From f47947f48998e9c4e25882025abb91cf140ecf3d Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Thu, 31 Aug 2017 09:47:07 +0200 Subject: [PATCH] Add a redmine role --- redmine/defaults/main.yml | 8 + redmine/files/Gemfile.local | 1 + redmine/files/profile | 23 ++ redmine/files/puma.service | 17 ++ redmine/handlers/main.yml | 24 ++ redmine/tasks/main.yml | 260 ++++++++++++++++++ .../templates/additional_environment.rb.j2 | 1 + redmine/templates/configuration.yml.j2 | 11 + redmine/templates/database.yml.j2 | 7 + redmine/templates/puma.rb.j2 | 4 + 10 files changed, 356 insertions(+) create mode 100644 redmine/defaults/main.yml create mode 100644 redmine/files/Gemfile.local create mode 100644 redmine/files/profile create mode 100644 redmine/files/puma.service create mode 100644 redmine/handlers/main.yml create mode 100644 redmine/tasks/main.yml create mode 100644 redmine/templates/additional_environment.rb.j2 create mode 100644 redmine/templates/configuration.yml.j2 create mode 100644 redmine/templates/database.yml.j2 create mode 100644 redmine/templates/puma.rb.j2 diff --git a/redmine/defaults/main.yml b/redmine/defaults/main.yml new file mode 100644 index 00000000..c87d09d3 --- /dev/null +++ b/redmine/defaults/main.yml @@ -0,0 +1,8 @@ +--- +puma_env: 'production' +puma_worker: 2 +puma_min_thread: 0 +puma_max_thread: 4 +redmine_db_name: "{{ redmine_user }}" +redmine_db_host: "localhost" +redmine_db_username: "{{ redmine_user }}" diff --git a/redmine/files/Gemfile.local b/redmine/files/Gemfile.local new file mode 100644 index 00000000..78486d1b --- /dev/null +++ b/redmine/files/Gemfile.local @@ -0,0 +1 @@ +gem "puma" diff --git a/redmine/files/profile b/redmine/files/profile new file mode 100644 index 00000000..57d0668e --- /dev/null +++ b/redmine/files/profile @@ -0,0 +1,23 @@ +# ~/.profile: executed by the command interpreter for login shells. + +umask 027 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes gems bin +if [ -d "$HOME/bin" ] ; then + export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH" +fi + +# For systemctl --user +export XDG_RUNTIME_DIR=/run/user/$UID + +# Ruby vars +export RAILS_ENV=production +export BUNDLE_GEMFILE="$HOME/www/Gemfile" diff --git a/redmine/files/puma.service b/redmine/files/puma.service new file mode 100644 index 00000000..65aab8fb --- /dev/null +++ b/redmine/files/puma.service @@ -0,0 +1,17 @@ +[Unit] +Description=Puma HTTP server for Ruby Apps : %u +After=network.target + +[Service] +WorkingDirectory=%h/www +UMask=0027 +PIDFile=%h/ruby.pid +ExecStartPre=/bin/mkdir -m 0750 -p %h/run +ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb +ExecReload=/bin/kill -USR2 $MAINPID +KillMode=process +#Restart=on-failure + +[Install] +WantedBy=multi-user.target +Alias=puma.service diff --git a/redmine/handlers/main.yml b/redmine/handlers/main.yml new file mode 100644 index 00000000..73b42e23 --- /dev/null +++ b/redmine/handlers/main.yml @@ -0,0 +1,24 @@ +--- +- name: bundle update + bundler: + state: present + gemfile: "/home/{{ redmine_user }}/www/Gemfile" + gem_path: "/home/{{ redmine_user }}/.gems" + user_install: yes + become_user: "{{ redmine_user }}" + +- name: rake migrate + shell: bundle exec rake -qf ~/www/Rakefile db:migrate + become_user: "{{ redmine_user }}" + become_method: sudo + become_flags: '-iu {{ redmine_user }}' + +- name: puma reload + systemd: + name: puma + daemon_reload: yes + state: reloaded + user: yes + become_user: "{{ redmine_user }}" + become_method: sudo + become_flags: '-iu {{ redmine_user }}' diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml new file mode 100644 index 00000000..e6b4dd42 --- /dev/null +++ b/redmine/tasks/main.yml @@ -0,0 +1,260 @@ +--- +- name: Install dependancy + apt: + name: "{{ item }}" + state: present + with_items: + - libpam-systemd + - ruby + - ruby-dev + - bundler + - imagemagick + - git-core + - git-svn + - gcc + - build-essential + - libxml2-dev + - libxslt1-dev + - libssl-dev + - libmagickwand-dev + - libmagickcore-dev + - libmysqlclient-dev + - python-mysqldb + tags: + - redmine + +#- name: +# lineinfile: +# with_items: +# - 'https://github.com/.*' +# - 'http://rubygems.org/.*' +# - 'http://.*.rubygems.org/.*' +# tags: +# - redmine + +- name: Deploy systemd unit + copy: + src: puma.service + dest: /etc/systemd/user/puma.service + mode: "0644" + tags: + - redmine + +- name: Create puma config dir + file: + path: /etc/puma + state: directory + mode: "0755" + owner: root + tags: + - redmine + +- name: Create redmine group + group: + name: "{{ redmine_user }}" + state: present + tags: + - redmine + +- name: Add www-data to redmine group + user: + name: www-data + groups: "{{ redmine_user }}" + append: yes + tags: + - redmine + +- name: Create redmine user + user: + name: "{{ redmine_user }}" + state: present + group: "{{ redmine_user }}" + createhome: yes + home: "/home/{{ redmine_user }}" + shell: /bin/bash + tags: + - redmine + +- name: Create required directory + file: + path: "{{ item }}" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + with_items: + - "/home/{{ redmine_user }}" + - "/home/{{ redmine_user }}/files" + - "/home/{{ redmine_user }}/log" + tags: + - redmine + +- name: Touch Nginx logs file + file: + path: "/home/{{ redmine_user }}/log/{{ item }}" + state: touch + owner: "root" + group: "{{ redmine_user }}" + mode: "0640" + with_items: + - nginx_access.log + - nginx_error.log + tags: + - redmine + +- name: Enable systemd user mode + command: "loginctl enable-linger {{ redmine_user }}" + changed_when: false + +- name: Set user .profile + copy: + src: profile + dest: "/home/{{ redmine_user }}/.profile" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + tags: + - redmine + +- name: Update or clone Redmine git + git: + repo: 'https://github.com/redmine/redmine.git' + dest: "/home/{{ redmine_user }}/www" + version: '3.4-stable' + umask: "027" + update: yes + become_user: "{{ redmine_user }}" + notify: + - bundle update + - rake migrate + tags: + - redmine + +- name: Deploy custom Gemfile + copy: + src: Gemfile.local + dest: "/home/{{ redmine_user }}/www" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + notify: bundle update + +- name: Get actual Mysql password + shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" + register: redmine_get_mysql_password + check_mode: no + changed_when: False + failed_when: false + tags: + - redmine + +- name: Generate Mysql password + shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' + register: redmine_generate_mysql_password + check_mode: no + changed_when: False + when: redmine_get_mysql_password.stdout == "" + tags: + - redmine + +- name: Set Mysql password + set_fact: + redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" + tags: + - redmine + +- name: Create Mysql database + mysql_db: + name: "{{ redmine_db_name }}" + config_file: "/root/.my.cnf" + state: present + tags: + - redmine + +- name: Create Mysql user + mysql_user: + name: "{{ redmine_db_username }}" + password: '{{ redmine_db_pass }}' + priv: "{{ redmine_user }}.*:ALL" + config_file: "/root/.my.cnf" + update_password: always + state: present + tags: + - redmine + +- name: Store credentials in my.cnf + ini_file: + dest: "/home/{{ redmine_user }}/.my.cnf" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + with_items: + - { option: 'user', value: "{{ redmine_db_username }}" } + - { option: 'database', value: "{{ redmine_db_name }}" } + - { option: 'password', value: '{{ redmine_db_pass }}' } + tags: + - redmine + +- name: Copy configurations file + template: + src: "{{ item }}.j2" + dest: "/home/{{ redmine_user }}/www/config/{{ item }}" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + with_items: + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' + tags: + - redmine + +- meta: flush_handlers + +- name: Populate Mysql database + shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated + args: + creates: "/home/{{ redmine_user }}/.populated" + become_user: "{{ redmine_user }}" + become_method: sudo + become_flags: '-iu {{ redmine_user }}' + +- name: Generate secret token + shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token + args: + creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" + become_user: "{{ redmine_user }}" + become_method: sudo + become_flags: '-iu {{ redmine_user }}' + tags: + - redmine + +- name: Copy puma config + template: + src: puma.rb.j2 + dest: "/etc/puma/{{ redmine_user }}.rb" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + notify: + - puma reload + tags: + - redmine + +- name: Start puma service + systemd: + name: puma + daemon_reload: yes + enabled: yes + state: started + user: yes + become_user: "{{ redmine_user }}" + become_method: sudo + become_flags: '-iu {{ redmine_user }}' + tags: + - redmine + +- meta: flush_handlers diff --git a/redmine/templates/additional_environment.rb.j2 b/redmine/templates/additional_environment.rb.j2 new file mode 100644 index 00000000..b1211a2e --- /dev/null +++ b/redmine/templates/additional_environment.rb.j2 @@ -0,0 +1 @@ +config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log" diff --git a/redmine/templates/configuration.yml.j2 b/redmine/templates/configuration.yml.j2 new file mode 100644 index 00000000..3640cd65 --- /dev/null +++ b/redmine/templates/configuration.yml.j2 @@ -0,0 +1,11 @@ +production: + email_delivery: + delivery_method: :smtp + smtp_settings: + address: localhost + port: 25 + domain: "{{ ansible_domain }}" + ssl: false + enable_starttls_auto: false + attachments_storage_path: /home/{{ redmine_user }}/files + autologin_cookie_secure: true diff --git a/redmine/templates/database.yml.j2 b/redmine/templates/database.yml.j2 new file mode 100644 index 00000000..c694644c --- /dev/null +++ b/redmine/templates/database.yml.j2 @@ -0,0 +1,7 @@ +production: + adapter: mysql2 + database: {{ redmine_db_name }} + host: {{ redmine_db_host }} + username: {{ redmine_db_username }} + password: "{{ redmine_db_pass }}" + encoding: utf8 diff --git a/redmine/templates/puma.rb.j2 b/redmine/templates/puma.rb.j2 new file mode 100644 index 00000000..dd5ea5af --- /dev/null +++ b/redmine/templates/puma.rb.j2 @@ -0,0 +1,4 @@ +environment '{{ puma_env }}' +workers {{ puma_worker }} +threads {{ puma_min_thread }}, {{ puma_max_thread }} +tag 'Redmine {{ redmine_user }}'