finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into non-root-containers

Browse Source
This commit is contained in:
Slavi Pantaleev 2019-01-29 18:00:11 +02:00
commit b77b967171
3 changed files with 56 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
roles/matrix-base/tasks/self_check_dns_srv.yml
View File

@ -1,26 +1,65 @@
---
# This requires the dnspython library and will fail with a friendly error when unavailable.
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }}
# This requires the dnspython library which is usually unavailable.
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using Ansible dig lookup
set_fact:
result_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
lookup_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
register: result_lookup_dig_srv
ignore_errors: true
- name: Fail if DNS SRV record missing
- name: Fail if DNS SRV check via Ansible dig lookup failed for non-dependency reason
fail:
msg: "It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing). See the 'Configuring DNS' documentation for this playbook."
when: "result_dig_srv == 'NXDOMAIN'"
msg: "DNS SRV record check via Ansible dig lookup plugin (which uses the dnspython package) failed. Error is: {{ result_lookup_dig_srv.msg }}"
when: "result_lookup_dig_srv.failed and 'dnspython' not in result_lookup_dig_srv.msg"
- name: Fail if DNS SRV record incorrect
# Fallback to using the dig CLI tool if dnspython was unavailable.
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using dig CLI tool
shell:
cmd: "dig -t srv {{ (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain)|quote }}"
register: result_cli_dig_srv
changed_when: false
ignore_errors: true
when: "lookup_dig_srv is not defined"
- name: Fail if dig CLI used and failed
fail:
msg: >
msg: >-
Failed performing DNS SRV record check.
You neither have the `dnspython` Python package, nor the `dig` program installed locally.
You need to install one of those, so we could perform a DNS SRV record check.
Full error from trying to run `dig`: {{ result_cli_dig_srv }}
when: "lookup_dig_srv is not defined and result_cli_dig_srv.stderr != ''"
- name: Fail if DNS SRV record missing (Ansible dig lookup)
fail:
msg: >-
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing).
See the 'Configuring DNS' documentation for this playbook.
when: "lookup_dig_srv is defined and lookup_dig_srv == 'NXDOMAIN'"
- name: Fail if DNS SRV record incorrect (Ansible dig lookup)
fail:
msg: >-
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
Found it pointing to `{{ result_dig_srv.target }}` (port {{ result_dig_srv.port }}).
Found it pointing to `{{ lookup_dig_srv.target }}` (port {{ lookup_dig_srv.port }}).
See the 'Configuring DNS' documentation for this playbook.
when: "result_dig_srv.target != dns_srv_record_check.expected_target or result_dig_srv.port != dns_srv_record_check.expected_port"
when: "lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)"
# We expect an answer like this:
# ;; ANSWER SECTION:
# _matrix._tcp.DOMAIN. 10800 IN SRV 10 0 8448 matrix.DOMAIN.
- name: Fail if DNS SRV record missing or incorrect (dig CLI tool)
fail:
msg: >-
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
See the 'Configuring DNS' documentation for this playbook.
Full response from the `dig` lookup was: {{ result_cli_dig_srv }}
when: "lookup_dig_srv is not defined and (dns_srv_record_check.expected_port|string + ' ' + dns_srv_record_check.expected_target) not in result_cli_dig_srv.stdout"
- name: Report correct DNS SRV record
debug:
msg: >
msg: >-
The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
points to `{{ result_dig_srv.target }}` (port {{ dns_srv_record_check.expected_port }}), as expected
points to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}), as expected.

5
roles/matrix-coturn/templates/turnserver.conf.j2
View File

@ -1,10 +1,6 @@
use-auth-secret
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
realm=turn.{{ hostname_matrix }}
cert=/matrix-config/{{ hostname_matrix }}.tls.crt
pkey=/matrix-config/{{ hostname_matrix }}.tls.key
dh-file=/matrix-config/{{ hostname_matrix }}.tls.dh
cipher-list="HIGH"
min-port={{ matrix_coturn_turn_udp_min_port }}
max-port={{ matrix_coturn_turn_udp_max_port }}
external-ip={{ matrix_coturn_turn_external_ip_address }}
@ -12,3 +8,4 @@ log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db
no-cli
prod

2
roles/matrix-mxisd/tasks/main.yml
View File

@ -17,3 +17,5 @@
delegate_to: 127.0.0.1
become: false
when: "run_self_check and matrix_mxisd_enabled"
tags:
- self-check