From 0794e6f620398b91a8368bec6e961285461f5d0e Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Mon, 28 Jan 2019 14:29:01 +0100 Subject: [PATCH] redmine: refactoring of redmine role with use of rbenv --- CHANGELOG.md | 1 + redmine/defaults/main.yml | 1 + redmine/files/Gemfile.local | 2 - redmine/files/logrotate | 8 + redmine/files/profile | 3 +- redmine/files/puma.service | 2 +- redmine/files/syslog.conf | 4 + redmine/handlers/main.yml | 10 + redmine/meta/main.yml | 3 + redmine/tasks/config.yml | 59 ++++ redmine/tasks/main.yml | 330 +----------------- redmine/tasks/mysql.yml | 62 ++++ redmine/tasks/nginx.yml | 26 ++ redmine/tasks/packages.yml | 21 ++ redmine/tasks/plugins.yml | 28 -- redmine/tasks/release.yml | 123 +++++++ redmine/tasks/source.yml | 98 ++++++ redmine/tasks/syslog.yml | 27 ++ redmine/tasks/themes.yml | 26 -- redmine/tasks/user.yml | 44 +++ redmine/templates/Gemfile.local.j2 | 5 + .../templates/additional_environment.rb.j2 | 15 +- redmine/templates/nginx.conf.j2 | 44 +++ 23 files changed, 563 insertions(+), 379 deletions(-) delete mode 100644 redmine/files/Gemfile.local create mode 100644 redmine/files/logrotate create mode 100644 redmine/files/syslog.conf create mode 100644 redmine/handlers/main.yml create mode 100644 redmine/meta/main.yml create mode 100644 redmine/tasks/config.yml create mode 100644 redmine/tasks/mysql.yml create mode 100644 redmine/tasks/nginx.yml create mode 100644 redmine/tasks/packages.yml delete mode 100644 redmine/tasks/plugins.yml create mode 100644 redmine/tasks/release.yml create mode 100644 redmine/tasks/source.yml create mode 100644 redmine/tasks/syslog.yml delete mode 100644 redmine/tasks/themes.yml create mode 100644 redmine/tasks/user.yml create mode 100644 redmine/templates/Gemfile.local.j2 create mode 100644 redmine/templates/nginx.conf.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index dc8d7877..8551fc81 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release. * redis: add variable for configure unixsocketperm ### Changed +* redmine: refactoring of redmine role with use of rbenv ### Fixed * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config diff --git a/redmine/defaults/main.yml b/redmine/defaults/main.yml index 049e6551..1a260ecc 100644 --- a/redmine/defaults/main.yml +++ b/redmine/defaults/main.yml @@ -3,6 +3,7 @@ puma_env: 'production' puma_worker: 2 puma_min_thread: 0 puma_max_thread: 4 +redmine_version: "4.0.1" redmine_db_name: "{{ redmine_user }}" redmine_db_host: "localhost" redmine_db_username: "{{ redmine_user }}" diff --git a/redmine/files/Gemfile.local b/redmine/files/Gemfile.local deleted file mode 100644 index b0aa3f4d..00000000 --- a/redmine/files/Gemfile.local +++ /dev/null @@ -1,2 +0,0 @@ -gem "puma" -gem "xpath", "< 3.0.0" diff --git a/redmine/files/logrotate b/redmine/files/logrotate new file mode 100644 index 00000000..55d19257 --- /dev/null +++ b/redmine/files/logrotate @@ -0,0 +1,8 @@ +/var/log/redmine/*.log { + daily + rotate 7 + missingok + notifempty + compress + create 640 root adm +} diff --git a/redmine/files/profile b/redmine/files/profile index 57d0668e..ddfcc44f 100644 --- a/redmine/files/profile +++ b/redmine/files/profile @@ -12,7 +12,7 @@ fi # set PATH so it includes gems bin if [ -d "$HOME/bin" ] ; then - export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH" + export PATH="$HOME/www/.gem/ruby/2.3.0/bin:$PATH" fi # For systemctl --user @@ -20,4 +20,3 @@ export XDG_RUNTIME_DIR=/run/user/$UID # Ruby vars export RAILS_ENV=production -export BUNDLE_GEMFILE="$HOME/www/Gemfile" diff --git a/redmine/files/puma.service b/redmine/files/puma.service index 6e993607..f64f2580 100644 --- a/redmine/files/puma.service +++ b/redmine/files/puma.service @@ -7,7 +7,7 @@ WorkingDirectory=%h/www UMask=0027 PIDFile=%h/ruby.pid ExecStartPre=/bin/mkdir -m 0750 -p %h/run -ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb +ExecStart=%h/.rbenv/bin/rbenv exec bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config %h/config/puma.rb ExecReload=/bin/kill -USR2 $MAINPID KillMode=process #Restart=on-failure diff --git a/redmine/files/syslog.conf b/redmine/files/syslog.conf new file mode 100644 index 00000000..0c31a3bf --- /dev/null +++ b/redmine/files/syslog.conf @@ -0,0 +1,4 @@ +# Send Redmine messages to a dedicated logdir +$template Redmine, "/var/log/redmine/%PROGRAMNAME:%.log" +if $programname startswith 'redmine_' then ?Redmine +&~ diff --git a/redmine/handlers/main.yml b/redmine/handlers/main.yml new file mode 100644 index 00000000..3759afc4 --- /dev/null +++ b/redmine/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart rsyslog + service: + name: rsyslog + state: restarted + +- name: reload nginc + service: + name: nginx + state: reloaded diff --git a/redmine/meta/main.yml b/redmine/meta/main.yml new file mode 100644 index 00000000..72b1bd7b --- /dev/null +++ b/redmine/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - nginx diff --git a/redmine/tasks/config.yml b/redmine/tasks/config.yml new file mode 100644 index 00000000..a08ba1c6 --- /dev/null +++ b/redmine/tasks/config.yml @@ -0,0 +1,59 @@ +--- +- name: Create systemd config dir + file: + state: directory + dest: "/home/{{ redmine_user }}/{{ item }}" + mode: "0750" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + with_items: + - ".config" + - ".config/systemd" + - ".config/systemd/user" + tags: + - redmine + +- name: Deploy systemd unit + copy: + src: puma.service + dest: "/home/{{ redmine_user }}/.config/systemd/user/puma.service" + mode: "0644" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Set user .profile + copy: + src: profile + dest: "/home/{{ redmine_user }}/.profile" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + tags: + - redmine + +- name: Create config directory + file: + path: "/home/{{ redmine_user }}/config" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + tags: + - redmine + +- name: Copy configurations file + template: + src: "{{ item }}.j2" + dest: "/home/{{ redmine_user }}/config/{{ item }}" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + with_items: + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' + - 'puma.rb' + tags: + - redmine diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index d5a93a36..2b7fd225 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -1,319 +1,13 @@ --- -- name: Install dependancy - apt: - name: "{{ item }}" - state: present - with_items: - - libpam-systemd - - ruby - - ruby-dev - - bundler - - imagemagick - - git-core - - git-svn - - gcc - - build-essential - - libxml2-dev - - libxslt1-dev - - libssl-dev - - libmagickwand-dev - - libmagickcore-dev - - libmysqlclient-dev - - python-mysqldb - tags: - - redmine - -#- name: -# lineinfile: -# with_items: -# - 'https://github.com/.*' -# - 'http://rubygems.org/.*' -# - 'http://.*.rubygems.org/.*' -# tags: -# - redmine - -- name: Deploy systemd unit - copy: - src: puma.service - dest: /etc/systemd/user/puma.service - mode: "0644" - tags: - - redmine - -- name: Create puma config dir - file: - path: /etc/puma - state: directory - mode: "0755" - owner: root - tags: - - redmine - -- name: Create redmine group - group: - name: "{{ redmine_user }}" - state: present - tags: - - redmine - -- name: Add www-data to redmine group - user: - name: www-data - groups: "{{ redmine_user }}" - append: yes - tags: - - redmine - -- name: Create redmine user - user: - name: "{{ redmine_user }}" - state: present - group: "{{ redmine_user }}" - createhome: yes - home: "/home/{{ redmine_user }}" - shell: /bin/bash - tags: - - redmine - -- name: Create required directory - file: - path: "{{ item }}" - state: directory - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - with_items: - - "/home/{{ redmine_user }}" - - "/home/{{ redmine_user }}/files" - - "/home/{{ redmine_user }}/log" - tags: - - redmine - -- name: Touch Nginx logs file - file: - path: "/home/{{ redmine_user }}/log/{{ item }}" - state: touch - owner: "root" - group: "{{ redmine_user }}" - mode: "0640" - changed_when: false - with_items: - - nginx_access.log - - nginx_error.log - tags: - - redmine - -- name: Enable systemd user mode - command: "loginctl enable-linger {{ redmine_user }}" - changed_when: false - -- name: Set user .profile - copy: - src: profile - dest: "/home/{{ redmine_user }}/.profile" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - tags: - - redmine - -- name: Update or clone Redmine git - git: - repo: 'https://github.com/redmine/redmine.git' - dest: "/home/{{ redmine_user }}/www" - version: '3.4-stable' - umask: "027" - update: yes - become_user: "{{ redmine_user }}" - become: yes - register: redmine_git_task - tags: - - redmine - -- name: Deploy custom Gemfile - copy: - src: Gemfile.local - dest: "/home/{{ redmine_user }}/www" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - register: redmine_local_gemfile_task - tags: - - redmine - -- name: Get actual Mysql password - shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" - register: redmine_get_mysql_password - check_mode: no - changed_when: False - failed_when: false - tags: - - redmine - -- name: Generate Mysql password - shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' - register: redmine_generate_mysql_password - check_mode: no - changed_when: False - when: redmine_get_mysql_password.stdout == "" - tags: - - redmine - -- name: Set Mysql password - set_fact: - redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" - tags: - - redmine - -- name: Create Mysql database - mysql_db: - name: "{{ redmine_db_name }}" - config_file: "/root/.my.cnf" - state: present - tags: - - redmine - -- name: Create Mysql user - mysql_user: - name: "{{ redmine_db_username }}" - password: '{{ redmine_db_pass }}' - priv: "{{ redmine_user }}.*:ALL" - config_file: "/root/.my.cnf" - update_password: always - state: present - tags: - - redmine - -- name: Store credentials in my.cnf - ini_file: - dest: "/home/{{ redmine_user }}/.my.cnf" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0600" - section: client - option: '{{ item.option }}' - value: '{{ item.value }}' - with_items: - - { option: 'host', value: "{{ redmine_db_host }}" } - - { option: 'user', value: "{{ redmine_db_username }}" } - - { option: 'database', value: "{{ redmine_db_name }}" } - - { option: 'password', value: '{{ redmine_db_pass }}' } - tags: - - redmine - -- name: Copy configurations file - template: - src: "{{ item }}.j2" - dest: "/home/{{ redmine_user }}/www/config/{{ item }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - with_items: - - 'configuration.yml' - - 'database.yml' - - 'additional_environment.rb' - tags: - - redmine - -- name: Install Redmine plugins - include: plugins.yml - with_items: "{{ redmine_plugins }}" - tags: - - redmine - -- name: Install Redmine themes - include: themes.yml - with_items: "{{ redmine_themes }}" - tags: - - redmine - -- name: Update local gems with bundle - bundler: - state: present - gemfile: "/home/{{ redmine_user }}/www/Gemfile" - gem_path: "/home/{{ redmine_user }}/.gems" - user_install: yes - become_user: "{{ redmine_user }}" - become: yes - when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed - tags: - - redmine - -- name: Migrate database with rake - shell: bundle exec rake -qf ~/www/Rakefile db:migrate - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_git_task.changed - tags: - - redmine - -- name: Populate Mysql database - shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated - args: - creates: "/home/{{ redmine_user }}/.populated" - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Migrate plugins - shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_plugin_install.changed - tags: - - redmine - -- name: Generate secret token - shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token - args: - creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Copy puma config - template: - src: puma.rb.j2 - dest: "/etc/puma/{{ redmine_user }}.rb" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - register: redmine_puma_config_task - tags: - - redmine - -- name: Start puma service - systemd: - name: puma - daemon_reload: yes - enabled: yes - state: started - user: yes - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Reload puma service - systemd: - name: puma - daemon_reload: yes - state: reloaded - user: yes - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_puma_config_task.changed +- include: packages.yml +- include: syslog.yml +- include: user.yml +- include_role: + name: rbenv + vars: + - username: "{{ redmine_user }}" +- include: config.yml +- include: mysql.yml +- include: source.yml +- include: release.yml +- include: nginx.yml diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml new file mode 100644 index 00000000..414da319 --- /dev/null +++ b/redmine/tasks/mysql.yml @@ -0,0 +1,62 @@ +--- +- name: Get actual Mysql password + shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" + register: redmine_get_mysql_password + check_mode: no + changed_when: False + failed_when: false + tags: + - redmine + +- name: Generate Mysql password + shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' + register: redmine_generate_mysql_password + check_mode: no + changed_when: False + when: redmine_get_mysql_password.stdout == "" + tags: + - redmine + +- name: Set Mysql password + set_fact: + redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" + tags: + - redmine + +- name: Create Mysql database + mysql_db: + name: "{{ redmine_db_name }}" + config_file: "/root/.my.cnf" + state: present + collation: "utf8_general_ci" + register: redmine_mysql_create + tags: + - redmine + +- name: Store credentials in my.cnf + ini_file: + dest: "/home/{{ redmine_user }}/.my.cnf" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + with_items: + - { option: 'host', value: "{{ redmine_db_host }}" } + - { option: 'user', value: "{{ redmine_db_username }}" } + - { option: 'database', value: "{{ redmine_db_name }}" } + - { option: 'password', value: '{{ redmine_db_pass }}' } + tags: + - redmine + +- name: Create Mysql user + mysql_user: + name: "{{ redmine_db_username }}" + password: '{{ redmine_db_pass }}' + priv: "{{ redmine_user }}.*:ALL" + config_file: "/root/.my.cnf" + update_password: always + state: present + tags: + - redmine diff --git a/redmine/tasks/nginx.yml b/redmine/tasks/nginx.yml new file mode 100644 index 00000000..3940de17 --- /dev/null +++ b/redmine/tasks/nginx.yml @@ -0,0 +1,26 @@ +--- +- name: Add www-data to Redmine group + user: + name: www-data + groups: "{{ redmine_user }}" + append: True + tags: + - redmine + +- name: Copy nginx vhost + template: + src: nginx.conf.j2 + dest: "/etc/nginx/sites-available/{{ redmine_user }}.conf" + mode: "0644" + notify: reload nginx + tags: + - redmine + +- name: Enable nginx vhost + file: + src: "/etc/nginx/sites-available/{{ redmine_user }}.conf" + dest: "/etc/nginx/sites-enabled/{{ redmine_user }}.conf" + state: link + notify: reload nginx + tags: + - redmine diff --git a/redmine/tasks/packages.yml b/redmine/tasks/packages.yml new file mode 100644 index 00000000..2ac00fe9 --- /dev/null +++ b/redmine/tasks/packages.yml @@ -0,0 +1,21 @@ +--- +- name: Install dependancy + apt: + name: "{{ item }}" + state: present + with_items: + - libpam-systemd + - imagemagick + - git-core + - git-svn + - gcc + - build-essential + - libxml2-dev + - libxslt1-dev + - libssl-dev + - libmagickwand-dev + - libmagickcore-dev + - libmariadbclient-dev + - python-mysqldb + tags: + - redmine diff --git a/redmine/tasks/plugins.yml b/redmine/tasks/plugins.yml deleted file mode 100644 index 479ffeaf..00000000 --- a/redmine/tasks/plugins.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Copy/Update plugin from archive - unarchive: - src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/plugins/" - remote_src: yes - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - register: redmine_plugin_install - when: item.zip is defined - -- name: Copy/Update plugin from git repository - git: - repo: "{{ item.git }}" - dest: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" - version: "{{ item.tree | default('master') }}" - register: redmine_plugin_install - when: item.git is defined - -- name: Fix rights on plugin dir - file: - path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "u=rwX,g=rX,o=" - recurse: True - when: item.git is defined diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml new file mode 100644 index 00000000..730b0877 --- /dev/null +++ b/redmine/tasks/release.yml @@ -0,0 +1,123 @@ +--- +- name: Get id of user + command: "id -u {{ redmine_user }}" + register: redmine_command_user_id + changed_when: False + check_mode: False + tags: + - redmine + +- name: Define user environment + set_fact: + user_env: + XDG_RUNTIME_DIR: "/run/user/{{ redmine_command_user_id.stdout }}" + RAILS_ENV: production + tags: + - redmine + +- name: Stop puma service + systemd: + name: puma + daemon_reload: yes + state: stopped + user: yes + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Create mysqldump directory + file: + path: "/home/{{ redmine_user }}/mysqldump" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + tags: + - redmine + +- name: Dump mysql database + mysql_db: + state: dump + config_file: "/home/{{ redmine_user }}/.my.cnf" + name: "{{ redmine_db_name }}" + target: "/home/{{ redmine_user }}/mysqldump/{{ ansible_date_time.iso8601_basic_short }}.sql.gz" + tags: + - redmine + +- name: Change www link + file: + state: link + src: "/home/{{ redmine_user }}/releases/{{ redmine_version }}" + dest: "/home/{{ redmine_user }}/www" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Update Gemfile.lock + command: "~/.rbenv/bin/rbenv exec bundle lock" + args: + chdir: "/home/{{ redmine_user }}/www" + become_user: "{{ redmine_user }}" + become: yes + tags: + - redmine + +- name: Update local gems with bundle + command: "~/.rbenv/bin/rbenv exec bundle install --deployment" + args: + chdir: "/home/{{ redmine_user }}/www" + become_user: "{{ redmine_user }}" + become: yes + tags: + - redmine + +- name: Generate secret token + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token" + args: + chdir: "/home/{{ redmine_user }}/www" + creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Migrate database with rake + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Populate Mysql database + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + when: redmine_mysql_create.changed + tags: + - redmine + +- name: Migrate plugins + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Start puma service + systemd: + name: puma + daemon_reload: yes + state: started + user: yes + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine diff --git a/redmine/tasks/source.yml b/redmine/tasks/source.yml new file mode 100644 index 00000000..51427acf --- /dev/null +++ b/redmine/tasks/source.yml @@ -0,0 +1,98 @@ +--- +- name: Create releases directory + file: + path: "/home/{{ redmine_user }}/{{ item }}" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + with_items: + - "releases" + - "releases/{{ redmine_version }}" + tags: + - redmine + +- name: Download Redmine archive + unarchive: + src: "https://redmine.org/releases/redmine-{{ redmine_version }}.tar.gz" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}" + remote_src: True + extra_opts: --strip-components=1 + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Link config files + file: + state: link + src: "/home/{{ redmine_user }}/config/{{ item }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + with_items: + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' + tags: + - redmine + +- name: Copy/Update plugin from archive + unarchive: + src: "{{ item.zip }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/" + remote_src: yes + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + when: item.zip is defined + with_items: "{{ redmine_plugins }}" + tags: + - redmine + +- name: Copy/Update plugin from git repository + git: + repo: "{{ item.git }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/{{ item.git | basename | splitext | first }}" + version: "{{ item.tree | default('master') }}" + umask: "027" + become_user: "{{ redmine_user }}" + when: item.git is defined + with_items: "{{ redmine_plugins }}" + tags: + - redmine + +- name: Copy/Update theme from archive + unarchive: + src: "{{ item.zip }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes" + remote_src: yes + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + when: item.zip is defined + with_items: "{{ redmine_themes }}" + tags: + - redmine + +- name: Copy/Update theme from git repository + git: + repo: "{{ item.git }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes/{{ item.git | basename | splitext | first }}" + version: "{{ item.tree | default('master') }}" + umask: "027" + become_user: "{{ redmine_user }}" + when: item.git is defined + with_items: "{{ redmine_themes }}" + tags: + - redmine + +- name: Deploy custom Gemfile + template: + src: Gemfile.local.j2 + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/Gemfile.local" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + tags: + - redmine diff --git a/redmine/tasks/syslog.yml b/redmine/tasks/syslog.yml new file mode 100644 index 00000000..b53e2660 --- /dev/null +++ b/redmine/tasks/syslog.yml @@ -0,0 +1,27 @@ +--- +- name: Create log directory + file: + state: directory + dest: /var/log/redmine + owner: root + group: adm + mode: "0750" + tags: + - redmine + +- name: Copy syslog configuration + copy: + src: syslog.conf + dest: /etc/rsyslog.d/redmine.conf + mode: "0644" + notify: restart rsyslog + tags: + - redmine + +- name: Copy logrotate configuration + copy: + src: logrotate + dest: /etc/logrotate.d/redmine + mode: "0644" + tags: + - redmine diff --git a/redmine/tasks/themes.yml b/redmine/tasks/themes.yml deleted file mode 100644 index 510e2038..00000000 --- a/redmine/tasks/themes.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Copy/Update theme from archive - unarchive: - src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/public/themes/" - remote_src: yes - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - when: item.zip is defined - -- name: Copy/Update theme from git repository - git: - repo: "{{ item.git }}" - dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" - version: "{{ item.tree | default('master') }}" - when: item.git is defined - -- name: Fix rights on theme dir - file: - path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - recurse: True - when: item.git is defined diff --git a/redmine/tasks/user.yml b/redmine/tasks/user.yml new file mode 100644 index 00000000..ecc5b6d5 --- /dev/null +++ b/redmine/tasks/user.yml @@ -0,0 +1,44 @@ +--- +- name: Create redmine group + group: + name: "{{ redmine_user }}" + state: present + tags: + - redmine + +- name: Create redmine user + user: + name: "{{ redmine_user }}" + state: present + group: "{{ redmine_user }}" + createhome: yes + home: "/home/{{ redmine_user }}" + shell: /bin/bash + tags: + - redmine + +- name: Add redmine user to Redis group + user: + name: "{{ redmine_user }}" + groups: "redis-{{ redmine_user }}" + append: True + when: redmine_redis_path is defined + tags: + - redmine + +- name: Create required directory + file: + path: "{{ item }}" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + with_items: + - "/home/{{ redmine_user }}" + - "/home/{{ redmine_user }}/files" + tags: + - redmine + +- name: Enable systemd user mode + command: "loginctl enable-linger {{ redmine_user }}" + changed_when: false diff --git a/redmine/templates/Gemfile.local.j2 b/redmine/templates/Gemfile.local.j2 new file mode 100644 index 00000000..72f9857a --- /dev/null +++ b/redmine/templates/Gemfile.local.j2 @@ -0,0 +1,5 @@ +gem "syslogger" +{% if redmine_redis_path is defined %} +gem "redis-rails" +gem "redis-rack-cache" +{% endif %} diff --git a/redmine/templates/additional_environment.rb.j2 b/redmine/templates/additional_environment.rb.j2 index b6065a57..9427c305 100644 --- a/redmine/templates/additional_environment.rb.j2 +++ b/redmine/templates/additional_environment.rb.j2 @@ -1,2 +1,13 @@ -config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log" -config.log_level = :warn +config.log_level = :info +config.logger = Syslogger.new("redmine_{{ redmine_user }}") +{% if redmine_redis_path is defined %} +config.session_store :redis_store, + servers: { path: '{{ redmine_redis_path }}', db: 0, namespace: "session" } +config.cache_store = :redis_store, + "redis://{{ redmine_redis_path }}/cache_rails", + { expires_in: 90.minutes } +config.action_dispatch.rack_cache = { + metastore: "redis://{{ redmine_redis_path }}/cache_metastore", + entitystore: "redis://{{ redmine_redis_path }}/cache_entitystore" +} +{% endif %} diff --git a/redmine/templates/nginx.conf.j2 b/redmine/templates/nginx.conf.j2 new file mode 100644 index 00000000..3356ad19 --- /dev/null +++ b/redmine/templates/nginx.conf.j2 @@ -0,0 +1,44 @@ +upstream puma_{{ redmine_user }} { + server unix:/home/{{ redmine_user }}/run/puma.sock fail_timeout=0; +} +server { + server_name {{ redmine_domain }}; + + listen 0.0.0.0:80; + listen [::]:80; + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2; + + if ( $scheme = http ) { + return 301 https://$server_name$request_uri; + } + + include /etc/nginx/ssl/{{ redmine_user }}[.]conf; + root /home/{{ redmine_user }}/www/public; + access_log /var/log/nginx/{{ redmine_user }}_access.log; + error_log /var/log/nginx/{{ redmine_user }}_error.log; + error_page 503 @maintenance; + client_max_body_size 50M; + + include /etc/nginx/snippets/letsencrypt[.]conf; + + location / { + if (!-f /home/{{ redmine_user }}/run/puma.pid) { + return 503; + } + try_files $uri @puma; + } + + location @maintenance { + rewrite ^(.*)$ /500.html break; + } + + location @puma { + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_read_timeout 30; + proxy_pass http://puma_{{ redmine_user }}; + } +}