From 7400891e0fbb15b3114dd0bded53cdec963101a4 Mon Sep 17 00:00:00 2001 From: ZeljkoBenovic Date: Mon, 27 Feb 2023 11:59:01 +0100 Subject: [PATCH] init commit stable ast20/fpbx16 --- .ansible-lint.yaml | 17 ++ .gitignore | 1 + .pre-commit-config.yaml | 7 + README.md | 11 ++ cloudpbx-freepbx.yaml | 18 +++ roles/asterisk/tasks/main.yml | 171 +++++++++++++++++++++ roles/asterisk/templates/odbc.ini.j2 | 8 + roles/asterisk/templates/odbcinst.ini.j2 | 5 + roles/db_prep/tasks/main.yml | 92 +++++++++++ roles/freepbx/tasks/main.yml | 84 ++++++++++ roles/freepbx/templates/freepbx.service.j2 | 11 ++ roles/phpmyadmin/tasks/main.yml | 54 +++++++ roles/phpmyadmin/vars/main.yml | 5 + roles/sysprep/tasks/main.yml | 73 +++++++++ roles/sysprep/vars/main.yml | 61 ++++++++ roles/webmin/tasks/main.yml | 17 ++ 16 files changed, 635 insertions(+) create mode 100644 .ansible-lint.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 README.md create mode 100644 cloudpbx-freepbx.yaml create mode 100644 roles/asterisk/tasks/main.yml create mode 100644 roles/asterisk/templates/odbc.ini.j2 create mode 100644 roles/asterisk/templates/odbcinst.ini.j2 create mode 100644 roles/db_prep/tasks/main.yml create mode 100644 roles/freepbx/tasks/main.yml create mode 100644 roles/freepbx/templates/freepbx.service.j2 create mode 100644 roles/phpmyadmin/tasks/main.yml create mode 100644 roles/phpmyadmin/vars/main.yml create mode 100644 roles/sysprep/tasks/main.yml create mode 100644 roles/sysprep/vars/main.yml create mode 100644 roles/webmin/tasks/main.yml diff --git a/.ansible-lint.yaml b/.ansible-lint.yaml new file mode 100644 index 0000000..0aced38 --- /dev/null +++ b/.ansible-lint.yaml @@ -0,0 +1,17 @@ +--- +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .github/ +loop_var_prefix: "{role}_" +var_naming_pattern: "^[a-z_][a-z0-9_]*$" +use_default_rules: true +skip_list: + - skip_this_tag +enable_list: + - empty-string-compare # opt-in + - no-log-password # opt-in + - no-same-owner # opt-in + - yaml +warn_list: + - skip_this_tag + - experimental # experimental is included in the implicit list diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..485dee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..89006c1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,7 @@ +--- +repos: + - repo: https://github.com/ansible/ansible-lint.git + rev: v6.8.2 + hooks: + - id: ansible-lint + files: \.(yaml|yml)$ diff --git a/README.md b/README.md new file mode 100644 index 0000000..4420a65 --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# FreePBX Ansible Playbook +This playbook installs FreePBX v16 on the Ubuntu 22.04LTS minimal server. + +## Prereqisites +* Freshly installed Ubuntu 22.04LTS minimal + +## Usage +* Set your database password with `export DB_ROOT_PASS=''` +* Run the playbook. Example: `ansible-playbook -i 172.18.223.4, -u ubuntu cloudpbx-freepbx.yaml` + +After playbook completes, you server IP should have FreePBX web service running diff --git a/cloudpbx-freepbx.yaml b/cloudpbx-freepbx.yaml new file mode 100644 index 0000000..9154f87 --- /dev/null +++ b/cloudpbx-freepbx.yaml @@ -0,0 +1,18 @@ +## Deploy Cloud PBX Freepbx #### +## Updated to work on Ubuntu Server 20.04 and 22.04### +--- +- + name: Depoying CloudPBX Freepbx + hosts: all + become: true + vars: + db_root_pass: "{{ lookup('env','DB_ROOT_PASS') }}" + fpbx_ver: 16.0 + ast_ver: 20 + roles: + - sysprep + - db_prep + - asterisk + - freepbx + - phpmyadmin + - webmin diff --git a/roles/asterisk/tasks/main.yml b/roles/asterisk/tasks/main.yml new file mode 100644 index 0000000..85fab65 --- /dev/null +++ b/roles/asterisk/tasks/main.yml @@ -0,0 +1,171 @@ +--- +- name: Download Asterisk {{ ast_ver }} + ansible.builtin.get_url: + url: http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-{{ ast_ver }}-current.tar.gz + dest: /usr/src + mode: '0664' + +- name: Untar Asterisk tarball + ansible.builtin.unarchive: + src: /usr/src/asterisk-{{ ast_ver }}-current.tar.gz + dest: /usr/src + remote_src: true + +- name: Remove Asterisk tarball + ansible.builtin.file: + path: /usr/src/asterisk-{{ ast_ver }}-current.tar.gz + state: absent + +- name: Find extracted folder name for Asterisk {{ ast_ver }} + ansible.builtin.find: + paths: /usr/src + file_type: directory + recurse: false + patterns: ^asterisk.*$ + use_regex: true + register: 'ast_install_dir' + +- name: Make Libvpb1 install non-interactive + ansible.builtin.shell: + cmd: "{{ item }}" + creates: libvpb1.ok + executable: /bin/bash + with_items: + - set -o pipefail + - echo 'libvpb1 libvpb1/countrycode string 381' | sudo debconf-set-selections -v + - touch libvpb1.ok + +- name: Install Asterisk Prerequisites + ansible.builtin.shell: + cmd: "{{ item }}" + chdir: "{{ ast_install_dir.files[0].path }}/contrib/scripts" + creates: asterisk-prereq.ok + executable: /bin/bash + with_items: + - ./get_mp3_source.sh + - ./install_prereq install + - touch asterisk-prereq.ok + +- name: Run configure asterisk scripts + ansible.builtin.shell: + cmd: "{{ item }}" + chdir: "{{ ast_install_dir.files[0].path }}" + creates: ast-scripts.ok + executable: /bin/bash + with_items: + - ./configure --with-pjproject-bundled --with-jansson-bundled + - touch ast-scripts.ok + +- name: Select make options + ansible.builtin.shell: + cmd: "{{ item }}" + chdir: "{{ ast_install_dir.files[0].path }}" + creates: ast-make-menu.ok + executable: /bin/bash + with_items: + - make menuselect.makeopts + - menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts + - touch ast-make-menu.ok + +- name: Compile and Install Asterisk + ansible.builtin.shell: + cmd: "{{ item }}" + chdir: "{{ ast_install_dir.files[0].path }}" + creates: compiled-asterisk.ok + executable: /bin/bash + with_items: + - make + - contrib/scripts/get_mp3_source.sh + - make install + - make config + - ldconfig + - update-rc.d -f asterisk remove + - touch compiled-asterisk.ok + +- name: Add asterisk users + ansible.builtin.user: + name: asterisk + comment: Asterisk user + +- name: Seting folder permitions for asterisk user + ansible.builtin.file: + path: "{{ item }}" + owner: asterisk + group: asterisk + state: directory + recurse: true + with_items: + - /var/run/asterisk + - /etc/asterisk + - /var/lib/asterisk + - /var/log/asterisk + - /var/spool/asterisk + - /usr/lib/asterisk + +- name: Remove default web folder + ansible.builtin.file: + path: /var/www/html + state: absent + +- name: Find php version folder name + ansible.builtin.find: + paths: /etc/php + file_type: directory + recurse: false + patterns: ^7.*$ + use_regex: true + register: 'php_ver' + +- name: Making some Apache config changes + ansible.builtin.lineinfile: + path: "{{ item.path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - + path: "{{ php_ver.files[0].path }}/apache2/php.ini" + regexp: "upload_max_filesize =" + line: "upload_max_filesize = 20M" + - + path: "{{ php_ver.files[0].path }}/apache2/php.ini" + regexp: "memory_limit =" + line: "memory_limit = 256M" + - + path: /etc/apache2/envvars + regexp: export APACHE_RUN_USER= + line: export APACHE_RUN_USER=asterisk + - + path: /etc/apache2/envvars + regexp: export APACHE_RUN_GROUP= + line: export APACHE_RUN_GROUP=asterisk + +- name: Some more Apache changes + ansible.builtin.replace: + path: '/etc/apache2/apache2.conf' + regexp: 'AllowOverride None' + replace: 'AllowOverride All' + +- name: Enable Apache Rewrite Mod + ansible.builtin.shell: + cmd: "{{ item }}" + creates: apache-rewrite.ok + executable: /bin/bash + with_items: + - a2enmod rewrite + - touch apache-rewrite.ok + +- name: Restarting Apache Service + ansible.builtin.service: + name: apache2 + state: restarted + +- name: Seting ODBC files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: '0664' + with_items: + - src: odbc.ini.j2 + dest: /etc/odbc.ini + - src: odbcinst.ini.j2 + dest: /etc/odbcinst.ini diff --git a/roles/asterisk/templates/odbc.ini.j2 b/roles/asterisk/templates/odbc.ini.j2 new file mode 100644 index 0000000..e80886f --- /dev/null +++ b/roles/asterisk/templates/odbc.ini.j2 @@ -0,0 +1,8 @@ +[MySQL-asteriskcdrdb] +Description = MySQL connection to 'asteriskcdrdb' database +Driver = MySQL +Server = localhost +Database = asteriskcdrdb +Port = 3306 +Socket = /var/run/mysqld/mysqld.sock +Option = 3 \ No newline at end of file diff --git a/roles/asterisk/templates/odbcinst.ini.j2 b/roles/asterisk/templates/odbcinst.ini.j2 new file mode 100644 index 0000000..9c6d87f --- /dev/null +++ b/roles/asterisk/templates/odbcinst.ini.j2 @@ -0,0 +1,5 @@ +[MySQL] +Description = ODBC for MySQL (MariaDB) +Driver=/usr/lib/odbc/libmyodbc5w.so +Setup=/usr/lib/odbc/libodbcmy5S.so +FileUsage = 1 \ No newline at end of file diff --git a/roles/db_prep/tasks/main.yml b/roles/db_prep/tasks/main.yml new file mode 100644 index 0000000..49cfc82 --- /dev/null +++ b/roles/db_prep/tasks/main.yml @@ -0,0 +1,92 @@ +--- +# Setup ODBC connector +- + name: Download MariaDB Connector + ansible.builtin.get_url: + url: https://cdn.mysql.com/archives/mysql-connector-odbc-5.3/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz + dest: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz + mode: '0664' +- + name: Untar MariaDB Connector + ansible.builtin.unarchive: + src: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit.tar.gz + dest: /usr/src + remote_src: true +- + name: Copy ODBC Connector lib files + ansible.builtin.copy: + remote_src: true + src: /usr/src/mysql-connector-odbc-5.3.10-linux-ubuntu17.10-x86-64bit/lib/ + dest: /usr/lib/odbc + mode: u=rwx,g=rx,o=rx +- + name: Change DB listener from localhost to all interfaces + ansible.builtin.replace: + path: /etc/mysql/mariadb.conf.d/50-server.cnf + regexp: '127.0.0.1' + replace: '0.0.0.0' +- + name: Disable Strict Trans Tables mode + ansible.builtin.lineinfile: + path: /etc/mysql/mariadb.conf.d/50-server.cnf + insertafter: [mysqld] + line: sql_mode='' + +## START: Secure DB +- + name: Secure DB - Set root password + failed_when: > + (db_root_pass is not defined) or + (db_root_pass == "") + community.mysql.mysql_user: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: root + host: "{{ item }}" + password: "{{ db_root_pass }}" + state: present + with_items: + - 127.0.0.1 + - ::1 + - localhost +- + name: Secure DB - delete anonymous users + community.mysql.mysql_user: + login_unix_socket: /var/run/mysqld/mysqld.sock + login_user: "root" + login_password: "{{ db_root_pass }}" + name: "" + host: "{{ item }}" + state: absent + with_items: + - localhost + - "{{ ansible_nodename }}" +- + name: Secure DB - delete hostname based root + community.mysql.mysql_user: + login_unix_socket: /var/run/mysqld/mysqld.sock + login_user: "root" + login_password: "{{ db_root_pass }}" + name: root + host: "{{ ansible_nodename }}" + state: absent +- + name: Secure DB - Remove Test DB + community.mysql.mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + login_user: "root" + login_password: "{{ db_root_pass }}" + name: test + state: absent +- + name: Disable linux socket root login + community.mysql.mysql_query: + login_user: "root" + login_password: "{{ db_root_pass }}" + query: UPDATE mysql.user SET plugin = '' WHERE user = 'root' AND host = 'localhost' + ignore_errors: true +## END Secure DB + +- name: Restart mysql service + ansible.builtin.systemd: + name: mysql + state: restarted diff --git a/roles/freepbx/tasks/main.yml b/roles/freepbx/tasks/main.yml new file mode 100644 index 0000000..f7bcc64 --- /dev/null +++ b/roles/freepbx/tasks/main.yml @@ -0,0 +1,84 @@ +--- +- name: Downloading FreePBX {{ fpbx_ver }} + ansible.builtin.get_url: + url: http://mirror.freepbx.org/modules/packages/freepbx/freepbx-{{ fpbx_ver }}-latest.tgz + dest: /usr/src + mode: '0664' + +- name: Unpacking FreePBX tarball + ansible.builtin.unarchive: + src: /usr/src/freepbx-{{ fpbx_ver }}-latest.tgz + dest: /usr/src + remote_src: true + +- name: Removing FreePBX tarball + ansible.builtin.file: + path: /usr/src/freepbx-{{ fpbx_ver }}-latest.tgz + state: absent + +- name: Creating some asterisk files + ansible.builtin.file: + path: /etc/asterisk/{{ item }}.conf + state: touch + mode: '0664' + with_items: + - modules + - cdr + +- name: Starting FreePBX + ansible.builtin.shell: + cmd: "{{ item }}" + chdir: /usr/src/freepbx + creates: start-fpbx.ok + executable: /bin/bash + no_log: false + with_items: + - ./start_asterisk start + - ./install -n --dbuser root --dbpass {{ db_root_pass }} + - touch start-fpbx.ok + +- name: Install FreePBX Modules + ansible.builtin.shell: "{{ item }}" + args: + creates: fpbx-started.ok + executable: /bin/bash + with_items: + - fwconsole ma enablerepo standard + - fwconsole ma enablerepo extended + - fwconsole ma downloadinstall arimanager + - fwconsole ma downloadinstall framework + - fwconsole ma downloadinstall filestore + - fwconsole ma downloadinstall calendar + - fwconsole ma downloadinstall announcement + - fwconsole ma downloadinstall asterisk-cli + - fwconsole ma downloadinstall asteriskinfo + - fwconsole ma downloadinstall backup + - fwconsole ma downloadinstall iaxsettings + - fwconsole ma downloadinstall configedit + - fwconsole ma downloadinstall ivr + - fwconsole ma downloadinstall miscdests + - fwconsole ma downloadinstall outroutemsg + - fwconsole ma downloadinstall timeconditions + - fwconsole ma downloadinstall queues + - fwconsole ma upgradeall + - fwconsole reload + - fwconsole restart + - touch fpbx-started.ok + +- name: Create FreePBX Startup service + ansible.builtin.template: + src: freepbx.service.j2 + dest: /etc/systemd/system/freepbx.service + mode: '0664' + +- name: Enable FreePBX Service + ansible.builtin.service: + name: freepbx.service + enabled: true + +- name: Set hostname + ansible.builtin.hostname: + name: fpbx.local + +- name: Reboot host + ansible.builtin.reboot: diff --git a/roles/freepbx/templates/freepbx.service.j2 b/roles/freepbx/templates/freepbx.service.j2 new file mode 100644 index 0000000..50fa481 --- /dev/null +++ b/roles/freepbx/templates/freepbx.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Start FreePBX + +[Service] +ExecStartPre=/bin/sleep 5 +ExecStart=/usr/sbin/fwconsole start +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml new file mode 100644 index 0000000..3d36baa --- /dev/null +++ b/roles/phpmyadmin/tasks/main.yml @@ -0,0 +1,54 @@ +--- +- + name: Set some installation parameters + ansible.builtin.debconf: + name: phpmyadmin + question: "{{ item.question }}" + value: '{{ item.value }}' + vtype: "{{ item.vtype }}" + no_log: true + with_items: + - + question: phpmyadmin/dbconfig-install + value: 'true' + vtype: 'boolean' + - + question: phpmyadmin/app-password-confirm + value: '{{ db_root_pass }}' + vtype: 'password' + - + question: phpmyadmin/mysql/admin-pass + value: '{{ db_root_pass }}' + vtype: 'password' + - + question: phpmyadmin/mysql/app-pass + value: '{{ db_root_pass }}' + vtype: 'password' + - + question: phpmyadmin/reconfigure-webserver + value: 'apache2' + vtype: 'multiselect' + - + question: phpmyadmin/internal/skip-preseed + value: 'true' + vtype: 'boolean' +- + name: Installing packages + ansible.builtin.apt: + name: "{{ packages }}" + update_cache: true + state: present +- + name: Enable php mod + ansible.builtin.shell: + cmd: "{{ item }}" + creates: phpenmod.ok + executable: /bin/bash + with_items: + - phpenmod mbstring + - touch phpenmod.ok +- + name: Restart Apache + ansible.builtin.service: + name: apache2 + state: restarted diff --git a/roles/phpmyadmin/vars/main.yml b/roles/phpmyadmin/vars/main.yml new file mode 100644 index 0000000..414af55 --- /dev/null +++ b/roles/phpmyadmin/vars/main.yml @@ -0,0 +1,5 @@ +--- +packages: + - phpmyadmin + - php-mbstring + - gettext diff --git a/roles/sysprep/tasks/main.yml b/roles/sysprep/tasks/main.yml new file mode 100644 index 0000000..708ae16 --- /dev/null +++ b/roles/sysprep/tasks/main.yml @@ -0,0 +1,73 @@ +--- +- name: Initial system upgrade + ansible.builtin.apt: + upgrade: full + update_cache: true + +- name: Add NodeJS Repo + ansible.builtin.shell: | + set -o pipefail + curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash - > /tmp/node.log + args: + creates: /tmp/node.log + warn: false + executable: /bin/bash + +- name: Install php7.4 install prerequisite + ansible.builtin.apt: + name: software-properties-common + state: present + +- name: Add php7.4 repo + ansible.builtin.apt_repository: + repo: ppa:ondrej/php + +- name: Updating System + ansible.builtin.apt: + upgrade: full + update_cache: true + +- name: Installing Packages + ansible.builtin.apt: + name: "{{ packages }}" + state: present + +- name: Install Ubuntu20.04 specific package + ansible.builtin.apt: + name: python-dev + state: present + when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version == '20' + +- name: Install Ubuntu22.04 specific package + ansible.builtin.apt: + name: python3-dev + state: present + when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version == '22' + +- name: Install pymysql ansible modules + ansible.builtin.pip: + name: pymysql + state: present + +- name: Set defatult php7.4 as default + ansible.builtin.shell: update-alternatives --set php /usr/bin/php7.4 > php-default.ok + args: + creates: php-default.ok + executable: /bin/bash + +- name: Set swappiness + ansible.builtin.lineinfile: + path: /etc/sysctl.conf + line: vm.swappiness=10 + backup: true + state: present + +- name: Install Legacy Pear Requirements + ansible.builtin.shell: + cmd: pear install Console_Getopt > /tmp/pear.log + creates: /tmp/pear.log + when: fpbx_ver == '15.0' + ignore_errors: true + +- name: Reboot host + ansible.builtin.reboot: diff --git a/roles/sysprep/vars/main.yml b/roles/sysprep/vars/main.yml new file mode 100644 index 0000000..066806f --- /dev/null +++ b/roles/sysprep/vars/main.yml @@ -0,0 +1,61 @@ +--- +packages: + - build-essential + - linux-headers-{{ ansible_kernel }} + - openssh-server + - apache2 + - mariadb-server + - mariadb-client + - bison + - flex + - php7.4 + - php7.4-curl + - php7.4-cli + - php7.4-pdo + - php7.4-mysql + - php-pear + - php7.4-gd + - php7.4-mbstring + - php7.4-intl + - php7.4-xml + - curl + - cron + - sox + - libncurses5-dev + - libssl-dev + - mpg123 + - libxml2-dev + - libnewt-dev + - sqlite3 + - libsqlite3-dev + - pkg-config + - automake + - libtool + - autoconf + - git + - unixodbc-dev + - uuid + - uuid-dev + - libasound2-dev + - libogg-dev + - libvorbis-dev + - libicu-dev + - libcurl4-openssl-dev + - libical-dev + - libneon27-dev + - libsrtp2-dev + - libspandsp-dev + - libedit-dev + - sudo + - subversion + - libtool-bin + - unixodbc + - dirmngr + - sendmail-bin + - sendmail + - nodejs + - xz-utils + - python3-pip + - net-tools + ## Needed for debconf-set-selections + - debconf-utils diff --git a/roles/webmin/tasks/main.yml b/roles/webmin/tasks/main.yml new file mode 100644 index 0000000..15d1671 --- /dev/null +++ b/roles/webmin/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- + name: Add Apt Key + ansible.builtin.apt_key: + url: http://www.webmin.com/jcameron-key.asc + state: present +- + name: Add Webmin Repo + ansible.builtin.apt_repository: + repo: deb http://download.webmin.com/download/repository sarge contrib + state: present +- + name: Install webmin + ansible.builtin.apt: + name: webmin + update_cache: true + state: present