replace shell scripts by ansible playbooks/roles, provide under MIT license

0e2975fb · Peter Nerlich · 24402460 · 0e2975fb · 0e2975fb · 0e2975fb
Commit 0e2975fb authored 4 years ago by Peter Nerlich
--- a/LICENSE
+++ b/LICENSE
+MIT License
+Copyright (c) 2021 Konferenz der Informatikfachschaften
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/Vagrantfile
+++ b/Vagrantfile
+Vagrant.require_version ">= 1.8.0"
+Vagrant.configure(2) do |config|
+  config.vm.box = "generic/ubuntu2004"
+  config.vm.provision "ansible" do |ansible|
+    ansible.verbose = "v"
+    ansible.playbook = "testing.yml"
+  end
+end
--- a/hosts.yml
+++ b/hosts.yml
+all:
+  hosts:
+    kif_minetest:
--- a/install_deps.sh
+++ b/install_deps.sh
-#!/bin/bash
-apt install \
-	git \
-	g++ \
-	make \
-	libc6-dev \
-	libirrlicht-dev \
-	cmake \
-	libbz2-dev \
-	libpng-dev \
-	libjpeg-dev \
-	libxxf86vm-dev \
-	libgl1-mesa-dev \
-	libsqlite3-dev \
-	libogg-dev \
-	libvorbis-dev \
-	libopenal-dev \
-	libcurl4-gnutls-dev \
-	libfreetype6-dev \
-	zlib1g-dev \
-	libgmp-dev \
-	libjsoncpp-dev \
-	libpq-dev
--- a/kif_minetest_mapserver/.travis.yml
+++ b/kif_minetest_mapserver/.travis.yml
+---
+language: python
+python: "2.7"
+# Use the new container infrastructure
+sudo: false
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+install:
+  # Install ansible
+  - pip install ansible
+  # Check ansible version
+  - ansible --version
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
--- a/kif_minetest_mapserver/.yamllint
+++ b/kif_minetest_mapserver/.yamllint
+---
+# Based on ansible-lint config
+extends: default
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
--- a/kif_minetest_mapserver/README.md
+++ b/kif_minetest_mapserver/README.md
+KIF Minetest Mapserver
+======================
+A role for setting up the mapserver in combination with minetest for the Konferenz der Informatikfachschaften
+Requirements
+------------
+None
+Role Variables
+--------------
+* `use_production_secrets`: bool, default: `false`. Whether to use secrets for production from the vault file. Requires you to know and supply the password.
+* `mapserver_key`: string, default: `CHANGE_TO_PROPER_PASSWORD`. Secret for exchanging in-game data from the companion mod with the mapserver. Please, please always have this be something different than the default.
+* `mapserver_version`: string, default: `4.2`. Which mapserver release to use. Refers to the release tag of the official git repository.
+* `mapserver_active`: bool, default: `true`. Whether the mapserver should be running and start automatically on reboot. Useful for disabling the mapserver, which not using this role would not accomplish.
+* `mapserver_port`: number, default: `8080`. Port to open the mapserver on.
+* `mapserver_dir`: string, default: `/var/lib/minetest/minetest_mapserver`. Path of the directory where the mapserver binary should be placed.
+* `world_dir`: string, default: `/var/lib/minetest/world`. Path of the directory where to expect the world. Please refer to the official mapserver documentation on how the program interacts with the world data.
+Variables for the `kif_minetest_server` role:
+* `server_secure_http_mods`: list, default: `['mapserver']`. Please refer to the official minetest documentation.
+* `mapserver_url`: string, default: `http://127.0.0.1:{{ mapserver_port }}`. URL over which the mapserver companion mod to should exchange in-game data with the mapserver.
+* `mapserver_key`: string, default: `CHANGE_TO_PROPER_PASSWORD`. Secret for exchanging in-game data from the companion mod with the mapserver. Please, please always have this be something different than the default.
+* `use_production_secrets`: bool, default: `false`. Whether to use secrets for production from the vault file. Requires you to know and supply the password.
+* `minetest_version`: string, default: `5.3.0`. Which minetest version to use. Refers to the commit, tag or branch of the official git repository where minetest is compiled from.
+* `minetest_game_version`: string, default: `5.3.0`. Which minetest game version to use. Refers to the commit, tag or branch of the official git repository.
+* `mods_version`: string, default: `master`. Refers to the commit, tag or branch of the repository holding the mods.
+* `mods_git_repo`: string, default: `'https://gitlab.fachschaften.org/minetest/minetest_mods.git'`. URL of the repository holding the mods that should be used.
+* `update_mods_cron_job`: bool, default: `true`. Whether to create a cron job to update mods automatically each day. Refers cron to `update.sh` which must be present at the root of the mods repository.
+* `minetest_base_dir`: string, default: `/var/lib/minetest`. Path of the home directory of the minetest user, where all the minetest things should be placed.
+* `server_auth_backend`: string, default: `sqlite3`. Please refer to the minetest documentation.
+* `server_player_backend`: string, default: `postgresql`. Please refer to the minetest documentation.
+* `server_backend`: string, default: `postgresql`. Please refer to the minetest documentation.
+* `psql_host`: string, default: `127.0.0.1`. Host for connecting to PostgreSQL, if that backend is to be used.
+* `psql_user`: string, default: `minetest`. User for connecting to PostgreSQL, if that backend is to be used.
+* `psql_password`: string, default: `CHANGE_TO_PROPER_DB_PASSWORD`. Password for connecting to PostgreSQL, if that backend is to be used. Please, please always have this be something different than the default.
+* `psql_db`: string, default: `minetest-db`. Database name for connecting to PostgreSQL, if that backend is to be used.
+* `minetest_seed`: string or number, default: `3374822340961073250`. Seed when generating the minetest world.
+* `server_address`: string, default: `minetest.kif.rocks`. Address to expect the server to be accessible as.
+* `server_announce`: bool, default: `true`. Whether to announce the server status to a public server list. Please refer to the minetest documentation.
+* `server_serverlist_url`: string, default: `servers.minetest.net`. URL of the server list to announce the server status to, if enabled. Please refer to the minetest documentation.
+* `server_port`: number, default: `30000`. Port to open the minetest server on.
+* `server_default_password`: string, default: `CHANGE_TO_PROPER_PLAYER_PASSWORD`. Default password for new clients connecting to the server. Please, please always have this be something different than the default.
+* `server_default_privs`: list, default: `['interact', 'shout', 'railway_operator', 'interlocking', 'itm', 'train_operator', 'ui_full', 'travelnet_attach', 'track_builder', 'home', 'atlatc']`. Priviledges to give new players. Please refer to the official minetest documentation as well as the documentation of the mods registering the priviledges.
+* `load_mods`: list, default omitted for brevity. Mods to enable.
+* `disabled_mods`: list, default omitted for brevity. Mods to explicitly disable. Not needed for the configuration, but for idempotence as the minetest server adds the present but not enabled mods to the config on startup.
+* *for more please refer to the documentation of `kif_minetest_server`*
+Dependencies
+------------
+- `kif_minetest_server` role
+Example Playbook
+----------------
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+    - hosts: servers
+      roles:
+        - role: kif_minetest_mapserver
+          server_player_backend: sqlite3
+          server_backend: sqlite3
+          server_announce: false
+          mapserver_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation length=16') }}"
+License
+-------
+MIT
+Author Information
+------------------
+- https://minetest.kif.rocks/
+- https://gitlab.fachschaften.org/minetest/
--- a/kif_minetest_mapserver/defaults/main.yml
+++ b/kif_minetest_mapserver/defaults/main.yml
+---
+use_production_secrets: false
+mapserver_key: CHANGE_TO_PROPER_PASSWORD
+mapserver_version: 4.2
+mapserver_active: true
+mapserver_port: 8080
+mapserver_dir: /var/lib/minetest/minetest_mapserver
+world_dir: /var/lib/minetest/world
--- a/kif_minetest_mapserver/defaults/production_secrets.yml
+++ b/kif_minetest_mapserver/defaults/production_secrets.yml
+$ANSIBLE_VAULT;1.1;AES256
+33663234333164626530303833663564383362383863396339666637323231346666383032323561
+6531663037383235363539643866623035333032393662340a353735306666353838623334636162
+37636133333036376336393132613366656139393438353836633732393165316265373062353531
+6465333666353036660a366639343263396666323037363236633566633634336264663636343034
+65393666393764616165363136366166613032363332326239313630323962396562346261396164
+3431336665306130396365393266306261373963343834326130
--- a/kif_minetest_mapserver/handlers/main.yml
+++ b/kif_minetest_mapserver/handlers/main.yml
+---
+- name: Stop mapserver
+  ansible.builtin.systemd:
+    name: mapserver
+    state: stopped
+    daemon-reload: true
+  become: true
+  listen: stop mapserver
+- name: Restart mapserver
+  ansible.builtin.systemd:
+    name: mapserver
+    state: restarted
+    daemon-reload: true
+  become: true
+  listen: restart mapserver
--- a/kif_minetest_mapserver/meta/main.yml
+++ b/kif_minetest_mapserver/meta/main.yml
+galaxy_info:
+  author: Peter Nerlich
+  description: minetest mapserver as the KIF uses it
+  namespace: peter_nerlich
+  company: KIF
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: CC-BY-4.0
+  min_ansible_version: 2.1
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+  - name: Ubuntu
+    versions:
+    - "20.04"
+  galaxy_tags:
+    - kif
+    - minetest
+    - mapserver
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+dependencies:
+  - role: kif_minetest_server
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/kif_minetest_mapserver/molecule/default/INSTALL.rst
+++ b/kif_minetest_mapserver/molecule/default/INSTALL.rst
+*********************************
+Vagrant driver installation guide
+*********************************
+Requirements
+============
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+Install
+=======
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+.. code-block:: bash
+    $ pip install 'molecule_vagrant'
--- a/kif_minetest_mapserver/molecule/default/converge.yml
+++ b/kif_minetest_mapserver/molecule/default/converge.yml
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include kif_minetest_mapserver"
+      include_role:
+        name: "kif_minetest_mapserver"
+      vars:
+        server_player_backend: sqlite3
+        server_backend: sqlite3
+        server_announce: false
--- a/kif_minetest_mapserver/molecule/default/molecule.yml
+++ b/kif_minetest_mapserver/molecule/default/molecule.yml
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: libvirt
+platforms:
+  - name: instance-kif-mapserver
+    box: generic/ubuntu2004
+    cpus: 4
+    memory: 4096
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint . -x 503
--- a/kif_minetest_mapserver/molecule/default/verify.yml
+++ b/kif_minetest_mapserver/molecule/default/verify.yml
+---
+# This is an example playbook to execute Ansible tests.
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Populate service facts
+    ansible.builtin.service_facts:
+  - name: Check that the minetest service is running
+    assert:
+      that:
+        - ('minetest.service' in ansible_facts.services)
+        - ansible_facts.services['minetest.service'].state == 'running'
+  - name: Check that the mapserver service is running
+    assert:
+      that:
+        - ('mapserver.service' in ansible_facts.services)
+        - ansible_facts.services['mapserver.service'].state == 'running'
--- a/kif_minetest_mapserver/tasks/disable_mapserver.yml
+++ b/kif_minetest_mapserver/tasks/disable_mapserver.yml
+---
+- name: Disable mapserver service
+  ansible.builtin.systemd:
+    name: mapserver
+    enabled: false
+    daemon-reload: true
+  become: true
--- a/kif_minetest_mapserver/tasks/install_mapserver.yml
+++ b/kif_minetest_mapserver/tasks/install_mapserver.yml
+---
+- name: Download mapserver binary
+  get_url:
+    url: "https://github.com/minetest-mapserver/mapserver/releases/download/{{ mapserver_version }}/mapserver-linux-x86_64"
+    dest: "{{ mapserver_dir }}/mapserver-linux-x86_64"
+  become: true
+  notify:
+    - restart mapserver
+- name: Set file permissions for mapserver binary
+  file:
+    path: "{{ mapserver_dir }}/mapserver-linux-x86_64"
+    state: file
+    mode: u=rwx,g=r,o=r
+    owner: minetest
+    group: minetest
+  become: true
+  notify:
+    - restart mapserver
+- name: Create mapserver service
+  template:
+    src: mapserver.service.j2
+    dest: /etc/systemd/system/mapserver.service
+    mode: u=rw,g=r,o=r
+  become: true
+  notify:
+    - restart mapserver
+- name: Enable mapserver service
+  ansible.builtin.systemd:
+    name: mapserver
+    enabled: true
+    daemon-reload: true
+  become: true
+- name: Create mapserver config
+  template:
+    src: mapserver.json.j2
+    dest: "{{ world_dir }}/mapserver.json"
+    mode: u=rwX,g=rX,o=rX
+    owner: minetest
+    group: minetest
+  become: true
+  notify:
+    - restart mapserver
--- a/kif_minetest_mapserver/tasks/main.yml
+++ b/kif_minetest_mapserver/tasks/main.yml
+---
+- name: Use production secrets
+  include_vars: "defaults/production_secrets.yml"
+  when: use_production_secrets
+- name: Enforce proper passwords
+  assert:
+    that: not (item.pw | b64decode).startswith('CHANGE_TO_PROPER_')
+    fail_msg: "{{ item.name }} is not set to a proper password!"
+    quiet: true
+  with_items:
+    - name: mapserver_key
+      pw: "{{ mapserver_key | b64encode }}"
+  ignore_errors: True
+- name: Prepare system for installation
+  include_tasks: server_prepare.yml
+  tags: prepare
+- name: Install mapserver
+  include_tasks: install_mapserver.yml
+  tags: mapserver
+  when: mapserver_active
+- name: Wait for world db to exist...
+  wait_for:
+    path: "{{ world_dir }}/map.sqlite"
+  when: server_backend == "sqlite3"
+- name: Run handlers
+  meta: flush_handlers
+- name: Start mapserver
+  ansible.builtin.systemd:
+    name: mapserver
+    state: started
+  become: true
+  tags: mapserver
+  when: mapserver_active
+- name: Disable mapserver
+  include_tasks: disable_mapserver.yml
+  tags: mapserver
+  when: not mapserver_active
--- a/kif_minetest_mapserver/tasks/server_prepare.yml
+++ b/kif_minetest_mapserver/tasks/server_prepare.yml
+---
+- name: Create group 'minetest'
+  group:
+    name: minetest
+  become: true
+- name: Create user 'minetest'
+  user:
+    name: minetest
+    group: minetest
+    home: "{{ minetest_base_dir }}"
+  become: true
+- name: Assign directories to minetest group and owner
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: u=rwX,g=rX,o=rX
+    owner: minetest
+    group: minetest
+  with_items:
+    - "{{ mapserver_dir }}"
+    - "{{ world_dir }}"
+  become: true
--- a/kif_minetest_mapserver/templates/mapserver.json.j2
+++ b/kif_minetest_mapserver/templates/mapserver.json.j2
+{
+	"configversion": 1,
+	"port": {{ mapserver_port }},
+	"enableprometheus": true,
+	"enablerendering": true,
+	"enablesearch": true,
+	"enableinitialrendering": true,
+	"enabletransparency": false,
+	"enablemediarepository": false,
+	"webdev": false,
+	"webapi": {
+		"enablemapblock": false,
+		"secretkey": "{{ mapserver_key }}"
+	},
+	"layers": [
+		{
+			"id": 0,
+			"name": "Oberfläche",
+			"from": -1,
+			"to": 9
+		},
+		{
+			"id": 1,
+			"name": "-700 (Tiefe Freefalltower)",
+			"from": -50,
+			"to": -40
+		},
+		{
+			"id": 2,
+			"name": "Gebirge",
+			"from": 7,
+			"to": 18
+		}
+	],
+	"renderingfetchlimit": 10000,
+	"renderingjobs": 2,
+	"renderingqueue": 100,
+	"incrementalrenderingtimer": "5s",
+	"mapobjects": {
+		"areas": true,
+		"bones": true,
+		"protector": true,
+		"xpprotector": false,
+		"privprotector": false,
+		"technic_quarry": false,
+		"technic_switch": false,
+		"technic_anchor": false,
+		"technic_reactor": false,
+		"luacontroller": true,
+		"digiterms": true,
+		"digilines": true,
+		"travelnet": true,
+		"mapserver_player": true,
+		"mapserver_poi": true,
+		"mapserver_label": true,
+		"mapserver_trainline": true,
+		"mapserver_border": true,
+		"tileserverlegacy": true,
+		"mission": false,
+		"jumpdrive": false,
+		"smartshop": false,
+		"fancyvend": false,
+		"atm": false,
+		"train": true,
+		"trainsignal": true,
+		"minecart": false,
+		"locator": false
+	},
+	"mapblockaccessor": {
+		"expiretime": "15s",
+		"purgetime": "30s",
+		"maxitems": 500
+	},
+	"defaultoverlays": [
+		"mapserver_poi",
+		"mapserver_label",
+		"mapserver_player",
+		"mapserver_trainline",
+		"train"
+	]
+}
\ No newline at end of file