updates for Ansible 2.x

2024-12-16 15:30:34 +00:00 · 2016-07-13 23:15:07 -04:00 · 2016-07-13 23:15:07 -04:00 · 1093492b46
commit 1093492b46
parent 29e63763cd
11 changed files with 76 additions and 60 deletions
--- a/README.md
+++ b/README.md
@ -54,6 +54,16 @@ redmine installer (if run).
 `redmine_root_dir` does not exist or if there is a detected change in
 the database (e.g. you drop it and let Ansible recreate it).

+**Note:** The `run redmine installer` Ansible task can take a long time
+and there is no stdout to the console to indicate progress. The
+installer includes installing several Ruby gems and database migration
+steps so the installer run time is affected by network speed and
+database state. On the other hand the installer may prompt for input
+that the expect script is not expecting. This causes the installer to
+hang indefinitely waiting for input that the non-interactive script
+cannot provide. The `~/install.log` captures the stdout of the process
+and should be consulted to check for running state.
+
 ## Production Installation

 See https://wiki.apidb.org/index.php/EasyRedmineVM for instructions for
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -1,6 +1,6 @@
 ---
 - hosts: all
-  sudo: false
+  become: false
  gather_facts: false
  vars_files:
    #- production_config.yml
--- a/playbook.yml
+++ b/playbook.yml
@ -1,12 +1,12 @@
 ---
 - hosts: all
-  sudo: yes
+  become: yes
  gather_facts: True
  vars_files:
    - config.yml

  roles:
-    - { role: rvm_io.rvm1-ruby, tags: ruby, sudo: True }
-    - { role: easyredmine, sudo: no }
+    - { role: rvm_io.rvm1-ruby, tags: ruby, become: True }
+    - { role: easyredmine, become: no }

  tasks:
--- a/roles/easyredmine/handlers/main.yml
+++ b/roles/easyredmine/handlers/main.yml
@ -4,13 +4,13 @@
 - name: restart nginx
  service: name=nginx
           state=restarted
-  sudo: yes
+  become: yes

 - name: restart firewalld
  service: name=firewalld
           state=restarted
-  sudo: yes
+  become: yes

 - name: rebuild mail aliases
  command: /usr/bin/newaliases
-  sudo: yes
+  become: yes
--- a/roles/easyredmine/tasks/attachments_storage.yml
+++ b/roles/easyredmine/tasks/attachments_storage.yml
@ -9,14 +9,14 @@

 - file: path='{{ redmine_files_nfs_mount }}'
        state=directory
-  sudo: yes
+  become: yes

 - mount: name='{{ redmine_files_nfs_mount }}'
         src='{{ redmine_files_nfs_source }}'
         fstype=nfs
         opts=rsize=32768,wsize=32768,tcp,hard,nointr
         state=mounted
-  sudo: yes
+  become: yes

 - name: set attachments_storage_path in configuration.yml
  lineinfile: >
--- a/roles/easyredmine/tasks/database.yml
+++ b/roles/easyredmine/tasks/database.yml
@ -1,6 +1,6 @@
 - name: install mysql, mariadb packages
  yum: name='{{ item }}'
-  sudo: yes
+  become: yes
  with_items:
    - mysql-devel
    - mariadb-server
@ -9,14 +9,14 @@

 - service: name='{{ redmine_db_service_provider }}'
           state=started
-  sudo: yes
+  become: yes

 - mysql_db: name='{{ redmine_db_name }}'
            state=present
            encoding=utf8
            login_user='{{ mysql_admin_login }}'
            login_password='{{ mysql_admin_password }}'
-  sudo: yes
+  become: yes
  register: redmine_db_created

 # source database may not have same name as VM db.
@ -51,5 +51,5 @@
              append_privs=yes
              priv='{{ redmine_db_name }}.*:ALL'
              state=present
-  sudo: yes
+  become: yes

--- a/roles/easyredmine/tasks/firewall.yml
+++ b/roles/easyredmine/tasks/firewall.yml
@ -2,18 +2,18 @@
 - service: name=firewalld
           state=started
           enabled=yes
-  sudo: yes
+  become: yes

 - firewalld: service=https
             permanent=true
             state=enabled
-  sudo: yes
+  become: yes
  notify: restart firewalld

 - firewalld: service=http
             permanent=true
             state=enabled
-  sudo: yes
+  become: yes
  notify: restart firewalld

 - firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
@ -24,32 +24,32 @@
    - 192.168.0.0/16
    - 172.16.0.0/16
    - 128.91.49.0/24
-  sudo: yes
+  become: yes
  notify: restart firewalld
  when: is_production_vm == True

 - firewalld: service=ssh
             permanent=true
             state=disabled
-  sudo: yes
+  become: yes
  notify: restart firewalld
  when: is_production_vm == True

 - name: define new icmp types for timestamp responses
  copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml'
        src='{{ item }}.xml'
-  sudo: yes
+  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request

 - name: load new icmp types for timestamp responses
  command: firewall-cmd --reload
-  sudo: yes
+  become: yes

 - name: disable icmp timestamp responses
  command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
-  sudo: yes
+  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request
@ -58,4 +58,4 @@
 - name: restart firewalld
  service: name=firewalld
           state=restarted
-  sudo: yes
+  become: yes
--- a/roles/easyredmine/tasks/main.yml
+++ b/roles/easyredmine/tasks/main.yml
@ -1,15 +1,21 @@
 ---

- include: system.yml tags=system
+- include: system.yml
+  tags: system

- include: firewall.yml tags=firewall
+- include: firewall.yml
+  tags: firewall

- include: database.yml tags=database
+- include: database.yml
+  tags: database
  when: do_database_management == True

- include: redmine.yml tags=redmine
+- include: redmine.yml 
+  tags: redmine

- include: nginx.yml tags=nginx
+- include: nginx.yml 
+  tags: nginx

- include: attachments_storage.yml tags=attachments_storage
+- include: attachments_storage.yml
+  tags: attachments_storage
  when: is_production_vm == True
--- a/roles/easyredmine/tasks/nginx.yml
+++ b/roles/easyredmine/tasks/nginx.yml
@ -1,22 +1,22 @@
 - get_url: url=https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
           dest=/etc/yum.repos.d/passenger.repo
-  sudo: yes
+  become: yes
 - rpm_key: key=https://packagecloud.io/gpg.key
-  sudo: yes
+  become: yes

 # this makecache is mostly because I can not find any other way to fully
 # import the GPG. key for the Passenger repo. 'rpm --import' is not
 # sufficient.
- command: yum -q makecache -y --disablerepo='*' --enablerepo='passenger*'
-  sudo: yes
+- command: /usr/bin/yum -q makecache -y --disablerepo='*' --enablerepo='passenger*'
+  become: yes
  changed_when: False

 - yum: name=epel-release
-  sudo: yes
+  become: yes

 - name: install nginx, passenger
  yum: name='{{ item }}'
-  sudo: yes
+  become: yes
  with_items:
    - nginx
    - passenger
@ -27,31 +27,31 @@
 # https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score
 - name: generate new Diffie-Hellman group
  command: 'openssl dhparam -out {{ dharam_pem_path }} 2048'
-  sudo: yes
+  become: yes
  notify: restart nginx
  when: dharam_pem.stat.exists == False

 - template: dest='/etc/nginx/conf.d/easyredmine.conf'
            src=easyredmine.conf.j2
-  sudo: yes
+  become: yes
  notify: restart nginx

 - template: dest='/etc/nginx/nginx.conf'
            src=nginx.conf.j2
-  sudo: yes
+  become: yes
  notify: restart nginx

 - template: dest=/etc/nginx/conf.d/passenger.conf
            src=passenger.conf.j2
-  sudo: yes
+  become: yes
  notify: restart nginx

 - copy: dest='/etc/pki/tls/certs/{{ ansible_fqdn }}.pem'
        src='{{ nginx_pem }}'
-  sudo: yes
+  become: yes
  notify: restart nginx

 - service: name=nginx
           state=started
           enabled=yes
-  sudo: yes
+  become: yes
--- a/roles/easyredmine/tasks/redmine.yml
+++ b/roles/easyredmine/tasks/redmine.yml
@ -1,6 +1,6 @@
 - name: install redmine package depdendencies
  yum: name='{{ item }}'
-  sudo: yes
+  become: yes
  with_items:
    - mysql-devel
    - unzip
@ -18,7 +18,7 @@
  gem: name='{{ item }}'
       user_install=no
       executable=/usr/local/bin/gem # RVM's version
-  sudo: yes
+  become: yes
  with_items:
    - bundler
    - redmine-installer
@ -26,7 +26,7 @@
 - name: installer package is present?
  stat: path='{{ installer_package_path }}'
  register: has_installer_package
-  sudo: no
+  become: no
  changed_when: false

 - name: download installer
@ -35,37 +35,37 @@
           mode=0640
           force=no
  when: has_installer_package.stat.exists == False
-  sudo: no
+  become: no

 - name: add redmine installation wrapper script
  template: dest='{{ _redmine_install_wrapper }}'
            src=install_wrapper.j2
            mode=750
-  sudo: no
+  become: no

 - name: delete contents of redmine root directory
  file: path='{{ redmine_root_dir }}'
        state=absent
-  sudo: yes
-  when: redmine_db_created|changed
+  become: yes
+  when: redmine_db_created is defined and redmine_db_created|changed

 - name: make installation directory
  file: path='{{ redmine_root_dir }}'
        state=directory
        owner='{{ redmine_owner }}'
        mode=755
-  sudo: yes
+  become: yes
  register: mk_redmine_root_dir

 - name: run redmine installer
-  shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }}'
+  shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }} > ~/install.log'
  when: mk_redmine_root_dir|changed and do_redmine_installer == True
  register: installer_run
-  sudo: no
+  become: no

 - copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake'
        src='ebrc_settings.rake'
-  sudo: yes
+  become: yes

 - name: restrict config permissions
  file: path='{{ redmine_root_dir }}/config'
@ -75,7 +75,7 @@
  command: 'rake redmine:ebrc_settings RAILS_ENV=production'
  args:
    chdir: '{{ redmine_root_dir }}'
-  sudo: no
+  become: no
  when: do_redmine_installer == True

 - name: adding run_tasks crontab
@ -83,33 +83,33 @@
        minute="*/15"
        job='cd {{ redmine_root_dir }} && /usr/local/bin/bundle exec rake easyproject:scheduler:run_tasks RAILS_ENV=production > /dev/null'
        user='{{ redmine_owner }}'
-  sudo: yes
+  become: yes

 - name: add redmine IMAP fetch script
  template: dest='{{ redmine_root_dir }}/script/redmine_receive_imap'
            src=redmine_receive_imap.j2
            mode=750
-  sudo: no
+  become: no

 - name: add redmine repository fetch script
  template: dest='{{ redmine_root_dir }}/script/redmine_fetch_changesets'
            src=redmine_fetch_changesets.j2
            mode=750
-  sudo: no
+  become: no

 - name: adding redmine_receive_imap crontab
  cron: name="fetch from imap"
        minute="*/5"
        job="({{ redmine_root_dir }}/script/redmine_receive_imap 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_receive_imap"
        user='{{ redmine_owner }}'
-  sudo: yes
+  become: yes

 - name: adding redmine_fetch_changesets crontab
  cron: name="fetch from repository"
        minute="*/5"
        job="({{ redmine_root_dir }}/script/redmine_fetch_changesets 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_fetch_changesets"
        user='{{ redmine_owner }}'
-  sudo: yes
+  become: yes

 - name: set session cookie as secure
  lineinfile: >
--- a/roles/easyredmine/tasks/system.yml
+++ b/roles/easyredmine/tasks/system.yml
@ -2,7 +2,7 @@

 - name: install system tools
  yum: name='{{ item }}'
-  sudo: yes
+  become: yes
  with_items:
    - rsync
    - strace
@ -28,13 +28,13 @@
 - service: name=sendmail
           state=started
           enabled=yes
-  sudo: yes
+  become: yes

 - name: set up redmine user mail aliases
  lineinfile: >
    dest=/etc/aliases
    regexp="\b{{ redmine_owner }}"
    line="{{ redmine_owner }}: {{ redmine_mail_alias }}"
-  sudo: yes
+  become: yes
  notify: rebuild mail aliases