init commit stable ast20/fpbx16

.ansible-lint.yaml

@@ -0,0 +1,17 @@
+---
+exclude_paths:
+  - .cache/ # implicit unless exclude_paths is defined in config
+  - .github/
+loop_var_prefix: "{role}_"
+var_naming_pattern: "^[a-z_][a-z0-9_]*$"
+use_default_rules: true
+skip_list:
+  - skip_this_tag
+enable_list:
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  - yaml
+warn_list:
+  - skip_this_tag
+  - experimental # experimental is included in the implicit list

.gitignore

@@ -0,0 +1 @@
+.idea

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+---
+repos:
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v6.8.2
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$

README.md

@@ -0,0 +1,11 @@
+# FreePBX Ansible Playbook 
+This playbook installs FreePBX v16 on the Ubuntu 22.04LTS minimal server.
+
+## Prereqisites 
+* Freshly installed Ubuntu 22.04LTS minimal
+
+## Usage
+* Set your database password with `export DB_ROOT_PASS='<your_password>'`
+* Run the playbook. Example: `ansible-playbook -i 172.18.223.4, -u ubuntu cloudpbx-freepbx.yaml`
+
+After playbook completes, you server IP should have FreePBX web service running

cloudpbx-freepbx.yaml

@@ -0,0 +1,18 @@
+## Deploy Cloud PBX Freepbx ####
+## Updated to work on Ubuntu Server 20.04 and 22.04###
+---
+-
+  name: Depoying CloudPBX Freepbx
+  hosts: all
+  become: true
+  vars:
+    db_root_pass: "{{ lookup('env','DB_ROOT_PASS') }}"
+    fpbx_ver: 16.0
+    ast_ver: 20
+  roles:
+    - sysprep
+    - db_prep
+    - asterisk
+    - freepbx
+    - phpmyadmin
+    - webmin

roles/asterisk/tasks/main.yml

@@ -0,0 +1,171 @@
+---
+- name: Download Asterisk {{ ast_ver }}
+  ansible.builtin.get_url:
+    url: http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-{{ ast_ver }}-current.tar.gz
+    dest: /usr/src
+    mode: '0664'
+
+- name: Untar Asterisk tarball
+  ansible.builtin.unarchive:
+    src: /usr/src/asterisk-{{ ast_ver }}-current.tar.gz
+    dest: /usr/src
+    remote_src: true
+
+- name: Remove Asterisk tarball
+  ansible.builtin.file:
+    path: /usr/src/asterisk-{{ ast_ver }}-current.tar.gz
+    state: absent
+
+- name: Find extracted folder name for Asterisk {{ ast_ver }}
+  ansible.builtin.find:
+    paths: /usr/src
+    file_type: directory
+    recurse: false
+    patterns: ^asterisk.*$
+    use_regex: true
+  register: 'ast_install_dir'
+
+- name: Make Libvpb1 install non-interactive
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    creates: libvpb1.ok
+    executable: /bin/bash
+  with_items:
+    - set -o pipefail
+    - echo 'libvpb1 libvpb1/countrycode string 381' | sudo debconf-set-selections -v
+    - touch libvpb1.ok
+
+- name: Install Asterisk Prerequisites
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    chdir: "{{ ast_install_dir.files[0].path }}/contrib/scripts"
+    creates: asterisk-prereq.ok
+    executable: /bin/bash
+  with_items:
+    - ./get_mp3_source.sh
+    - ./install_prereq install
+    - touch asterisk-prereq.ok
+
+- name: Run configure asterisk scripts
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    chdir: "{{ ast_install_dir.files[0].path }}"
+    creates: ast-scripts.ok
+    executable: /bin/bash
+  with_items:
+    - ./configure --with-pjproject-bundled --with-jansson-bundled
+    - touch ast-scripts.ok
+
+- name: Select make options
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    chdir: "{{ ast_install_dir.files[0].path }}"
+    creates: ast-make-menu.ok
+    executable: /bin/bash
+  with_items:
+    - make menuselect.makeopts
+    - menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts
+    - touch ast-make-menu.ok
+
+- name: Compile and Install Asterisk
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    chdir: "{{ ast_install_dir.files[0].path }}"
+    creates: compiled-asterisk.ok
+    executable: /bin/bash
+  with_items:
+    - make
+    - contrib/scripts/get_mp3_source.sh
+    - make install
+    - make config
+    - ldconfig
+    - update-rc.d -f asterisk remove
+    - touch compiled-asterisk.ok
+
+- name: Add asterisk users
+  ansible.builtin.user:
+    name: asterisk
+    comment: Asterisk user
+
+- name: Seting folder permitions for asterisk user
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: asterisk
+    group: asterisk
+    state: directory
+    recurse: true
+  with_items:
+    - /var/run/asterisk
+    - /etc/asterisk
+    - /var/lib/asterisk
+    - /var/log/asterisk
+    - /var/spool/asterisk
+    - /usr/lib/asterisk
+
+- name: Remove default web folder
+  ansible.builtin.file:
+    path: /var/www/html
+    state: absent
+
+- name: Find php version folder name
+  ansible.builtin.find:
+    paths: /etc/php
+    file_type: directory
+    recurse: false
+    patterns: ^7.*$
+    use_regex: true
+  register: 'php_ver'
+
+- name: Making some Apache config changes
+  ansible.builtin.lineinfile:
+    path: "{{ item.path }}"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    -
+      path: "{{ php_ver.files[0].path }}/apache2/php.ini"
+      regexp: "upload_max_filesize ="
+      line: "upload_max_filesize = 20M"
+    -
+      path: "{{ php_ver.files[0].path }}/apache2/php.ini"
+      regexp: "memory_limit ="
+      line: "memory_limit = 256M"
+    -
+      path: /etc/apache2/envvars
+      regexp: export APACHE_RUN_USER=
+      line: export APACHE_RUN_USER=asterisk
+    -
+      path: /etc/apache2/envvars
+      regexp: export APACHE_RUN_GROUP=
+      line: export APACHE_RUN_GROUP=asterisk
+
+- name: Some more Apache changes
+  ansible.builtin.replace:
+    path: '/etc/apache2/apache2.conf'
+    regexp: 'AllowOverride None'
+    replace: 'AllowOverride All'
+
+- name: Enable Apache Rewrite Mod
+  ansible.builtin.shell:
+    cmd: "{{ item }}"
+    creates: apache-rewrite.ok
+    executable: /bin/bash
+  with_items:
+    - a2enmod rewrite
+    - touch apache-rewrite.ok
+
+- name: Restarting Apache Service
+  ansible.builtin.service:
+    name: apache2
+    state: restarted
+
+- name: Seting ODBC files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: '0664'
+  with_items:
+    - src: odbc.ini.j2
+      dest: /etc/odbc.ini
+    - src: odbcinst.ini.j2
+      dest: /etc/odbcinst.ini

roles/asterisk/templates/odbc.ini.j2

@@ -0,0 +1,8 @@
+[MySQL-asteriskcdrdb]
+Description = MySQL connection to 'asteriskcdrdb' database
+Driver = MySQL
+Server = localhost
+Database = asteriskcdrdb
+Port = 3306
+Socket = /var/run/mysqld/mysqld.sock
+Option = 3

roles/asterisk/templates/odbcinst.ini.j2

@@ -0,0 +1,5 @@
+[MySQL]
+Description = ODBC for MySQL (MariaDB)
+Driver=/usr/lib/odbc/libmyodbc5w.so
+Setup=/usr/lib/odbc/libodbcmy5S.so
+FileUsage = 1

roles/db_prep/tasks/main.yml

@@ -0,0 +1,92 @@
+---
+# Setup ODBC connector
+-
+  name: Download MariaDB Connector
+  ansible.builtin.get_url:
+    url: https://cdn.mysql.com/archives/mysql-connector-odbc-5.3/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz
+    dest: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz
+    mode: '0664'
+-
+  name: Untar MariaDB Connector
+  ansible.builtin.unarchive:
+    src: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz
+    dest: /usr/src
+    remote_src: true
+-
+  name: Copy ODBC Connector lib files
+  ansible.builtin.copy:
+    remote_src: true
+    src: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit/lib/
+    dest: /usr/lib/odbc
+    mode: u=rwx,g=rx,o=rx
+-
+  name: Change DB listener from localhost to all interfaces
+  ansible.builtin.replace:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regexp: '127.0.0.1'
+    replace: '0.0.0.0'
+-
+  name: Disable Strict Trans Tables mode
+  ansible.builtin.lineinfile:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    insertafter: [mysqld]
+    line: sql_mode=''
+
+## START: Secure DB
+-
+  name: Secure DB - Set root password
+  failed_when: >
+    (db_root_pass is not defined) or
+    (db_root_pass == "")
+  community.mysql.mysql_user:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: root
+    host: "{{ item }}"
+    password: "{{ db_root_pass }}"
+    state: present
+  with_items:
+    - 127.0.0.1
+    - ::1
+    - localhost
+-
+  name: Secure DB - delete anonymous users
+  community.mysql.mysql_user:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    login_user: "root"
+    login_password: "{{ db_root_pass }}"
+    name: ""
+    host: "{{ item }}"
+    state: absent
+  with_items:
+    - localhost
+    - "{{ ansible_nodename }}"
+-
+  name: Secure DB - delete hostname based root
+  community.mysql.mysql_user:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    login_user: "root"
+    login_password: "{{ db_root_pass }}"
+    name: root
+    host: "{{ ansible_nodename }}"
+    state: absent
+-
+  name: Secure DB - Remove Test DB
+  community.mysql.mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    login_user: "root"
+    login_password: "{{ db_root_pass }}"
+    name: test
+    state: absent
+-
+  name: Disable linux socket root login
+  community.mysql.mysql_query:
+    login_user: "root"
+    login_password: "{{ db_root_pass }}"
+    query: UPDATE mysql.user SET plugin = '' WHERE user = 'root' AND host = 'localhost'
+  ignore_errors: true
+## END Secure DB
+
+- name: Restart mysql service
+  ansible.builtin.systemd:
+    name: mysql
+    state: restarted