Install buster #1
Conversation
defaults/main.yml
Outdated
| @@ -5,7 +5,94 @@ peertube_version: v1.0.0-beta.3 | |||
| peertube_user_path: /var/www/peertube | |||
| peertube_proxy_handle_https: no | |||
| peertube_proxy_ips: [] | |||
There was a problem hiding this comment.
Is necessary the name changing?
There was a problem hiding this comment.
Yes, the name is defined like this in the configuration file here.
templates/production.yaml.j2
Outdated
| # If you run PeerTube just behind a local proxy (nginx), keep 'loopback' | ||
| # If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) | ||
| trust_proxy: | ||
| - 'loopback' |
There was a problem hiding this comment.
...peertube_proxy_ips can be used here
There was a problem hiding this comment.
peertube_proxy_ips now peertube_trust_proxy is used here
| when: | ||
| - peertube_version_dir.stat.exists == False | ||
| - fresh_install # is changed | ||
| - peertube_web_admin_password is defined |
There was a problem hiding this comment.
peertube_web_admin_password is also unused any more. Should this code be deleted for all cases?
There was a problem hiding this comment.
Corrected. Used here
There was a problem hiding this comment.
Genial! Mirando el rol original deberíamos hacer un mayor uso de la variable fresh_install para las tareas subsiguientes. Por ejemplo, ejecutar las SQL extra queries solo si estamos en una fresh_install no te parece?
There was a problem hiding this comment.
The problem is that if we change something in the ldap, for example, we need the sql statement to be executed again for the changes to be reflected in the system.
There was a problem hiding this comment.
It's fine in this case, but to keep the logic of the original role we can add a when: fresh_install is changed here
| notify: | ||
| - install peertube daemon | ||
|
|
||
| - name: Add tools in $PATH |
There was a problem hiding this comment.
npm is used to install the plugins and not cli wraper
|
In this branch we also have to remove this unused dependency (meta/main.yml): |
| @@ -96,20 +96,21 @@ | |||
| template: | |||
| src: sql/{{ item }} | |||
| dest: /tmp/{{ item }} | |||
| owner: postgres | |||
| owner: '{{ peertube_user }}' | |||
There was a problem hiding this comment.
It is {{ peertube_postgres_user }}, does it ?? and wihout group..
|
When i run the role with default vars (no value for peertube_alias) i get this: |
|
...It's time to update README.md also. |
| @@ -1,11 +1,136 @@ | |||
| --- | |||
| # defaults file for peertube | |||
| peertube_tld: localhost | |||
| peertube_tld: '{{ inventory_hostname }}' | |||
| #peertube_alias: [] | |||
There was a problem hiding this comment.
Default value must be ["{{ inventory_hostname }}"]
There was a problem hiding this comment.
By default aliases are not defined, if you have one we do it in the vars of the container.
defaults/main.yml
Outdated
| hd: false #1080p | ||
| full_hd: false #2160p | ||
|
|
||
| peertube_plugins: |
There was a problem hiding this comment.
The default value should be [] otherwise the role fails with this:
TASK [udelarinterior.peertube : Install plugins npm package] ****************************************************************************************************
task path: /home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/install_configure_peertube.yml:91
fatal: [pericon.interior.edu.uy]: FAILED! => {"msg": "Invalid data passed to 'loop', it requires a list, got this instead: None. Hint: If you passed a list/dict of just one element, try adding wantlist=True to your lookup invocation or use q/query instead of lookup."}
| - fresh_install # is changed | ||
| - peertube_web_admin_password is defined | ||
| - include_tasks: copy_ldap_key_tls.yml | ||
| when: not peertube_ldap.insecure_tls |
There was a problem hiding this comment.
Also check that peertube_ldap is defined. Now the role fails if it's undefined:
TASK [udelarinterior.peertube : include_tasks] ******************************************************************************************************************
task path: /home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/main.yml:12
fatal: [pericon.interior.edu.uy]: FAILED! => {"msg": "The conditional check 'not peertube_ldap.insecure_tls' failed. The error was: error while evaluating conditional (not peertube_ldap.insecure_tls): 'None' has no attribute 'insecure_tls'\n\nThe error appears to be in '/home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/main.yml': line 12, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- include_tasks: copy_ldap_key_tls.yml\n ^ here\n"}
There was a problem hiding this comment.
Running with new changes (peertube_ldap:[] in defaults) I get the same error:
TASK [udelarinterior.peertube : include_tasks] ******************************************************************************************************************
task path: /home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/main.yml:12
fatal: [pericon.interior.edu.uy]: FAILED! => {"msg": "The conditional check 'not peertube_ldap.insecure_tls' failed. The error was: error while evaluating conditional (not peertube_ldap.insecure_tls): 'list object' has no attribute 'insecure_tls'\n\nThe error appears to be in '/home/apias/desarrolloudelar/ansible/UdelaRInterior/udelarinterior.peertube/tasks/main.yml': line 12, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- include_tasks: copy_ldap_key_tls.yml\n ^ here\n"}
We will have to use is defined condition as we talk about it.
tasks/install_configure_peertube.yml
Outdated
| loop: "{{ peertube_sql_extras }}" | ||
| notify: restart peertube daemon | ||
|
|
||
| - name: Update dependencies |
There was a problem hiding this comment.
To keep the logic of the original role we can add a when: fresh_install is changed here.
tasks/main.yml
Outdated
| update_cache: yes | ||
| pkg: nodejs | ||
| state: latest | ||
| - include_tasks: nginx.yml |
There was a problem hiding this comment.
First certbot.yml, then nginx.yml, otherwise Nginx cannot read ssl certificates generated
There was a problem hiding this comment.
It can't because the certbot task adds the location of the certificate to the nginx configuration. If we install cerbot first, it won't find the nginx config file. Here
| dest: /etc/nginx/sites-available/peertube | ||
| marker: " # {mark} let's encrypt configuration" | ||
| block: |2- | ||
| ssl_certificate /etc/letsencrypt/live/{{ peertube_tld }}/cert.pem; |
There was a problem hiding this comment.
We must to use fullchain.pem por federeation instead of cert.pem
Parameterize the code and adapt it to Buster