master config
     66   template:
     67     src: templates/etc/taler-auditor/conf.d/taler-auditor-master.conf.j2
     68     dest: "/etc/taler-auditor/conf.d/taler-auditor-master.conf"
     69     owner: root
     70     group: root
     71     mode: "0644"
     72 
     73 - name: Setup Taler Auditor database
     74   ansible.builtin.command:
     75     cmd: taler-auditor-dbconfig -c /etc/taler-auditor/taler-auditor.conf
     76     chdir: /tmp
     77 
     78 - name: Configure auditor access to exchange bank account
     79   ansible.builtin.template:
     80     src: templates/etc/taler-auditor/secrets/auditor-accountcredentials-primary.secret.conf.j2
     81     dest: /etc/taler-auditor/secrets/auditor-accountcredentials-primary.secret.conf
     82     owner: taler-auditor-httpd
     83     group: root
     84     mode: "0400"
     85 
     86 - name: Grant usage to exchange and _v schema
     87   community.postgresql.postgresql_privs:
     88     database: taler-exchange
     89     state: present
     90     privs: USAGE
     91     objs: exchange,_v
     92     type: schema
     93     role: taler-auditor-httpd
     94     grant_option: false
     95   become: true
     96   become_user: postgres
     97 
     98 - name: Grant access to exchange database
     99   community.postgresql.postgresql_privs:
    100     database: taler-exchange
    101     state: present
    102     privs: SELECT
    103     schema: exchange
    104     objs: ALL_IN_SCHEMA
    105     role: taler-auditor-httpd
    106     grant_option: false
    107   become: true
    108   become_user: postgres
    109 
    110 - name: Grant access to exchange database versioning
    111   community.postgresql.postgresql_privs:
    112     database: taler-exchange
    113     state: present
    114     privs: SELECT
    115     schema: _v
    116     objs: ALL_IN_SCHEMA
    117     role: taler-auditor-httpd
    118     grant_option: false
    119   become: true
    120   become_user: postgres
    121 
    122 - name: Inject auditor logic into exchange database
    123   ansible.builtin.command:
    124     cmd: taler-exchange-dbinit -c /etc/taler-exchange/taler-exchange.conf --inject-auditor
    125     chdir: /tmp
    126   become: true
    127   become_user: taler-exchange-httpd
    128 
    129 - name: Ensure taler-auditor service is enabled and started
    130   service:
    131     daemon_reload: true
    132     name: taler-auditor.target
    133     state: started
    134     enabled: true
	ansible-taler-exchange Ansible playbook to deploy a production Taler Exchange
	Log \| Files \| Refs \| Submodules \| README \| LICENSE