main.yml (4941B)
1 --- 2 - name: Get the list of services 3 service_facts: 4 5 - name: Ensure taler-exchange service is stopped before we upgrade 6 ansible.builtin.systemd: 7 name: taler-exchange.target 8 state: stopped 9 enabled: false 10 when: "'taler-exchange.target' in services" 11 12 - name: Ensure sanctionscheck service is stopped before we upgrade 13 ansible.builtin.systemd: 14 name: taler-exchange-sanctionscheck 15 state: stopped 16 enabled: false 17 when: "'taler-exchange-sanctionscheck.service' in services" 18 19 - name: Install latest Taler exchange package 20 ansible.builtin.apt: 21 name: 22 - taler-exchange 23 - taler-terms-generator 24 state: latest 25 when: ansible_os_family == 'Debian' 26 27 - name: Ensure Taler exchange virtualhost configuration file exists 28 ansible.builtin.template: 29 src: templates/etc/nginx/sites-available/exchange-nginx.conf.j2 30 dest: /etc/nginx/sites-available/exchange-nginx.conf 31 owner: root 32 group: root 33 mode: "0644" 34 35 - name: Ensure Taler exchange HTTP virtualhost configuration file exists 36 ansible.builtin.template: 37 src: templates/etc/nginx/sites-available/exchange-http.conf.j2 38 dest: /etc/nginx/sites-available/exchange-http.conf 39 owner: root 40 group: root 41 mode: "0644" 42 43 - name: Secure the exchange site with Letsencrypt 44 when: exchange_use_letsencrypt 45 ansible.builtin.include_role: 46 name: cert 47 vars: 48 cert_name: exchange 49 wanted_cert_domains: 50 - "{{ exchange_domain }}" 51 nginx_sites: 52 - exchange-http.conf 53 - exchange-nginx.conf 54 55 - name: Enable Taler exchange HTTP reverse proxy configuration 56 ansible.builtin.file: 57 src: /etc/nginx/sites-available/exchange-http.conf 58 dest: /etc/nginx/sites-enabled/exchange-http.conf 59 state: link 60 notify: Restart nginx 61 62 - name: Enable Taler exchange reverse proxy configuration 63 ansible.builtin.file: 64 src: /etc/nginx/sites-available/exchange-nginx.conf 65 dest: /etc/nginx/sites-enabled/exchange-nginx.conf 66 state: link 67 notify: Restart nginx 68 69 - name: Ensure /etc/taler-exchange/config.d/ directory exists 70 ansible.builtin.stat: 71 path: "/etc/taler-exchange/conf.d/" 72 register: st 73 failed_when: not (st.stat.exists is defined and st.stat.exists) 74 75 - name: Check that /etc/taler-exchange/secrets/ directory exists 76 ansible.builtin.stat: 77 path: "/etc/taler-exchange/secrets/" 78 register: st 79 failed_when: not (st.stat.exists is defined and st.stat.exists) 80 81 - name: Place taler-exchange account credentials 82 ansible.builtin.template: 83 src: templates/etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf.j2 84 dest: /etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf 85 owner: taler-exchange-wire 86 group: root 87 mode: "0400" 88 89 - name: Place taler-exchange business config 90 ansible.builtin.template: 91 src: templates/etc/taler-exchange/conf.d/exchange-business.conf.j2 92 dest: /etc/taler-exchange/conf.d/exchange-business.conf 93 owner: root 94 group: root 95 mode: "0644" 96 97 - name: Setup or upgrade Taler Exchange database 98 ansible.builtin.command: 99 cmd: taler-exchange-dbconfig -c /etc/taler-exchange/taler-exchange.conf 100 chdir: /tmp 101 102 - name: Ensure /var/lib/taler-exchange/terms/ directory exists 103 ansible.builtin.file: 104 path: "/var/lib/taler-exchange/terms/" 105 state: directory 106 owner: taler-exchange-httpd 107 group: root 108 mode: "0755" 109 110 - name: Apply deployment-specific exchange configuration 111 ansible.builtin.include_role: 112 name: "exchange_{{ DEPLOYMENT_KIND }}" 113 114 # FIXME: Implement this as handler, so it's only 115 # done when necessary. 116 - name: Ensure taler-exchange service is enabled and restarted 117 service: 118 daemon_reload: true 119 name: taler-exchange.target 120 state: restarted 121 enabled: true 122 123 # Setup sanction list 124 - name: Check if local sanction list file exists 125 delegate_to: localhost 126 run_once: true 127 ansible.builtin.stat: 128 path: "{{ role_path }}/files/var/lib/taler-exchange/{{ SANCTION_LIST }}" 129 register: sanction_list_stat 130 when: SANCTION_LIST is defined 131 132 - name: Fail if sanction list file does not exist 133 delegate_to: localhost 134 run_once: true 135 ansible.builtin.fail: 136 msg: "The local file 'files/var/lib/taler-exchange/{{ SANCTION_LIST }}' does not exist. Aborting." 137 when: 138 - SANCTION_LIST is defined 139 - not sanction_list_stat.stat.exists 140 141 - name: Copy sanction list to server if SANCTION_LIST is defined 142 ansible.builtin.copy: 143 src: "var/lib/taler-exchange/{{ SANCTION_LIST }}" 144 dest: "/var/lib/taler-exchange/{{ SANCTION_LIST }}" 145 owner: root 146 group: root 147 mode: '0644' 148 when: SANCTION_LIST is defined 149 notify: sanctions-reset 150 151 - name: Ensure sanctionscheck service is restarted after the upgrade 152 ansible.builtin.systemd: 153 daemon_reload: true 154 name: taler-exchange-sanctionscheck 155 state: started 156 enabled: true 157 when: 158 - "'taler-exchange-sanctionscheck.service' in services" 159 - SANCTION_LIST is defined