kris/vagrant-easyredmine
1
0
Fork 0
mirror of https://github.com/krislamo/vagrant-easyredmine synced 2024-11-09 22:40:36 +00:00
Code Issues Releases Wiki Activity

updates for Ansible 2.x

Browse Source
This commit is contained in:
Mark Heiges 2016-07-13 23:15:07 -04:00
parent 29e63763cd
commit 1093492b46
11 changed files with 76 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -54,6 +54,16 @@ redmine installer (if run).
`redmine_root_dir` does not exist or if there is a detected change in `redmine_root_dir` does not exist or if there is a detected change in
the database (e.g. you drop it and let Ansible recreate it). the database (e.g. you drop it and let Ansible recreate it).
**Note:** The `run redmine installer` Ansible task can take a long time
and there is no stdout to the console to indicate progress. The
installer includes installing several Ruby gems and database migration
steps so the installer run time is affected by network speed and
database state. On the other hand the installer may prompt for input
that the expect script is not expecting. This causes the installer to
hang indefinitely waiting for input that the non-interactive script
cannot provide. The `~/install.log` captures the stdout of the process
and should be consulted to check for running state.
## Production Installation ## Production Installation
See https://wiki.apidb.org/index.php/EasyRedmineVM for instructions for See https://wiki.apidb.org/index.php/EasyRedmineVM for instructions for

2
bootstrap.yml
View File

@ -1,6 +1,6 @@
--- ---
- hosts: all - hosts: all
sudo: false become: false
gather_facts: false gather_facts: false
vars_files: vars_files:
#- production_config.yml #- production_config.yml

6
playbook.yml
View File

@ -1,12 +1,12 @@
--- ---
- hosts: all - hosts: all
sudo: yes become: yes
gather_facts: True gather_facts: True
vars_files: vars_files:
- config.yml - config.yml
roles: roles:
- { role: rvm_io.rvm1-ruby, tags: ruby, sudo: True } - { role: rvm_io.rvm1-ruby, tags: ruby, become: True }
- { role: easyredmine, sudo: no } - { role: easyredmine, become: no }
tasks: tasks:

6
roles/easyredmine/handlers/main.yml
View File

@ -4,13 +4,13 @@
- name: restart nginx - name: restart nginx
service: name=nginx service: name=nginx
state=restarted state=restarted
sudo: yes become: yes
- name: restart firewalld - name: restart firewalld
service: name=firewalld service: name=firewalld
state=restarted state=restarted
sudo: yes become: yes
- name: rebuild mail aliases - name: rebuild mail aliases
command: /usr/bin/newaliases command: /usr/bin/newaliases
sudo: yes become: yes

4
roles/easyredmine/tasks/attachments_storage.yml
View File

@ -9,14 +9,14 @@
- file: path='{{ redmine_files_nfs_mount }}' - file: path='{{ redmine_files_nfs_mount }}'
state=directory state=directory
sudo: yes become: yes
- mount: name='{{ redmine_files_nfs_mount }}' - mount: name='{{ redmine_files_nfs_mount }}'
src='{{ redmine_files_nfs_source }}' src='{{ redmine_files_nfs_source }}'
fstype=nfs fstype=nfs
opts=rsize=32768,wsize=32768,tcp,hard,nointr opts=rsize=32768,wsize=32768,tcp,hard,nointr
state=mounted state=mounted
sudo: yes become: yes
- name: set attachments_storage_path in configuration.yml - name: set attachments_storage_path in configuration.yml
lineinfile: > lineinfile: >

8
roles/easyredmine/tasks/database.yml
View File

@ -1,6 +1,6 @@
- name: install mysql, mariadb packages - name: install mysql, mariadb packages
yum: name='{{ item }}' yum: name='{{ item }}'
sudo: yes become: yes
with_items: with_items:
- mysql-devel - mysql-devel
- mariadb-server - mariadb-server
@ -9,14 +9,14 @@
- service: name='{{ redmine_db_service_provider }}' - service: name='{{ redmine_db_service_provider }}'
state=started state=started
sudo: yes become: yes
- mysql_db: name='{{ redmine_db_name }}' - mysql_db: name='{{ redmine_db_name }}'
state=present state=present
encoding=utf8 encoding=utf8
login_user='{{ mysql_admin_login }}' login_user='{{ mysql_admin_login }}'
login_password='{{ mysql_admin_password }}' login_password='{{ mysql_admin_password }}'
sudo: yes become: yes
register: redmine_db_created register: redmine_db_created
# source database may not have same name as VM db. # source database may not have same name as VM db.
@ -51,5 +51,5 @@
append_privs=yes append_privs=yes
priv='{{ redmine_db_name }}.*:ALL' priv='{{ redmine_db_name }}.*:ALL'
state=present state=present
sudo: yes become: yes

18
roles/easyredmine/tasks/firewall.yml
View File

@ -2,18 +2,18 @@
- service: name=firewalld - service: name=firewalld
state=started state=started
enabled=yes enabled=yes
sudo: yes become: yes
- firewalld: service=https - firewalld: service=https
permanent=true permanent=true
state=enabled state=enabled
sudo: yes become: yes
notify: restart firewalld notify: restart firewalld
- firewalld: service=http - firewalld: service=http
permanent=true permanent=true
state=enabled state=enabled
sudo: yes become: yes
notify: restart firewalld notify: restart firewalld
- firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept' - firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
@ -24,32 +24,32 @@
- 192.168.0.0/16 - 192.168.0.0/16
- 172.16.0.0/16 - 172.16.0.0/16
- 128.91.49.0/24 - 128.91.49.0/24
sudo: yes become: yes
notify: restart firewalld notify: restart firewalld
when: is_production_vm == True when: is_production_vm == True
- firewalld: service=ssh - firewalld: service=ssh
permanent=true permanent=true
state=disabled state=disabled
sudo: yes become: yes
notify: restart firewalld notify: restart firewalld
when: is_production_vm == True when: is_production_vm == True
- name: define new icmp types for timestamp responses - name: define new icmp types for timestamp responses
copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml' copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml'
src='{{ item }}.xml' src='{{ item }}.xml'
sudo: yes become: yes
with_items: with_items:
- timestamp-reply - timestamp-reply
- timestamp-request - timestamp-request
- name: load new icmp types for timestamp responses - name: load new icmp types for timestamp responses
command: firewall-cmd --reload command: firewall-cmd --reload
sudo: yes become: yes
- name: disable icmp timestamp responses - name: disable icmp timestamp responses
command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }} command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
sudo: yes become: yes
with_items: with_items:
- timestamp-reply - timestamp-reply
- timestamp-request - timestamp-request
@ -58,4 +58,4 @@
- name: restart firewalld - name: restart firewalld
service: name=firewalld service: name=firewalld
state=restarted state=restarted
sudo: yes become: yes

18
roles/easyredmine/tasks/main.yml
View File

@ -1,15 +1,21 @@
--- ---
- include: system.yml tags=system - include: system.yml
tags: system
- include: firewall.yml tags=firewall - include: firewall.yml
tags: firewall
- include: database.yml tags=database - include: database.yml
tags: database
when: do_database_management == True when: do_database_management == True
- include: redmine.yml tags=redmine - include: redmine.yml
tags: redmine
- include: nginx.yml tags=nginx - include: nginx.yml
tags: nginx
- include: attachments_storage.yml tags=attachments_storage - include: attachments_storage.yml
tags: attachments_storage
when: is_production_vm == True when: is_production_vm == True

24
roles/easyredmine/tasks/nginx.yml
View File

@ -1,22 +1,22 @@
- get_url: url=https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo - get_url: url=https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
dest=/etc/yum.repos.d/passenger.repo dest=/etc/yum.repos.d/passenger.repo
sudo: yes become: yes
- rpm_key: key=https://packagecloud.io/gpg.key - rpm_key: key=https://packagecloud.io/gpg.key
sudo: yes become: yes
# this makecache is mostly because I can not find any other way to fully # this makecache is mostly because I can not find any other way to fully
# import the GPG. key for the Passenger repo. 'rpm --import' is not # import the GPG. key for the Passenger repo. 'rpm --import' is not
# sufficient. # sufficient.
- command: yum -q makecache -y --disablerepo='*' --enablerepo='passenger*' - command: /usr/bin/yum -q makecache -y --disablerepo='*' --enablerepo='passenger*'
sudo: yes become: yes
changed_when: False changed_when: False
- yum: name=epel-release - yum: name=epel-release
sudo: yes become: yes
- name: install nginx, passenger - name: install nginx, passenger
yum: name='{{ item }}' yum: name='{{ item }}'
sudo: yes become: yes
with_items: with_items:
- nginx - nginx
- passenger - passenger
@ -27,31 +27,31 @@
# https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score # https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score
- name: generate new Diffie-Hellman group - name: generate new Diffie-Hellman group
command: 'openssl dhparam -out {{ dharam_pem_path }} 2048' command: 'openssl dhparam -out {{ dharam_pem_path }} 2048'
sudo: yes become: yes
notify: restart nginx notify: restart nginx
when: dharam_pem.stat.exists == False when: dharam_pem.stat.exists == False
- template: dest='/etc/nginx/conf.d/easyredmine.conf' - template: dest='/etc/nginx/conf.d/easyredmine.conf'
src=easyredmine.conf.j2 src=easyredmine.conf.j2
sudo: yes become: yes
notify: restart nginx notify: restart nginx
- template: dest='/etc/nginx/nginx.conf' - template: dest='/etc/nginx/nginx.conf'
src=nginx.conf.j2 src=nginx.conf.j2
sudo: yes become: yes
notify: restart nginx notify: restart nginx
- template: dest=/etc/nginx/conf.d/passenger.conf - template: dest=/etc/nginx/conf.d/passenger.conf
src=passenger.conf.j2 src=passenger.conf.j2
sudo: yes become: yes
notify: restart nginx notify: restart nginx
- copy: dest='/etc/pki/tls/certs/{{ ansible_fqdn }}.pem' - copy: dest='/etc/pki/tls/certs/{{ ansible_fqdn }}.pem'
src='{{ nginx_pem }}' src='{{ nginx_pem }}'
sudo: yes become: yes
notify: restart nginx notify: restart nginx
- service: name=nginx - service: name=nginx
state=started state=started
enabled=yes enabled=yes
sudo: yes become: yes

34
roles/easyredmine/tasks/redmine.yml
View File

@ -1,6 +1,6 @@
- name: install redmine package depdendencies - name: install redmine package depdendencies
yum: name='{{ item }}' yum: name='{{ item }}'
sudo: yes become: yes
with_items: with_items:
- mysql-devel - mysql-devel
- unzip - unzip
@ -18,7 +18,7 @@
gem: name='{{ item }}' gem: name='{{ item }}'
user_install=no user_install=no
executable=/usr/local/bin/gem # RVM's version executable=/usr/local/bin/gem # RVM's version
sudo: yes become: yes
with_items: with_items:
- bundler - bundler
- redmine-installer - redmine-installer
@ -26,7 +26,7 @@
- name: installer package is present? - name: installer package is present?
stat: path='{{ installer_package_path }}' stat: path='{{ installer_package_path }}'
register: has_installer_package register: has_installer_package
sudo: no become: no
changed_when: false changed_when: false
- name: download installer - name: download installer
@ -35,37 +35,37 @@
mode=0640 mode=0640
force=no force=no
when: has_installer_package.stat.exists == False when: has_installer_package.stat.exists == False
sudo: no become: no
- name: add redmine installation wrapper script - name: add redmine installation wrapper script
template: dest='{{ _redmine_install_wrapper }}' template: dest='{{ _redmine_install_wrapper }}'
src=install_wrapper.j2 src=install_wrapper.j2
mode=750 mode=750
sudo: no become: no
- name: delete contents of redmine root directory - name: delete contents of redmine root directory
file: path='{{ redmine_root_dir }}' file: path='{{ redmine_root_dir }}'
state=absent state=absent
sudo: yes become: yes
when: redmine_db_created|changed when: redmine_db_created is defined and redmine_db_created|changed
- name: make installation directory - name: make installation directory
file: path='{{ redmine_root_dir }}' file: path='{{ redmine_root_dir }}'
state=directory state=directory
owner='{{ redmine_owner }}' owner='{{ redmine_owner }}'
mode=755 mode=755
sudo: yes become: yes
register: mk_redmine_root_dir register: mk_redmine_root_dir
- name: run redmine installer - name: run redmine installer
shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }}' shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }} > ~/install.log'
when: mk_redmine_root_dir|changed and do_redmine_installer == True when: mk_redmine_root_dir|changed and do_redmine_installer == True
register: installer_run register: installer_run
sudo: no become: no
- copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake' - copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake'
src='ebrc_settings.rake' src='ebrc_settings.rake'
sudo: yes become: yes
- name: restrict config permissions - name: restrict config permissions
file: path='{{ redmine_root_dir }}/config' file: path='{{ redmine_root_dir }}/config'
@ -75,7 +75,7 @@
command: 'rake redmine:ebrc_settings RAILS_ENV=production' command: 'rake redmine:ebrc_settings RAILS_ENV=production'
args: args:
chdir: '{{ redmine_root_dir }}' chdir: '{{ redmine_root_dir }}'
sudo: no become: no
when: do_redmine_installer == True when: do_redmine_installer == True
- name: adding run_tasks crontab - name: adding run_tasks crontab
@ -83,33 +83,33 @@
minute="*/15" minute="*/15"
job='cd {{ redmine_root_dir }} && /usr/local/bin/bundle exec rake easyproject:scheduler:run_tasks RAILS_ENV=production > /dev/null' job='cd {{ redmine_root_dir }} && /usr/local/bin/bundle exec rake easyproject:scheduler:run_tasks RAILS_ENV=production > /dev/null'
user='{{ redmine_owner }}' user='{{ redmine_owner }}'
sudo: yes become: yes
- name: add redmine IMAP fetch script - name: add redmine IMAP fetch script
template: dest='{{ redmine_root_dir }}/script/redmine_receive_imap' template: dest='{{ redmine_root_dir }}/script/redmine_receive_imap'
src=redmine_receive_imap.j2 src=redmine_receive_imap.j2
mode=750 mode=750
sudo: no become: no
- name: add redmine repository fetch script - name: add redmine repository fetch script
template: dest='{{ redmine_root_dir }}/script/redmine_fetch_changesets' template: dest='{{ redmine_root_dir }}/script/redmine_fetch_changesets'
src=redmine_fetch_changesets.j2 src=redmine_fetch_changesets.j2
mode=750 mode=750
sudo: no become: no
- name: adding redmine_receive_imap crontab - name: adding redmine_receive_imap crontab
cron: name="fetch from imap" cron: name="fetch from imap"
minute="*/5" minute="*/5"
job="({{ redmine_root_dir }}/script/redmine_receive_imap 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_receive_imap" job="({{ redmine_root_dir }}/script/redmine_receive_imap 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_receive_imap"
user='{{ redmine_owner }}' user='{{ redmine_owner }}'
sudo: yes become: yes
- name: adding redmine_fetch_changesets crontab - name: adding redmine_fetch_changesets crontab
cron: name="fetch from repository" cron: name="fetch from repository"
minute="*/5" minute="*/5"
job="({{ redmine_root_dir }}/script/redmine_fetch_changesets 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_fetch_changesets" job="({{ redmine_root_dir }}/script/redmine_fetch_changesets 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_fetch_changesets"
user='{{ redmine_owner }}' user='{{ redmine_owner }}'
sudo: yes become: yes
- name: set session cookie as secure - name: set session cookie as secure
lineinfile: > lineinfile: >

6
roles/easyredmine/tasks/system.yml
View File

@ -2,7 +2,7 @@
- name: install system tools - name: install system tools
yum: name='{{ item }}' yum: name='{{ item }}'
sudo: yes become: yes
with_items: with_items:
- rsync - rsync
- strace - strace
@ -28,13 +28,13 @@
- service: name=sendmail - service: name=sendmail
state=started state=started
enabled=yes enabled=yes
sudo: yes become: yes
- name: set up redmine user mail aliases - name: set up redmine user mail aliases
lineinfile: > lineinfile: >
dest=/etc/aliases dest=/etc/aliases
regexp="\b{{ redmine_owner }}" regexp="\b{{ redmine_owner }}"
line="{{ redmine_owner }}: {{ redmine_mail_alias }}" line="{{ redmine_owner }}: {{ redmine_mail_alias }}"
sudo: yes become: yes
notify: rebuild mail aliases notify: rebuild mail aliases