Merge branch 'unstable' into stable
This commit is contained in:
commit
271746494c
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -18,6 +18,20 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Security
|
||||
|
||||
## [9.8.0] - 2019-01-31
|
||||
|
||||
### Added
|
||||
* filebeat: disable cloud_metadata processor by default
|
||||
* metricbeat: disable cloud_metadata processor by default
|
||||
* percona : new role to install Percona repositories and tools
|
||||
* redis: add variable for configure unixsocketperm
|
||||
|
||||
### Changed
|
||||
* redmine: refactoring of redmine role with use of rbenv
|
||||
|
||||
### Fixed
|
||||
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
|
||||
|
||||
## [9.7.0] - 2019-01-17
|
||||
|
||||
### Added
|
||||
|
@ -30,6 +44,7 @@ The **patch** part changes incrementally at each release.
|
|||
* redis: add a variable for renamed/disabled commands
|
||||
* redis: add a variable to disable the restart handler
|
||||
* redis: add a variable to force a restart (even with no change)
|
||||
* proftpd: add FTPS and SFTP support
|
||||
|
||||
### Changed
|
||||
* redis: distinction between main and master password
|
||||
|
|
|
@ -2,3 +2,5 @@
|
|||
elastic_stack_version: "6.x"
|
||||
|
||||
filebeat_logstash_plugin: False
|
||||
|
||||
filebeat_processors_cloud_metadata: False
|
||||
|
|
6
filebeat/handlers/main.yml
Normal file
6
filebeat/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: restart filebeat
|
||||
systemd:
|
||||
name: filebeat
|
||||
state: restarted
|
|
@ -64,3 +64,19 @@
|
|||
- filebeat_logstash_plugin
|
||||
- logstash_plugin.stat.exists
|
||||
- not logstash_plugin_installed | success
|
||||
|
||||
- name: cloud_metadata processor is disabled
|
||||
replace:
|
||||
dest: /etc/filebeat/filebeat.yml
|
||||
regexp: '^(\s+)(- add_cloud_metadata:)'
|
||||
replace: '\1# \2'
|
||||
notify: restart filebeat
|
||||
when: not filebeat_processors_cloud_metadata
|
||||
|
||||
- name: cloud_metadata processor is disabled
|
||||
lineinfile:
|
||||
dest: /etc/filebeat/filebeat.yml
|
||||
line: " - add_cloud_metadata: ~"
|
||||
insert_after: '^processors:'
|
||||
notify: restart filebeat
|
||||
when: filebeat_processors_cloud_metadata
|
||||
|
|
|
@ -6,3 +6,5 @@ metricbeat_elasticsearch_hosts:
|
|||
- "localhost:9200"
|
||||
metricbeat_elasticsearch_auth_username: ""
|
||||
metricbeat_elasticsearch_auth_password: ""
|
||||
|
||||
metricbeat_processors_cloud_metadata: False
|
||||
|
|
6
metricbeat/handlers/main.yml
Normal file
6
metricbeat/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: restart metricbeat
|
||||
systemd:
|
||||
name: metricbeat
|
||||
state: restarted
|
|
@ -72,3 +72,19 @@
|
|||
when:
|
||||
- metricbeat_elasticsearch_auth_username != ""
|
||||
- metricbeat_elasticsearch_auth_password != ""
|
||||
|
||||
- name: disable cloud_metadata
|
||||
replace:
|
||||
dest: /etc/metricbeat/metricbeat.yml
|
||||
regexp: '^(\s+)(- add_cloud_metadata:)'
|
||||
replace: '\1# \2'
|
||||
notify: restart metricbeat
|
||||
when: not metricbeat_processors_cloud_metadata
|
||||
|
||||
- name: cloud_metadata processor is disabled
|
||||
lineinfile:
|
||||
dest: /etc/metricbeat/metricbeat.yml
|
||||
line: " - add_cloud_metadata: ~"
|
||||
insert_after: '^processors:'
|
||||
notify: restart metricbeat
|
||||
when: metricbeat_processors_cloud_metadata
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
ntpd_servers:
|
||||
- 'ntp.evolix.net iburst'
|
||||
ntpd_acls:
|
||||
- '-4 default kod notrap nomodify nopeer noquery'
|
||||
- '-6 default kod notrap nomodify nopeer noquery'
|
||||
- '-4 default ignore'
|
||||
- '-6 default ignore'
|
||||
- 'source nomodify noquery notrap' # Debian 9 and later
|
||||
- 'ntp.evolix.net nomodify noquery notrap' # Debian 8
|
||||
- '127.0.0.1'
|
||||
- '::1'
|
||||
|
|
4
percona/defaults/main.yml
Normal file
4
percona/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
percona__install_xtrabackup: True
|
||||
percona__xtrabackup_package_name: percona-xtrabackup-24
|
BIN
percona/files/percona-release_latest.jessie_all.deb
Normal file
BIN
percona/files/percona-release_latest.jessie_all.deb
Normal file
Binary file not shown.
BIN
percona/files/percona-release_latest.stretch_all.deb
Normal file
BIN
percona/files/percona-release_latest.stretch_all.deb
Normal file
Binary file not shown.
30
percona/files/percona.asc
Normal file
30
percona/files/percona.asc
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1.4.9 (GNU/Linux)
|
||||
|
||||
mQGiBEsm3aERBACyB1E9ixebIMRGtmD45c6c/wi2IVIa6O3G1f6cyHH4ump6ejOi
|
||||
AX63hhEs4MUCGO7KnON1hpjuNN7MQZtGTJC0iX97X2Mk+IwB1KmBYN9sS/OqhA5C
|
||||
itj2RAkug4PFHR9dy21v0flj66KjBS3GpuOadpcrZ/k0g7Zi6t7kDWV0hwCgxCa2
|
||||
f/ESC2MN3q3j9hfMTBhhDCsD/3+iOxtDAUlPMIH50MdK5yqagdj8V/sxaHJ5u/zw
|
||||
YQunRlhB9f9QUFfhfnjRn8wjeYasMARDctCde5nbx3Pc+nRIXoB4D1Z1ZxRzR/lb
|
||||
7S4i8KRr9xhommFnDv/egkx+7X1aFp1f2wN2DQ4ecGF4EAAVHwFz8H4eQgsbLsa6
|
||||
7DV3BACj1cBwCf8tckWsvFtQfCP4CiBB50Ku49MU2Nfwq7durfIiePF4IIYRDZgg
|
||||
kHKSfP3oUZBGJx00BujtTobERraaV7lIRIwETZao76MqGt9K1uIqw4NT/jAbi9ce
|
||||
rFaOmAkaujbcB11HYIyjtkAGq9mXxaVqCC3RPWGr+fqAx/akBLQ2UGVyY29uYSBN
|
||||
eVNRTCBEZXZlbG9wbWVudCBUZWFtIDxteXNxbC1kZXZAcGVyY29uYS5jb20+iGAE
|
||||
ExECACAFAksm3aECGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAcTL3NzS79
|
||||
Kpk/AKCQKSEgwX9r8jR+6tAnCVpzyUFOQwCfX+fw3OAoYeFZB3eu2oT8OBTiVYu5
|
||||
Ag0ESybdoRAIAKKUV8rbqlB8qwZdWlmrwQqg3o7OpoAJ53/QOIySDmqy5TmNEPLm
|
||||
lHkwGqEqfbFYoTbOCEEJi2yFLg9UJCSBM/sfPaqb2jGP7fc0nZBgUBnFuA9USX72
|
||||
O0PzVAF7rCnWaIz76iY+AMI6xKeRy91TxYo/yenF1nRSJ+rExwlPcHgI685GNuFG
|
||||
chAExMTgbnoPx1ka1Vqbe6iza+FnJq3f4p9luGbZdSParGdlKhGqvVUJ3FLeLTqt
|
||||
caOn5cN2ZsdakE07GzdSktVtdYPT5BNMKgOAxhXKy11IPLj2Z5C33iVYSXjpTelJ
|
||||
b2qHvcg9XDMhmYJyE3O4AWFh2no3Jf4ypIcABA0IAJO8ms9ov6bFqFTqA0UW2gWQ
|
||||
cKFN4Q6NPV6IW0rV61ONLUc0VFXvYDtwsRbUmUYkB/L/R9fHj4lRUDbGEQrLCoE+
|
||||
/HyYvr2rxP94PT6Bkjk/aiCCPAKZRj5CFUKRpShfDIiow9qxtqv7yVd514Qqmjb4
|
||||
eEihtcjltGAoS54+6C3lbjrHUQhLwPGqlAh8uZKzfSZq0C06kTxiEqsG6VDDYWy6
|
||||
L7qaMwOqWdQtdekKiCk8w/FoovsMYED2qlWEt0i52G+0CjoRFx2zNsN3v4dWiIhk
|
||||
ZSL00Mx+g3NA7pQ1Yo5Vhok034mP8L2fBLhhWaK3LG63jYvd0HLkUFhNG+xjkpeI
|
||||
SQQYEQIACQUCSybdoQIbDAAKCRAcTL3NzS79KlacAJ0aAkBQapIaHNvmAhtVjLPN
|
||||
wke4ZgCePe3sPPF49lBal7QaYPdjqapa1SQ=
|
||||
=qcCk
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
45
percona/tasks/main.yml
Normal file
45
percona/tasks/main.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
|
||||
|
||||
- name: Add Percona's official GPG key
|
||||
apt_key:
|
||||
data: "{{ lookup('file', 'percona.asc') }}"
|
||||
|
||||
- name: Check if percona-release is installed
|
||||
command: "dpkg -l percona-release"
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: percona__apt_config_package_installed
|
||||
|
||||
- name: Percona APT config package is available
|
||||
copy:
|
||||
src: "{{ percona__apt_config_package_file }}"
|
||||
dest: "/root/{{ percona__apt_config_package_file }}"
|
||||
when: not percona__apt_config_package_installed
|
||||
|
||||
# - include_role:
|
||||
# name: remount-usr
|
||||
|
||||
- name: Percona APT config package is installed from deb file
|
||||
apt:
|
||||
deb: "/root/{{ percona__apt_config_package_file }}"
|
||||
state: present
|
||||
register: percona__apt_config_deb
|
||||
when: not percona__apt_config_package_installed
|
||||
|
||||
- name: Percona APT config package is installed from repository
|
||||
apt:
|
||||
name: percona-release
|
||||
state: latest
|
||||
register: percona__apt_config_deb
|
||||
when: percona__apt_config_package_installed
|
||||
|
||||
- name: APT cache is up-to-date
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: percona__apt_config_deb | changed
|
||||
|
||||
- include: xtrabackup.yml
|
||||
when: percona__install_xtrabackup
|
16
percona/tasks/xtrabackup.yml
Normal file
16
percona/tasks/xtrabackup.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
|
||||
- name: Percona Tools is enabled
|
||||
command: percona-release enable tools release
|
||||
# changed_when:
|
||||
# register: percona__release_enable_tools
|
||||
|
||||
- name: APT cache is up-to-date
|
||||
apt:
|
||||
update_cache: yes
|
||||
# when: percona__release_enable_tools | changed
|
||||
|
||||
- name: Percona XtraBackup package is installed
|
||||
apt:
|
||||
name: "{{ percona__xtrabackup_package_name }}"
|
||||
state: present
|
|
@ -2,6 +2,13 @@
|
|||
proftpd_hostname: "{{ ansible_hostname }}"
|
||||
proftpd_fqdn: "{{ ansible_fqdn }}"
|
||||
proftpd_default_address: []
|
||||
proftpd_port: "21"
|
||||
proftpd_ftp_enable: True
|
||||
proftpd_port: 21
|
||||
proftpd_ftps_enable: False
|
||||
proftpd_ftps_port: 990
|
||||
proftpd_ftps_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||
proftpd_ftps_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||
proftpd_sftp_enable: False
|
||||
proftpd_sftp_port: 2222
|
||||
proftpd_accounts: []
|
||||
proftpd_accounts_final: []
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Allow FTP account
|
||||
- name: Allow FTP account (FTP)
|
||||
lineinfile:
|
||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||
state: present
|
||||
|
@ -33,5 +33,30 @@
|
|||
insertbefore: "DenyAll"
|
||||
with_items: "{{ proftpd_accounts_final }}"
|
||||
notify: restart proftpd
|
||||
when: proftpd_ftp_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Allow FTP account (FTPS)
|
||||
lineinfile:
|
||||
dest: /etc/proftpd/conf.d/ftps.conf
|
||||
state: present
|
||||
line: "\tAllowUser {{ item.name }}"
|
||||
insertbefore: "DenyAll"
|
||||
with_items: "{{ proftpd_accounts_final }}"
|
||||
notify: restart proftpd
|
||||
when: proftpd_ftps_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Allow FTP account (SFTP)
|
||||
lineinfile:
|
||||
dest: /etc/proftpd/conf.d/sftp.conf
|
||||
state: present
|
||||
line: "\tAllowUser {{ item.name }}"
|
||||
insertbefore: "DenyAll"
|
||||
with_items: "{{ proftpd_accounts_final }}"
|
||||
notify: restart proftpd
|
||||
when: proftpd_sftp_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
|
|
@ -15,13 +15,36 @@
|
|||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: local jail is installed
|
||||
- name: FTP jail is installed
|
||||
template:
|
||||
src: evolinux.conf.j2
|
||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||
mode: "0644"
|
||||
force: no
|
||||
notify: restart proftpd
|
||||
when: proftpd_ftp_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: FTPS jail is installed
|
||||
template:
|
||||
src: ftps.conf.j2
|
||||
dest: /etc/proftpd/conf.d/ftps.conf
|
||||
mode: "0644"
|
||||
force: no
|
||||
notify: restart proftpd
|
||||
when: proftpd_ftps_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: SFTP jail is installed
|
||||
template:
|
||||
src: sftp.conf.j2
|
||||
dest: /etc/proftpd/conf.d/sftp.conf
|
||||
mode: "0644"
|
||||
force: no
|
||||
notify: restart proftpd
|
||||
when: proftpd_sftp_enable
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
|
|
33
proftpd/templates/ftps.conf.j2
Normal file
33
proftpd/templates/ftps.conf.j2
Normal file
|
@ -0,0 +1,33 @@
|
|||
<IfModule !mod_tls.c>
|
||||
LoadModule mod_tls.c
|
||||
</IfModule>
|
||||
|
||||
<VirtualHost 0.0.0.0>
|
||||
TLSEngine on
|
||||
TLSLog /var/log/proftpd/ftps.log
|
||||
TLSProtocol TLSv1
|
||||
|
||||
TLSRSACertificateFile {{ proftpd_ftps_cert }}
|
||||
TLSRSACertificateKeyFile {{ proftpd_ftps_key }}
|
||||
|
||||
#TLSOptions AllowClientRenegotiations
|
||||
|
||||
TLSOptions AllowPerUser
|
||||
TLSVerifyClient off
|
||||
TLSRequired off
|
||||
|
||||
TLSRenegotiate required off
|
||||
TLSOptions NoSessionReuseRequired
|
||||
|
||||
RequireValidShell off
|
||||
Port {{ proftpd_ftps_port }}
|
||||
AuthUserFile /etc/proftpd/vpasswd
|
||||
DefaultRoot ~
|
||||
|
||||
PassivePorts 60000 61000
|
||||
|
||||
<Limit LOGIN>
|
||||
AllowGroup ftpusers
|
||||
DenyAll
|
||||
</Limit>
|
||||
</VirtualHost>
|
28
proftpd/templates/sftp.conf.j2
Normal file
28
proftpd/templates/sftp.conf.j2
Normal file
|
@ -0,0 +1,28 @@
|
|||
<IfModule !mod_tls.c>
|
||||
LoadModule mod_tls.c
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_sftp.c>
|
||||
LoadModule mod_sftp.c
|
||||
</IfModule>
|
||||
|
||||
<VirtualHost 0.0.0.0>
|
||||
SFTPEngine on
|
||||
Port {{ proftpd_sftp_port }}
|
||||
DefaultRoot ~
|
||||
|
||||
SFTPLog /var/log/proftpd/sftp.log
|
||||
|
||||
SFTPAuthMethods password
|
||||
SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
SFTPHostKey /etc/ssh/ssh_host_rsa_key
|
||||
|
||||
RequireValidShell off
|
||||
|
||||
AuthUserFile /etc/proftpd/vpasswd
|
||||
|
||||
<Limit LOGIN>
|
||||
AllowGroup ftpusers
|
||||
DenyAll
|
||||
</Limit>
|
||||
</VirtualHost>
|
|
@ -5,6 +5,7 @@ redis_conf_path: /etc/redis/redis.conf
|
|||
redis_port: 6379
|
||||
redis_bind_interface: 127.0.0.1
|
||||
redis_unixsocket: '/var/run/redis/redis.sock'
|
||||
redis_unixsocketperm: 770
|
||||
redis_pidfile: "/var/run/redis/{{ redis_daemon }}.pid"
|
||||
redis_timeout: 300
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ bind {{ redis_bind_interface }}
|
|||
|
||||
{% if redis_unixsocket %}
|
||||
unixsocket {{ redis_unixsocket }}
|
||||
unixsocketperm {{ redis_unixsocketperm }}
|
||||
{% endif %}
|
||||
|
||||
{% if redis_password %}
|
||||
|
|
|
@ -3,6 +3,7 @@ puma_env: 'production'
|
|||
puma_worker: 2
|
||||
puma_min_thread: 0
|
||||
puma_max_thread: 4
|
||||
redmine_version: "4.0.1"
|
||||
redmine_db_name: "{{ redmine_user }}"
|
||||
redmine_db_host: "localhost"
|
||||
redmine_db_username: "{{ redmine_user }}"
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
gem "puma"
|
||||
gem "xpath", "< 3.0.0"
|
8
redmine/files/logrotate
Normal file
8
redmine/files/logrotate
Normal file
|
@ -0,0 +1,8 @@
|
|||
/var/log/redmine/*.log {
|
||||
daily
|
||||
rotate 7
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
create 640 root adm
|
||||
}
|
|
@ -12,7 +12,7 @@ fi
|
|||
|
||||
# set PATH so it includes gems bin
|
||||
if [ -d "$HOME/bin" ] ; then
|
||||
export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH"
|
||||
export PATH="$HOME/www/.gem/ruby/2.3.0/bin:$PATH"
|
||||
fi
|
||||
|
||||
# For systemctl --user
|
||||
|
@ -20,4 +20,3 @@ export XDG_RUNTIME_DIR=/run/user/$UID
|
|||
|
||||
# Ruby vars
|
||||
export RAILS_ENV=production
|
||||
export BUNDLE_GEMFILE="$HOME/www/Gemfile"
|
||||
|
|
|
@ -7,7 +7,7 @@ WorkingDirectory=%h/www
|
|||
UMask=0027
|
||||
PIDFile=%h/ruby.pid
|
||||
ExecStartPre=/bin/mkdir -m 0750 -p %h/run
|
||||
ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb
|
||||
ExecStart=%h/.rbenv/bin/rbenv exec bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config %h/config/puma.rb
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
KillMode=process
|
||||
#Restart=on-failure
|
||||
|
|
4
redmine/files/syslog.conf
Normal file
4
redmine/files/syslog.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Send Redmine messages to a dedicated logdir
|
||||
$template Redmine, "/var/log/redmine/%PROGRAMNAME:%.log"
|
||||
if $programname startswith 'redmine_' then ?Redmine
|
||||
&~
|
10
redmine/handlers/main.yml
Normal file
10
redmine/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: restart rsyslog
|
||||
service:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
|
||||
- name: reload nginc
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
3
redmine/meta/main.yml
Normal file
3
redmine/meta/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- nginx
|
59
redmine/tasks/config.yml
Normal file
59
redmine/tasks/config.yml
Normal file
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
- name: Create systemd config dir
|
||||
file:
|
||||
state: directory
|
||||
dest: "/home/{{ redmine_user }}/{{ item }}"
|
||||
mode: "0750"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
with_items:
|
||||
- ".config"
|
||||
- ".config/systemd"
|
||||
- ".config/systemd/user"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Deploy systemd unit
|
||||
copy:
|
||||
src: puma.service
|
||||
dest: "/home/{{ redmine_user }}/.config/systemd/user/puma.service"
|
||||
mode: "0644"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Set user .profile
|
||||
copy:
|
||||
src: profile
|
||||
dest: "/home/{{ redmine_user }}/.profile"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create config directory
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/config"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy configurations file
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/home/{{ redmine_user }}/config/{{ item }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
with_items:
|
||||
- 'configuration.yml'
|
||||
- 'database.yml'
|
||||
- 'additional_environment.rb'
|
||||
- 'puma.rb'
|
||||
tags:
|
||||
- redmine
|
|
@ -1,319 +1,13 @@
|
|||
---
|
||||
- name: Install dependancy
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- libpam-systemd
|
||||
- ruby
|
||||
- ruby-dev
|
||||
- bundler
|
||||
- imagemagick
|
||||
- git-core
|
||||
- git-svn
|
||||
- gcc
|
||||
- build-essential
|
||||
- libxml2-dev
|
||||
- libxslt1-dev
|
||||
- libssl-dev
|
||||
- libmagickwand-dev
|
||||
- libmagickcore-dev
|
||||
- libmysqlclient-dev
|
||||
- python-mysqldb
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
#- name:
|
||||
# lineinfile:
|
||||
# with_items:
|
||||
# - 'https://github.com/.*'
|
||||
# - 'http://rubygems.org/.*'
|
||||
# - 'http://.*.rubygems.org/.*'
|
||||
# tags:
|
||||
# - redmine
|
||||
|
||||
- name: Deploy systemd unit
|
||||
copy:
|
||||
src: puma.service
|
||||
dest: /etc/systemd/user/puma.service
|
||||
mode: "0644"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create puma config dir
|
||||
file:
|
||||
path: /etc/puma
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: root
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create redmine group
|
||||
group:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Add www-data to redmine group
|
||||
user:
|
||||
name: www-data
|
||||
groups: "{{ redmine_user }}"
|
||||
append: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create redmine user
|
||||
user:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
group: "{{ redmine_user }}"
|
||||
createhome: yes
|
||||
home: "/home/{{ redmine_user }}"
|
||||
shell: /bin/bash
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create required directory
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
with_items:
|
||||
- "/home/{{ redmine_user }}"
|
||||
- "/home/{{ redmine_user }}/files"
|
||||
- "/home/{{ redmine_user }}/log"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Touch Nginx logs file
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/log/{{ item }}"
|
||||
state: touch
|
||||
owner: "root"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
changed_when: false
|
||||
with_items:
|
||||
- nginx_access.log
|
||||
- nginx_error.log
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Enable systemd user mode
|
||||
command: "loginctl enable-linger {{ redmine_user }}"
|
||||
changed_when: false
|
||||
|
||||
- name: Set user .profile
|
||||
copy:
|
||||
src: profile
|
||||
dest: "/home/{{ redmine_user }}/.profile"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update or clone Redmine git
|
||||
git:
|
||||
repo: 'https://github.com/redmine/redmine.git'
|
||||
dest: "/home/{{ redmine_user }}/www"
|
||||
version: '3.4-stable'
|
||||
umask: "027"
|
||||
update: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become: yes
|
||||
register: redmine_git_task
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Deploy custom Gemfile
|
||||
copy:
|
||||
src: Gemfile.local
|
||||
dest: "/home/{{ redmine_user }}/www"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
register: redmine_local_gemfile_task
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Get actual Mysql password
|
||||
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
|
||||
register: redmine_get_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
failed_when: false
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Generate Mysql password
|
||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||
register: redmine_generate_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
when: redmine_get_mysql_password.stdout == ""
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Set Mysql password
|
||||
set_fact:
|
||||
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql database
|
||||
mysql_db:
|
||||
name: "{{ redmine_db_name }}"
|
||||
config_file: "/root/.my.cnf"
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql user
|
||||
mysql_user:
|
||||
name: "{{ redmine_db_username }}"
|
||||
password: '{{ redmine_db_pass }}'
|
||||
priv: "{{ redmine_user }}.*:ALL"
|
||||
config_file: "/root/.my.cnf"
|
||||
update_password: always
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Store credentials in my.cnf
|
||||
ini_file:
|
||||
dest: "/home/{{ redmine_user }}/.my.cnf"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0600"
|
||||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
with_items:
|
||||
- { option: 'host', value: "{{ redmine_db_host }}" }
|
||||
- { option: 'user', value: "{{ redmine_db_username }}" }
|
||||
- { option: 'database', value: "{{ redmine_db_name }}" }
|
||||
- { option: 'password', value: '{{ redmine_db_pass }}' }
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy configurations file
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/home/{{ redmine_user }}/www/config/{{ item }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
with_items:
|
||||
- 'configuration.yml'
|
||||
- 'database.yml'
|
||||
- 'additional_environment.rb'
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Install Redmine plugins
|
||||
include: plugins.yml
|
||||
with_items: "{{ redmine_plugins }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Install Redmine themes
|
||||
include: themes.yml
|
||||
with_items: "{{ redmine_themes }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update local gems with bundle
|
||||
bundler:
|
||||
state: present
|
||||
gemfile: "/home/{{ redmine_user }}/www/Gemfile"
|
||||
gem_path: "/home/{{ redmine_user }}/.gems"
|
||||
user_install: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become: yes
|
||||
when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Migrate database with rake
|
||||
shell: bundle exec rake -qf ~/www/Rakefile db:migrate
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
when: redmine_git_task.changed
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Populate Mysql database
|
||||
shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated
|
||||
args:
|
||||
creates: "/home/{{ redmine_user }}/.populated"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Migrate plugins
|
||||
shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
when: redmine_plugin_install.changed
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Generate secret token
|
||||
shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token
|
||||
args:
|
||||
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy puma config
|
||||
template:
|
||||
src: puma.rb.j2
|
||||
dest: "/etc/puma/{{ redmine_user }}.rb"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
register: redmine_puma_config_task
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Start puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Reload puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
state: reloaded
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
become: yes
|
||||
when: redmine_puma_config_task.changed
|
||||
- include: packages.yml
|
||||
- include: syslog.yml
|
||||
- include: user.yml
|
||||
- include_role:
|
||||
name: rbenv
|
||||
vars:
|
||||
- username: "{{ redmine_user }}"
|
||||
- include: config.yml
|
||||
- include: mysql.yml
|
||||
- include: source.yml
|
||||
- include: release.yml
|
||||
- include: nginx.yml
|
||||
|
|
62
redmine/tasks/mysql.yml
Normal file
62
redmine/tasks/mysql.yml
Normal file
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
- name: Get actual Mysql password
|
||||
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
|
||||
register: redmine_get_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
failed_when: false
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Generate Mysql password
|
||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||
register: redmine_generate_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
when: redmine_get_mysql_password.stdout == ""
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Set Mysql password
|
||||
set_fact:
|
||||
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql database
|
||||
mysql_db:
|
||||
name: "{{ redmine_db_name }}"
|
||||
config_file: "/root/.my.cnf"
|
||||
state: present
|
||||
collation: "utf8_general_ci"
|
||||
register: redmine_mysql_create
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Store credentials in my.cnf
|
||||
ini_file:
|
||||
dest: "/home/{{ redmine_user }}/.my.cnf"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0600"
|
||||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
with_items:
|
||||
- { option: 'host', value: "{{ redmine_db_host }}" }
|
||||
- { option: 'user', value: "{{ redmine_db_username }}" }
|
||||
- { option: 'database', value: "{{ redmine_db_name }}" }
|
||||
- { option: 'password', value: '{{ redmine_db_pass }}' }
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql user
|
||||
mysql_user:
|
||||
name: "{{ redmine_db_username }}"
|
||||
password: '{{ redmine_db_pass }}'
|
||||
priv: "{{ redmine_user }}.*:ALL"
|
||||
config_file: "/root/.my.cnf"
|
||||
update_password: always
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
26
redmine/tasks/nginx.yml
Normal file
26
redmine/tasks/nginx.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: Add www-data to Redmine group
|
||||
user:
|
||||
name: www-data
|
||||
groups: "{{ redmine_user }}"
|
||||
append: True
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy nginx vhost
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
|
||||
mode: "0644"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Enable nginx vhost
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ redmine_user }}.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- redmine
|
21
redmine/tasks/packages.yml
Normal file
21
redmine/tasks/packages.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
- name: Install dependancy
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- libpam-systemd
|
||||
- imagemagick
|
||||
- git-core
|
||||
- git-svn
|
||||
- gcc
|
||||
- build-essential
|
||||
- libxml2-dev
|
||||
- libxslt1-dev
|
||||
- libssl-dev
|
||||
- libmagickwand-dev
|
||||
- libmagickcore-dev
|
||||
- libmariadbclient-dev
|
||||
- python-mysqldb
|
||||
tags:
|
||||
- redmine
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: Copy/Update plugin from archive
|
||||
unarchive:
|
||||
src: "{{ item.zip }}"
|
||||
dest: "/home/{{ redmine_user }}/www/plugins/"
|
||||
remote_src: yes
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
register: redmine_plugin_install
|
||||
when: item.zip is defined
|
||||
|
||||
- name: Copy/Update plugin from git repository
|
||||
git:
|
||||
repo: "{{ item.git }}"
|
||||
dest: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
|
||||
version: "{{ item.tree | default('master') }}"
|
||||
register: redmine_plugin_install
|
||||
when: item.git is defined
|
||||
|
||||
- name: Fix rights on plugin dir
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "u=rwX,g=rX,o="
|
||||
recurse: True
|
||||
when: item.git is defined
|
123
redmine/tasks/release.yml
Normal file
123
redmine/tasks/release.yml
Normal file
|
@ -0,0 +1,123 @@
|
|||
---
|
||||
- name: Get id of user
|
||||
command: "id -u {{ redmine_user }}"
|
||||
register: redmine_command_user_id
|
||||
changed_when: False
|
||||
check_mode: False
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Define user environment
|
||||
set_fact:
|
||||
user_env:
|
||||
XDG_RUNTIME_DIR: "/run/user/{{ redmine_command_user_id.stdout }}"
|
||||
RAILS_ENV: production
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Stop puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
state: stopped
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create mysqldump directory
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/mysqldump"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Dump mysql database
|
||||
mysql_db:
|
||||
state: dump
|
||||
config_file: "/home/{{ redmine_user }}/.my.cnf"
|
||||
name: "{{ redmine_db_name }}"
|
||||
target: "/home/{{ redmine_user }}/mysqldump/{{ ansible_date_time.iso8601_basic_short }}.sql.gz"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Change www link
|
||||
file:
|
||||
state: link
|
||||
src: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
|
||||
dest: "/home/{{ redmine_user }}/www"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update Gemfile.lock
|
||||
command: "~/.rbenv/bin/rbenv exec bundle lock"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update local gems with bundle
|
||||
command: "~/.rbenv/bin/rbenv exec bundle install --deployment"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Generate secret token
|
||||
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www"
|
||||
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Migrate database with rake
|
||||
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www/"
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Populate Mysql database
|
||||
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www/"
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
when: redmine_mysql_create.changed
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Migrate plugins
|
||||
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate"
|
||||
args:
|
||||
chdir: "/home/{{ redmine_user }}/www/"
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Start puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
state: started
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
environment: "{{ user_env }}"
|
||||
tags:
|
||||
- redmine
|
98
redmine/tasks/source.yml
Normal file
98
redmine/tasks/source.yml
Normal file
|
@ -0,0 +1,98 @@
|
|||
---
|
||||
- name: Create releases directory
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
with_items:
|
||||
- "releases"
|
||||
- "releases/{{ redmine_version }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Download Redmine archive
|
||||
unarchive:
|
||||
src: "https://redmine.org/releases/redmine-{{ redmine_version }}.tar.gz"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
|
||||
remote_src: True
|
||||
extra_opts: --strip-components=1
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Link config files
|
||||
file:
|
||||
state: link
|
||||
src: "/home/{{ redmine_user }}/config/{{ item }}"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
with_items:
|
||||
- 'configuration.yml'
|
||||
- 'database.yml'
|
||||
- 'additional_environment.rb'
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy/Update plugin from archive
|
||||
unarchive:
|
||||
src: "{{ item.zip }}"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/"
|
||||
remote_src: yes
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
when: item.zip is defined
|
||||
with_items: "{{ redmine_plugins }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy/Update plugin from git repository
|
||||
git:
|
||||
repo: "{{ item.git }}"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/{{ item.git | basename | splitext | first }}"
|
||||
version: "{{ item.tree | default('master') }}"
|
||||
umask: "027"
|
||||
become_user: "{{ redmine_user }}"
|
||||
when: item.git is defined
|
||||
with_items: "{{ redmine_plugins }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy/Update theme from archive
|
||||
unarchive:
|
||||
src: "{{ item.zip }}"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes"
|
||||
remote_src: yes
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
when: item.zip is defined
|
||||
with_items: "{{ redmine_themes }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy/Update theme from git repository
|
||||
git:
|
||||
repo: "{{ item.git }}"
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes/{{ item.git | basename | splitext | first }}"
|
||||
version: "{{ item.tree | default('master') }}"
|
||||
umask: "027"
|
||||
become_user: "{{ redmine_user }}"
|
||||
when: item.git is defined
|
||||
with_items: "{{ redmine_themes }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Deploy custom Gemfile
|
||||
template:
|
||||
src: Gemfile.local.j2
|
||||
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/Gemfile.local"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
tags:
|
||||
- redmine
|
27
redmine/tasks/syslog.yml
Normal file
27
redmine/tasks/syslog.yml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- name: Create log directory
|
||||
file:
|
||||
state: directory
|
||||
dest: /var/log/redmine
|
||||
owner: root
|
||||
group: adm
|
||||
mode: "0750"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy syslog configuration
|
||||
copy:
|
||||
src: syslog.conf
|
||||
dest: /etc/rsyslog.d/redmine.conf
|
||||
mode: "0644"
|
||||
notify: restart rsyslog
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy logrotate configuration
|
||||
copy:
|
||||
src: logrotate
|
||||
dest: /etc/logrotate.d/redmine
|
||||
mode: "0644"
|
||||
tags:
|
||||
- redmine
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
- name: Copy/Update theme from archive
|
||||
unarchive:
|
||||
src: "{{ item.zip }}"
|
||||
dest: "/home/{{ redmine_user }}/www/public/themes/"
|
||||
remote_src: yes
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
when: item.zip is defined
|
||||
|
||||
- name: Copy/Update theme from git repository
|
||||
git:
|
||||
repo: "{{ item.git }}"
|
||||
dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
|
||||
version: "{{ item.tree | default('master') }}"
|
||||
when: item.git is defined
|
||||
|
||||
- name: Fix rights on theme dir
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
recurse: True
|
||||
when: item.git is defined
|
44
redmine/tasks/user.yml
Normal file
44
redmine/tasks/user.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
- name: Create redmine group
|
||||
group:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create redmine user
|
||||
user:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
group: "{{ redmine_user }}"
|
||||
createhome: yes
|
||||
home: "/home/{{ redmine_user }}"
|
||||
shell: /bin/bash
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Add redmine user to Redis group
|
||||
user:
|
||||
name: "{{ redmine_user }}"
|
||||
groups: "redis-{{ redmine_user }}"
|
||||
append: True
|
||||
when: redmine_redis_path is defined
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create required directory
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
with_items:
|
||||
- "/home/{{ redmine_user }}"
|
||||
- "/home/{{ redmine_user }}/files"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Enable systemd user mode
|
||||
command: "loginctl enable-linger {{ redmine_user }}"
|
||||
changed_when: false
|
5
redmine/templates/Gemfile.local.j2
Normal file
5
redmine/templates/Gemfile.local.j2
Normal file
|
@ -0,0 +1,5 @@
|
|||
gem "syslogger"
|
||||
{% if redmine_redis_path is defined %}
|
||||
gem "redis-rails"
|
||||
gem "redis-rack-cache"
|
||||
{% endif %}
|
|
@ -1,2 +1,13 @@
|
|||
config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log"
|
||||
config.log_level = :warn
|
||||
config.log_level = :info
|
||||
config.logger = Syslogger.new("redmine_{{ redmine_user }}")
|
||||
{% if redmine_redis_path is defined %}
|
||||
config.session_store :redis_store,
|
||||
servers: { path: '{{ redmine_redis_path }}', db: 0, namespace: "session" }
|
||||
config.cache_store = :redis_store,
|
||||
"redis://{{ redmine_redis_path }}/cache_rails",
|
||||
{ expires_in: 90.minutes }
|
||||
config.action_dispatch.rack_cache = {
|
||||
metastore: "redis://{{ redmine_redis_path }}/cache_metastore",
|
||||
entitystore: "redis://{{ redmine_redis_path }}/cache_entitystore"
|
||||
}
|
||||
{% endif %}
|
||||
|
|
44
redmine/templates/nginx.conf.j2
Normal file
44
redmine/templates/nginx.conf.j2
Normal file
|
@ -0,0 +1,44 @@
|
|||
upstream puma_{{ redmine_user }} {
|
||||
server unix:/home/{{ redmine_user }}/run/puma.sock fail_timeout=0;
|
||||
}
|
||||
server {
|
||||
server_name {{ redmine_domain }};
|
||||
|
||||
listen 0.0.0.0:80;
|
||||
listen [::]:80;
|
||||
listen 0.0.0.0:443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
if ( $scheme = http ) {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
include /etc/nginx/ssl/{{ redmine_user }}[.]conf;
|
||||
root /home/{{ redmine_user }}/www/public;
|
||||
access_log /var/log/nginx/{{ redmine_user }}_access.log;
|
||||
error_log /var/log/nginx/{{ redmine_user }}_error.log;
|
||||
error_page 503 @maintenance;
|
||||
client_max_body_size 50M;
|
||||
|
||||
include /etc/nginx/snippets/letsencrypt[.]conf;
|
||||
|
||||
location / {
|
||||
if (!-f /home/{{ redmine_user }}/run/puma.pid) {
|
||||
return 503;
|
||||
}
|
||||
try_files $uri @puma;
|
||||
}
|
||||
|
||||
location @maintenance {
|
||||
rewrite ^(.*)$ /500.html break;
|
||||
}
|
||||
|
||||
location @puma {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
proxy_read_timeout 30;
|
||||
proxy_pass http://puma_{{ redmine_user }};
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue