diff --git a/roles/omada-controller/tasks/main.yml b/roles/omada-controller/tasks/main.yml index 7c23658..9358537 100644 --- a/roles/omada-controller/tasks/main.yml +++ b/roles/omada-controller/tasks/main.yml @@ -2,83 +2,70 @@ --- # tasks file for roles/omada-controller # roles/omada-controller/tasks/main.yml + +- name: Install dependencies for Omada Controller + # Der Controller benötigt Java, jsvc (Java Service Wrapper) und curl. + ansible.builtin.apt: + name: + - "{{ omada_controller_java_package }}" + - jsvc + - gnupg # Benötigt für gpg --dearmor + - curl + - apt-transport-https + state: present + update_cache: yes + register: apt_install + retries: 3 + until: apt_install is success + +- name: Download MongoDB GPG key + ansible.builtin.get_url: + url: "https://www.mongodb.org/static/pgp/server-{{ omada_controller_mongodb_version }}.asc" + dest: "/tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc" + mode: '0644' + +- name: Dearmor MongoDB GPG key and place in /usr/share/keyrings + ansible.builtin.command: + cmd: "gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg /tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc" + creates: /usr/share/keyrings/mongodb-archive-keyring.gpg + # Hinweis: Der Pfad /usr/share/keyrings/ ist der empfohlene Ort für Schlüssel, die mit 'signed-by' verwendet werden. + +- name: Add MongoDB repository + ansible.builtin.apt_repository: + repo: "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg ] https://repo.mongodb.org/apt/debian {{ omada_controller_mongodb_repo_release }}/mongodb-org/{{ omada_controller_mongodb_version }} main" + state: present + filename: "mongodb-org-{{ omada_controller_mongodb_version }}" + update_cache: yes + # Der 'signed-by'-Parameter verweist auf den zuvor dearmored Schlüssel. + +- name: Install MongoDB server + # Der Omada Controller benötigt MongoDB >= 3.0.0. + ansible.builtin.apt: + name: mongodb-org-server + state: present + register: mongodb_install + retries: 3 + until: mongodb_install is success + - name: Check if Omada Controller package 'tpeap' is already installed (using command) - command: dpkg-query -W -f='${Status}' tpeap + ansible.builtin.command: dpkg-query -W -f='${Status}' tpeap register: omada_pkg_status # Fail silently if package is not found, and never report a change. failed_when: false changed_when: false -- name: Install Omada Controller +- name: Install Omada Controller from URL + ansible.builtin.apt: + deb: "{{ omada_controller_deb_url }}" + state: present when: "'install ok installed' not in omada_pkg_status.stdout" - block: - - name: Install dependencies for Omada Controller - # Der Controller benötigt Java, jsvc (Java Service Wrapper) und curl. - # MongoDB wird vom Controller-Paket selbst mitgebracht und muss nicht separat installiert werden. - apt: - name: - - "{{ omada_controller_java_package }}" - - jsvc - - gnupg # Benötigt für gpg --dearmor - - curl - state: present - update_cache: yes - register: apt_install - retries: 3 - until: apt_install is success - - - name: Ensure apt can use repositories over HTTPS - ansible.builtin.apt: - name: apt-transport-https - state: present - - - name: Download MongoDB GPG key - ansible.builtin.get_url: - url: "https://www.mongodb.org/static/pgp/server-{{ omada_controller_mongodb_version }}.asc" - dest: "/tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc" - mode: '0644' - - - name: Dearmor MongoDB GPG key and place in /usr/share/keyrings - ansible.builtin.command: - cmd: "gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg /tmp/mongodb-server-{{ omada_controller_mongodb_version }}.asc" - creates: /usr/share/keyrings/mongodb-archive-keyring.gpg - # Hinweis: Der Pfad /usr/share/keyrings/ ist der empfohlene Ort für Schlüssel, die mit 'signed-by' verwendet werden. - - - name: Add MongoDB repository - ansible.builtin.apt_repository: - repo: "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg ] https://repo.mongodb.org/apt/debian {{ omada_controller_mongodb_repo_release }}/mongodb-org/{{ omada_controller_mongodb_version }} main" - state: present - filename: "mongodb-org-{{ omada_controller_mongodb_version }}" - update_cache: yes - # Der 'signed-by'-Parameter verweist auf den zuvor dearmored Schlüssel. - # Dies ist die moderne und sichere Methode, GPG-Schlüssel für APT-Repositories zu handhaben. - - - name: Install MongoDB server - # Der Omada Controller benötigt MongoDB >= 3.0.0. - # Wir installieren 'mongodb-org-server' aus dem offiziellen MongoDB-Repository. - # Das Omada Controller-Paket wird diese Abhängigkeit dann finden. - ansible.builtin.apt: - name: mongodb-org-server - state: present - register: mongodb_install - retries: 3 - until: mongodb_install is success - # Hinweis: Der MongoDB-Dienst wird bei der Installation automatisch gestartet. - # Der Omada Controller verwaltet seine Interaktion mit MongoDB. - - - # Das .deb-Paket wird direkt von der URL installiert. - - name: Install Omada Controller from URL - apt: - deb: "{{ omada_controller_deb_url }}" - state: present - register: omada_install - retries: 3 - until: omada_install is success - notify: Restart Omada Controller + register: omada_install + retries: 3 + until: omada_install is success + notify: Restart Omada Controller - name: Ensure Omada Controller service (tpeap) is running and enabled on boot - service: + ansible.builtin.service: name: tpeap state: started enabled: yes