diff --git a/README.md b/README.md index 49b3727..65130a2 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,16 @@ redmine installer (if run). `redmine_root_dir` does not exist or if there is a detected change in the database (e.g. you drop it and let Ansible recreate it). +**Note:** The `run redmine installer` Ansible task can take a long time +and there is no stdout to the console to indicate progress. The +installer includes installing several Ruby gems and database migration +steps so the installer run time is affected by network speed and +database state. On the other hand the installer may prompt for input +that the expect script is not expecting. This causes the installer to +hang indefinitely waiting for input that the non-interactive script +cannot provide. The `~/install.log` captures the stdout of the process +and should be consulted to check for running state. + ## Production Installation See https://wiki.apidb.org/index.php/EasyRedmineVM for instructions for diff --git a/bootstrap.yml b/bootstrap.yml index 1f6e988..4a9fc09 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -1,6 +1,6 @@ --- - hosts: all - sudo: false + become: false gather_facts: false vars_files: #- production_config.yml diff --git a/playbook.yml b/playbook.yml index 33d9c8b..7b5da60 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,12 +1,12 @@ --- - hosts: all - sudo: yes + become: yes gather_facts: True vars_files: - config.yml roles: - - { role: rvm_io.rvm1-ruby, tags: ruby, sudo: True } - - { role: easyredmine, sudo: no } + - { role: rvm_io.rvm1-ruby, tags: ruby, become: True } + - { role: easyredmine, become: no } tasks: diff --git a/roles/easyredmine/handlers/main.yml b/roles/easyredmine/handlers/main.yml index 9543788..14b2956 100644 --- a/roles/easyredmine/handlers/main.yml +++ b/roles/easyredmine/handlers/main.yml @@ -4,13 +4,13 @@ - name: restart nginx service: name=nginx state=restarted - sudo: yes + become: yes - name: restart firewalld service: name=firewalld state=restarted - sudo: yes + become: yes - name: rebuild mail aliases command: /usr/bin/newaliases - sudo: yes + become: yes diff --git a/roles/easyredmine/tasks/attachments_storage.yml b/roles/easyredmine/tasks/attachments_storage.yml index 1035add..332a172 100644 --- a/roles/easyredmine/tasks/attachments_storage.yml +++ b/roles/easyredmine/tasks/attachments_storage.yml @@ -9,14 +9,14 @@ - file: path='{{ redmine_files_nfs_mount }}' state=directory - sudo: yes + become: yes - mount: name='{{ redmine_files_nfs_mount }}' src='{{ redmine_files_nfs_source }}' fstype=nfs opts=rsize=32768,wsize=32768,tcp,hard,nointr state=mounted - sudo: yes + become: yes - name: set attachments_storage_path in configuration.yml lineinfile: > diff --git a/roles/easyredmine/tasks/database.yml b/roles/easyredmine/tasks/database.yml index c126c89..34b0bf9 100644 --- a/roles/easyredmine/tasks/database.yml +++ b/roles/easyredmine/tasks/database.yml @@ -1,6 +1,6 @@ - name: install mysql, mariadb packages yum: name='{{ item }}' - sudo: yes + become: yes with_items: - mysql-devel - mariadb-server @@ -9,14 +9,14 @@ - service: name='{{ redmine_db_service_provider }}' state=started - sudo: yes + become: yes - mysql_db: name='{{ redmine_db_name }}' state=present encoding=utf8 login_user='{{ mysql_admin_login }}' login_password='{{ mysql_admin_password }}' - sudo: yes + become: yes register: redmine_db_created # source database may not have same name as VM db. @@ -51,5 +51,5 @@ append_privs=yes priv='{{ redmine_db_name }}.*:ALL' state=present - sudo: yes + become: yes diff --git a/roles/easyredmine/tasks/firewall.yml b/roles/easyredmine/tasks/firewall.yml index 64ba79b..83ce020 100644 --- a/roles/easyredmine/tasks/firewall.yml +++ b/roles/easyredmine/tasks/firewall.yml @@ -2,18 +2,18 @@ - service: name=firewalld state=started enabled=yes - sudo: yes + become: yes - firewalld: service=https permanent=true state=enabled - sudo: yes + become: yes notify: restart firewalld - firewalld: service=http permanent=true state=enabled - sudo: yes + become: yes notify: restart firewalld - firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept' @@ -24,32 +24,32 @@ - 192.168.0.0/16 - 172.16.0.0/16 - 128.91.49.0/24 - sudo: yes + become: yes notify: restart firewalld when: is_production_vm == True - firewalld: service=ssh permanent=true state=disabled - sudo: yes + become: yes notify: restart firewalld when: is_production_vm == True - name: define new icmp types for timestamp responses copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml' src='{{ item }}.xml' - sudo: yes + become: yes with_items: - timestamp-reply - timestamp-request - name: load new icmp types for timestamp responses command: firewall-cmd --reload - sudo: yes + become: yes - name: disable icmp timestamp responses command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }} - sudo: yes + become: yes with_items: - timestamp-reply - timestamp-request @@ -58,4 +58,4 @@ - name: restart firewalld service: name=firewalld state=restarted - sudo: yes + become: yes diff --git a/roles/easyredmine/tasks/main.yml b/roles/easyredmine/tasks/main.yml index fc8ae36..f0de5a4 100644 --- a/roles/easyredmine/tasks/main.yml +++ b/roles/easyredmine/tasks/main.yml @@ -1,15 +1,21 @@ --- -- include: system.yml tags=system +- include: system.yml + tags: system -- include: firewall.yml tags=firewall +- include: firewall.yml + tags: firewall -- include: database.yml tags=database +- include: database.yml + tags: database when: do_database_management == True -- include: redmine.yml tags=redmine +- include: redmine.yml + tags: redmine -- include: nginx.yml tags=nginx +- include: nginx.yml + tags: nginx -- include: attachments_storage.yml tags=attachments_storage +- include: attachments_storage.yml + tags: attachments_storage when: is_production_vm == True diff --git a/roles/easyredmine/tasks/nginx.yml b/roles/easyredmine/tasks/nginx.yml index 9367e13..9426478 100644 --- a/roles/easyredmine/tasks/nginx.yml +++ b/roles/easyredmine/tasks/nginx.yml @@ -1,22 +1,22 @@ - get_url: url=https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo dest=/etc/yum.repos.d/passenger.repo - sudo: yes + become: yes - rpm_key: key=https://packagecloud.io/gpg.key - sudo: yes + become: yes # this makecache is mostly because I can not find any other way to fully # import the GPG. key for the Passenger repo. 'rpm --import' is not # sufficient. -- command: yum -q makecache -y --disablerepo='*' --enablerepo='passenger*' - sudo: yes +- command: /usr/bin/yum -q makecache -y --disablerepo='*' --enablerepo='passenger*' + become: yes changed_when: False - yum: name=epel-release - sudo: yes + become: yes - name: install nginx, passenger yum: name='{{ item }}' - sudo: yes + become: yes with_items: - nginx - passenger @@ -27,31 +27,31 @@ # https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score - name: generate new Diffie-Hellman group command: 'openssl dhparam -out {{ dharam_pem_path }} 2048' - sudo: yes + become: yes notify: restart nginx when: dharam_pem.stat.exists == False - template: dest='/etc/nginx/conf.d/easyredmine.conf' src=easyredmine.conf.j2 - sudo: yes + become: yes notify: restart nginx - template: dest='/etc/nginx/nginx.conf' src=nginx.conf.j2 - sudo: yes + become: yes notify: restart nginx - template: dest=/etc/nginx/conf.d/passenger.conf src=passenger.conf.j2 - sudo: yes + become: yes notify: restart nginx - copy: dest='/etc/pki/tls/certs/{{ ansible_fqdn }}.pem' src='{{ nginx_pem }}' - sudo: yes + become: yes notify: restart nginx - service: name=nginx state=started enabled=yes - sudo: yes + become: yes diff --git a/roles/easyredmine/tasks/redmine.yml b/roles/easyredmine/tasks/redmine.yml index 065d4a9..5f01f30 100644 --- a/roles/easyredmine/tasks/redmine.yml +++ b/roles/easyredmine/tasks/redmine.yml @@ -1,6 +1,6 @@ - name: install redmine package depdendencies yum: name='{{ item }}' - sudo: yes + become: yes with_items: - mysql-devel - unzip @@ -18,7 +18,7 @@ gem: name='{{ item }}' user_install=no executable=/usr/local/bin/gem # RVM's version - sudo: yes + become: yes with_items: - bundler - redmine-installer @@ -26,7 +26,7 @@ - name: installer package is present? stat: path='{{ installer_package_path }}' register: has_installer_package - sudo: no + become: no changed_when: false - name: download installer @@ -35,37 +35,37 @@ mode=0640 force=no when: has_installer_package.stat.exists == False - sudo: no + become: no - name: add redmine installation wrapper script template: dest='{{ _redmine_install_wrapper }}' src=install_wrapper.j2 mode=750 - sudo: no + become: no - name: delete contents of redmine root directory file: path='{{ redmine_root_dir }}' state=absent - sudo: yes - when: redmine_db_created|changed + become: yes + when: redmine_db_created is defined and redmine_db_created|changed - name: make installation directory file: path='{{ redmine_root_dir }}' state=directory owner='{{ redmine_owner }}' mode=755 - sudo: yes + become: yes register: mk_redmine_root_dir - name: run redmine installer - shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }}' + shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }} > ~/install.log' when: mk_redmine_root_dir|changed and do_redmine_installer == True register: installer_run - sudo: no + become: no - copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake' src='ebrc_settings.rake' - sudo: yes + become: yes - name: restrict config permissions file: path='{{ redmine_root_dir }}/config' @@ -75,7 +75,7 @@ command: 'rake redmine:ebrc_settings RAILS_ENV=production' args: chdir: '{{ redmine_root_dir }}' - sudo: no + become: no when: do_redmine_installer == True - name: adding run_tasks crontab @@ -83,33 +83,33 @@ minute="*/15" job='cd {{ redmine_root_dir }} && /usr/local/bin/bundle exec rake easyproject:scheduler:run_tasks RAILS_ENV=production > /dev/null' user='{{ redmine_owner }}' - sudo: yes + become: yes - name: add redmine IMAP fetch script template: dest='{{ redmine_root_dir }}/script/redmine_receive_imap' src=redmine_receive_imap.j2 mode=750 - sudo: no + become: no - name: add redmine repository fetch script template: dest='{{ redmine_root_dir }}/script/redmine_fetch_changesets' src=redmine_fetch_changesets.j2 mode=750 - sudo: no + become: no - name: adding redmine_receive_imap crontab cron: name="fetch from imap" minute="*/5" job="({{ redmine_root_dir }}/script/redmine_receive_imap 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_receive_imap" user='{{ redmine_owner }}' - sudo: yes + become: yes - name: adding redmine_fetch_changesets crontab cron: name="fetch from repository" minute="*/5" job="({{ redmine_root_dir }}/script/redmine_fetch_changesets 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_fetch_changesets" user='{{ redmine_owner }}' - sudo: yes + become: yes - name: set session cookie as secure lineinfile: > diff --git a/roles/easyredmine/tasks/system.yml b/roles/easyredmine/tasks/system.yml index 269aa58..8d06e7f 100644 --- a/roles/easyredmine/tasks/system.yml +++ b/roles/easyredmine/tasks/system.yml @@ -2,7 +2,7 @@ - name: install system tools yum: name='{{ item }}' - sudo: yes + become: yes with_items: - rsync - strace @@ -28,13 +28,13 @@ - service: name=sendmail state=started enabled=yes - sudo: yes + become: yes - name: set up redmine user mail aliases lineinfile: > dest=/etc/aliases regexp="\b{{ redmine_owner }}" line="{{ redmine_owner }}: {{ redmine_mail_alias }}" - sudo: yes + become: yes notify: rebuild mail aliases