diff --git a/.gitignore b/.gitignore index 1a524fe..a924d1f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +production_inventory +production_config.yml .DS_Store .vagrant scratch/* diff --git a/README.md b/README.md index 9fdc8ea..d70e365 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,10 @@ Once provisioned, Redmine should be available at http://redmine.vm.apidb.org/ ## Requirements +- `rvm1-ansible` Ansible module + + ansible-galaxy install rvm_io.rvm1-ruby + - `scratch/redmine_dump.sql.gz` - a mysql dump of our production database. _(One of the daily backups on our production Redmine server is suitable. See `/var/lib/mysql.backups/daily/redmine/`.)_ diff --git a/bootstrap.yml b/bootstrap.yml index d1f9085..5228bf8 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -1,14 +1,15 @@ --- - hosts: all - sudo: yes + sudo: false gather_facts: false - vars_files: - - config.yml + #vars_files: + # - production_config.yml tasks: - + - name: Create user of Redmine installation user: name='{{ redmine_owner }}' + state=present ssh_key_file=.ssh/id_rsa - name: Set up authorized_keys for the redmine account diff --git a/config.yml b/config.yml index 5e70f56..3ee0526 100644 --- a/config.yml +++ b/config.yml @@ -1,15 +1,19 @@ -redmine_owner: redmine +redmine_mail_alias: redmine@localhost +redmine_owner: vagrant redmine_owner_ssh_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvijH8y7CL9TxWCucjgXRa2q3l0Nc9JW7/SAFHVgt/FYClenS0DMN0nGm1I4z2mtftt8gHz5f6PNqyvfc3F0JcOqiuH9qP79FQ6c8rDmqQEqOuBrufPX11y/9IESIJ0aQ5feQP+WooR6bo/O7BFJS005S3foA/iLphf+smLrW44k= mheiges@sapote.local +do_database_management: True # no import unless management == true do_redmine_db_import: True do_redmine_installer: True -cache_dir: /vagrant/scratch +remote_scratch_path: /vagrant/scratch nginx_pem: redmine.vm-rsa.pem installer_package_name: easyredmine_package_u2072_d201511101601.zip -installer_package_path: '{{ cache_dir }}/{{ installer_package_name }}' +installer_package_path: '{{ remote_scratch_path }}/{{ installer_package_name }}' installer_package_url: 'http://software.apidb.org/source/{{ installer_package_name }}' -redmine_db_dump_file: '{{ cache_dir }}/redmine_unmigrated_dump.sql.gz' +redmine_db_dump_file: '{{ remote_scratch_path }}/redmine_unmigrated_dump.sql.gz' redmine_root_dir: /opt/easyredmine +mysql_admin_login: root +mysql_admin_password: '' redmine_db_service_provider: mariadb # or mysqld redmine_db_name: easyredmine redmine_db_host: localhost @@ -17,10 +21,20 @@ redmine_db_user: redmine redmine_db_password: '@redmin3r' redmine_db_encoding: utf8 redmine_db_port: 3306 -redmine_email_addr: mheiges@uga.edu -redmine_email_port: 587 -sendmail_path: /usr/sbin/sendmail -sendmail_args: -i -t +smtp_address: localhost +smtp_port: 587 +smtp_domain: smtpdomain +smtp_username: smtpuser +smtp_password: smtppassword +smtp_authentication: plain +smtp_enable_starttls: true +ruby_version: 2.1.3 _redmine_db_import_file: /tmp/redmine_dump.sql _redmine_db_import_success: /tmp/redmine_db_import_success _redmine_install_wrapper: '/home/{{ redmine_owner }}/install_wrapper' + +# rvm1-ansible module vars +rvm1_rubies: + - 'ruby-{{ ruby_version }}' +rvm1_rvm_check_for_updates: False + diff --git a/playbook.yml b/playbook.yml index c02fbba..33d9c8b 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,6 +6,7 @@ - config.yml roles: + - { role: rvm_io.rvm1-ruby, tags: ruby, sudo: True } - { role: easyredmine, sudo: no } tasks: diff --git a/roles/easyredmine/files/rvm_install b/roles/easyredmine/files/rvm_install new file mode 100644 index 0000000..491801b --- /dev/null +++ b/roles/easyredmine/files/rvm_install @@ -0,0 +1,888 @@ +#!/usr/bin/env bash + +# RVM install script from https://get.rvm.io/ + +shopt -s extglob +set -o errtrace +set -o errexit + +rvm_install_initialize() +{ + DEFAULT_SOURCES=(github.com/rvm/rvm bitbucket.org/mpapis/rvm) + + BASH_MIN_VERSION="3.2.25" + if + [[ -n "${BASH_VERSION:-}" && + "$(\printf "%b" "${BASH_VERSION:-}\n${BASH_MIN_VERSION}\n" | LC_ALL=C \sort -t"." -k1,1n -k2,2n -k3,3n | \head -n1)" != "${BASH_MIN_VERSION}" + ]] + then + echo "BASH ${BASH_MIN_VERSION} required (you have $BASH_VERSION)" + exit 1 + fi + + export HOME PS4 + export rvm_trace_flag rvm_debug_flag rvm_user_install_flag rvm_ignore_rvmrc rvm_prefix rvm_path + + PS4="+ \${BASH_SOURCE##\${rvm_path:-}} : \${FUNCNAME[0]:+\${FUNCNAME[0]}()} \${LINENO} > " +} + +log() { printf "%b\n" "$*"; } +debug(){ [[ ${rvm_debug_flag:-0} -eq 0 ]] || printf "%b\n" "Running($#): $*"; } +fail() { log "\nERROR: $*\n" ; exit 1 ; } + +rvm_install_commands_setup() +{ + \which which >/dev/null 2>&1 || fail "Could not find 'which' command, make sure it's available first before continuing installation." + if + [[ -z "${rvm_tar_command:-}" ]] && builtin command -v gtar >/dev/null + then + rvm_tar_command=gtar + elif + ${rvm_tar_command:-tar} --help 2>&1 | GREP_OPTIONS="" \grep -- --strip-components >/dev/null + then + rvm_tar_command="${rvm_tar_command:-tar}" + else + case "$(uname)" in + (OpenBSD) + log "Trying to install GNU version of tar, might require sudo password" + if (( UID )) + then sudo pkg_add -z gtar-1 + else pkg_add -z gtar-1 + fi + rvm_tar_command=gtar + ;; + (Darwin|FreeBSD|DragonFly) # it's not possible to autodetect on OSX, the help/man does not mention all flags + rvm_tar_command=tar + ;; + (SunOS) + case "$(uname -r)" in + (5.10) + log "Trying to install GNU version of tar, might require sudo password" + if (( UID )) + then + if \which sudo >/dev/null 2>&1 + then sudo_10=sudo + elif \which /opt/csw/bin/sudo >/dev/null 2>&1 + then sudo_10=/opt/csw/bin/sudo + else fail "sudo is required but not found. You may install sudo from OpenCSW repository (http://opencsw.org/about)" + fi + pkginfo -q CSWpkgutil || $sudo_10 pkgadd -a $rvm_path/config/solaris/noask -d http://get.opencsw.org/now CSWpkgutil + sudo /opt/csw/bin/pkgutil -iy CSWgtar -t http://mirror.opencsw.org/opencsw/unstable + else + pkginfo -q CSWpkgutil || pkgadd -a $rvm_path/config/solaris/noask -d http://get.opencsw.org/now CSWpkgutil + /opt/csw/bin/pkgutil -iy CSWgtar -t http://mirror.opencsw.org/opencsw/unstable + fi + rvm_tar_command=/opt/csw/bin/gtar + ;; + (*) + rvm_tar_command=tar + ;; + esac + esac + builtin command -v ${rvm_tar_command:-gtar} >/dev/null || + fail "Could not find GNU compatible version of 'tar' command, make sure it's available first before continuing installation." + fi + if + [[ " ${rvm_tar_options:-} " != *" --no-same-owner "* ]] && + $rvm_tar_command --help 2>&1 | GREP_OPTIONS="" \grep -- --no-same-owner >/dev/null + then + rvm_tar_options="${rvm_tar_options:-}${rvm_tar_options:+ }--no-same-owner" + fi +} + +usage() +{ + printf "%b" " + +Usage + + rvm-installer [options] [action] + +Options + + [[--]version] + + The version or tag to install. Valid values are: + + latest - The latest tagged version. + latest-minor - The latest minor version of the current major version. + latest- - The latest minor version of version x. + latest-. - The latest patch version of version x.y. + .. - Major version x, minor version y and patch z. + + [--]branch + + The name of the branch from which RVM is installed. This option can be used + with the following formats for : + + / + + If account is wayneeseguin or mpapis, installs from one of the following: + + https://github.com/rvm/rvm/archive/master.tar.gz + https://bitbucket.org/mpapis/rvm/get/master.tar.gz + + Otherwise, installs from: + + https://github.com//rvm/archive/master.tar.gz + + / + + If account is wayneeseguin or mpapis, installs from one of the following: + + https://github.com/rvm/rvm/archive/.tar.gz + https://bitbucket.org/mpapis/rvm/get/.tar.gz + + Otherwise, installs from: + + https://github.com//rvm/archive/.tar.gz + + [/] + + Installs the branch from one of the following: + + https://github.com/rvm/rvm/archive/.tar.gz + https://bitbucket.org/mpapis/rvm/get/.tar.gz + + [--]source + + Defines the repository from which RVM is retrieved and installed in the format: + + // + + Where: + + - Is bitbucket.org, github.com or a github enterprise site serving + an RVM repository. + - Is the user account in which the RVM repository resides. + - Is the name of the RVM repository. + + Note that when using the [--]source option, one should only use the [/]branch format + with the [--]branch option. Failure to do so will result in undefined behavior. + + --trace + + Provides debug logging for the installation script. +Actions + + master - Installs RVM from the master branch at rvm/rvm on github or mpapis/rvm + on bitbucket.org. + stable - Installs RVM from the stable branch a rvm/rvm on github or mpapis/rvm + on bitbucket.org. + help - Displays this output. + +" +} + +## duplication marker 32fosjfjsznkjneuera48jae +__rvm_curl_output_control() +{ + if + (( ${rvm_quiet_curl_flag:-0} == 1 )) + then + __flags+=( "--silent" "--show-error" ) + elif + [[ " $*" == *" -s"* || " $*" == *" --silent"* ]] + then + # make sure --show-error is used with --silent + [[ " $*" == *" -S"* || " $*" == *" -sS"* || " $*" == *" --show-error"* ]] || + { + __flags+=( "--show-error" ) + } + fi +} + +## duplication marker 32fosjfjsznkjneuera48jae +# -S is automatically added to -s +__rvm_curl() +( + __rvm_which curl >/dev/null || + { + rvm_error "RVM requires 'curl'. Install 'curl' first and try again." + return 200 + } + + typeset -a __flags + __flags=( --fail --location --max-redirs 10 ) + + [[ "$*" == *"--max-time"* ]] || + [[ "$*" == *"--connect-timeout"* ]] || + __flags+=( --connect-timeout 30 --retry-delay 2 --retry 3 ) + + if [[ -n "${rvm_proxy:-}" ]] + then __flags+=( --proxy "${rvm_proxy:-}" ) + fi + + __rvm_curl_output_control + + unset curl + __rvm_debug_command \curl "${__flags[@]}" "$@" || return $? +) + +rvm_error() { printf "ERROR: %b\n" "$*"; } +__rvm_which(){ which "$@" || return $?; true; } +__rvm_debug_command() +{ + debug "Running($#): $*" + "$@" || return $? + true +} +rvm_is_a_shell_function() +{ + [[ -t 0 && -t 1 ]] || return $? + return ${rvm_is_not_a_shell_function:-0} +} + +# Searches the tags for the highest available version matching a given pattern. +# fetch_version (github.com/rvm/rvm bitbucket.org/mpapis/rvm) 1.10. -> 1.10.3 +# fetch_version (github.com/rvm/rvm bitbucket.org/mpapis/rvm) 1.10. -> 1.10.3 +# fetch_version (github.com/rvm/rvm bitbucket.org/mpapis/rvm) 1. -> 1.11.0 +# fetch_version (github.com/rvm/rvm bitbucket.org/mpapis/rvm) "" -> 2.0.1 +fetch_version() +{ + typeset _account _domain _pattern _repo _sources _values _version + _sources=(${!1}) + _pattern=$2 + for _source in "${_sources[@]}" + do + IFS='/' read -r _domain _account _repo <<< "${_source}" + _version="$( + fetch_versions ${_domain} ${_account} ${_repo} | + GREP_OPTIONS="" \grep "^${_pattern:-}" | tail -n 1 + )" + if + [[ -n ${_version} ]] + then + echo "${_version}" + return 0 + fi + done +} + +# Returns a sorted list of all version tags from a repository +fetch_versions() +{ + typeset _account _domain _repo _url + _domain=$1 + _account=$2 + _repo=$3 + case ${_domain} in + (bitbucket.org) + _url=https://${_domain}/api/1.0/repositories/${_account}/${_repo}/branches-tags + ;; + (github.com) + _url=https://api.${_domain}/repos/${_account}/${_repo}/tags + ;; + + (*) + _url=https://${_domain}/api/v3/repos/${_account}/${_repo}/tags + ;; + esac + __rvm_curl -s ${_url} | + \awk -v RS=',' -v FS='"' '$2=="name"{print $4}' | + sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n +} + +install_release() +{ + typeset _source _sources _url _version _verify_pgp + _sources=(${!1}) + _version=$2 + debug "Downloading RVM version ${_version}" + for _source in "${_sources[@]}" + do + case ${_source} in + (bitbucket.org*) + _url="https://${_source}/get/${_version}.tar.gz" + _verify_pgp="https://${_source}/downloads/${_version}.tar.gz.asc" + ;; + (*) + _url="https://${_source}/archive/${_version}.tar.gz" + _verify_pgp="https://${_source}/releases/download/${_version}/${_version}.tar.gz.asc" + ;; + esac + get_and_unpack "${_url}" "rvm-${_version}.tgz" "$_verify_pgp" && return + done + return $? +} + +install_head() +{ + typeset _branch _source _sources _url + _sources=(${!1}) + _branch=$2 + debug "Selected RVM branch ${_branch}" + for _source in "${_sources[@]}" + do + case ${_source} in + (bitbucket.org*) + _url=https://${_source}/get/${_branch}.tar.gz + ;; + (*) + _url=https://${_source}/archive/${_branch}.tar.gz + ;; + esac + get_and_unpack "${_url}" "rvm-${_branch//\//_}.tgz" && return + done + return $? +} + +# duplication marker dfkjdjngdfjngjcszncv +# Drop in cd which _doesn't_ respect cdpath +__rvm_cd() +{ + typeset old_cdpath ret + ret=0 + old_cdpath="${CDPATH}" + CDPATH="." + chpwd_functions="" builtin cd "$@" || ret=$? + CDPATH="${old_cdpath}" + return $ret +} + +get_package() +{ + typeset _url _file + _url="$1" + _file="$2" + log "Downloading ${_url}" + __rvm_curl -sS ${_url} -o ${rvm_archives_path}/${_file} || + { + _return=$? + case $_return in + # duplication marker lfdgzkngdkjvnfjknkjvcnbjkncvjxbn + (60) + log " +Could not download '${_url}', you can read more about it here: +https://rvm.io/support/fixing-broken-ssl-certificates/ +To continue in insecure mode run 'echo insecure >> ~/.curlrc'. +" + ;; + # duplication marker lfdgzkngdkjvnfjknkjvcnbjkncvjxbn + (77) + log " +It looks like you have old certificates, you can read more about it here: +https://rvm.io/support/fixing-broken-ssl-certificates/ +" + ;; + # duplication marker lfdgzkngdkjvnfjknkjvcnbjkncvjxbn + (141) + log " +Curl returned 141 - it is result of a segfault which means it's Curls fault. +Try again and if it crashes more than a couple of times you either need to +reinstall Curl or consult with your distribution manual and contact support. +" + ;; + (*) + log " +Could not download '${_url}'. + curl returned status '$_return'. +" + ;; + esac + return $_return + } +} + +# duplication marker flnglfdjkngjndkfjhsbdjgfghdsgfklgg +rvm_install_gpg_setup() +{ + export rvm_gpg_command + { + rvm_gpg_command="$( \which gpg2 2>/dev/null )" && + [[ ${rvm_gpg_command} != "/cygdrive/"* ]] + } || + rvm_gpg_command="$( \which gpg 2>/dev/null )" || + rvm_gpg_command="" + debug "Detected GPG program: '$rvm_gpg_command'" + [[ -n "$rvm_gpg_command" ]] || return $? +} + +# duplication marker rdjgndfnghdfnhgfdhbghdbfhgbfdhbn +verify_package_pgp() +{ + if + "${rvm_gpg_command}" --verify "$2" "$1" + then + log "GPG verified '$1'" + else + typeset _ret=$? + log "\ +Warning, RVM 1.26.0 introduces signed releases and \ +automated check of signatures when GPG software found. +Assuming you trust Michal Papis import the mpapis public \ +key (downloading the signatures). + +GPG signature verification failed for '$1' - '$3'! +try downloading the signatures: + + ${SUDO_USER:+sudo }${rvm_gpg_command##*/} --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 + +or if it fails: + + command curl -sSL https://rvm.io/mpapis.asc | ${SUDO_USER:+sudo }${rvm_gpg_command##*/} --import - + +the key can be compared with: + + https://rvm.io/mpapis.asc + https://keybase.io/mpapis +" + exit $_ret + fi +} + +verify_pgp() +{ + [[ -n "${1:-}" ]] || + { + debug "No PGP url given, skipping." + return 0 + } + + get_package "$1" "$2.asc" || + { + debug "PGP url given but does not exist: '$1'" + return 0 + } + + rvm_install_gpg_setup || + { + log "Found PGP signature at: '$1', +but no GPG software exists to validate it, skipping." + return 0 + } + + verify_package_pgp "${rvm_archives_path}/$2" "${rvm_archives_path}/$2.asc" "$1" +} + +get_and_unpack() +{ + typeset _url _file _patern _return _verify_pgp + _url="$1" + _file="$2" + _verify_pgp="$3" + + get_package "$_url" "$_file" || return $? + verify_pgp "$_verify_pgp" "$_file" || return $? + + [[ -d "${rvm_src_path}/rvm" ]] || \mkdir -p "${rvm_src_path}/rvm" + __rvm_cd "${rvm_src_path}/rvm" || + { + _return=$? + log "Could not change directory '${rvm_src_path}/rvm'." + return $_return + } + + rm -rf ${rvm_src_path}/rvm/* + __rvm_debug_command $rvm_tar_command xzf ${rvm_archives_path}/${_file} ${rvm_tar_options:-} --strip-components 1 || + { + _return=$? + log "Could not extract RVM sources." + return $_return + } +} + +rvm_install_default_settings() +{ + # Tracing, if asked for. + if + [[ "$*" == *--trace* ]] || (( ${rvm_trace_flag:-0} > 0 )) + then + set -o xtrace + rvm_trace_flag=1 + fi + + # Variable initialization, remove trailing slashes if they exist on HOME + true \ + ${rvm_trace_flag:=0} ${rvm_debug_flag:=0}\ + ${rvm_ignore_rvmrc:=0} HOME="${HOME%%+(\/)}" + + if + (( rvm_ignore_rvmrc == 0 )) + then + for rvmrc in /etc/rvmrc "$HOME/.rvmrc" + do + if + [[ -s "$rvmrc" ]] + then + if + GREP_OPTIONS="" \grep '^\s*rvm .*$' "$rvmrc" >/dev/null 2>&1 + then + printf "%b" " + Error: $rvmrc is for rvm settings only. + rvm CLI may NOT be called from within $rvmrc. + Skipping the loading of $rvmrc + " + exit 1 + else + source "$rvmrc" + fi + fi + done + fi + + if + [[ -z "${rvm_path:-}" ]] + then + if + (( UID == 0 )) + then + rvm_user_install_flag=0 + rvm_prefix="/usr/local" + rvm_path="${rvm_prefix}/rvm" + else + rvm_user_install_flag=1 + rvm_prefix="$HOME" + rvm_path="${rvm_prefix}/.rvm" + fi + fi + if [[ -z "${rvm_prefix}" ]] + then rvm_prefix=$( dirname $rvm_path ) + fi + + # duplication marker kkdfkgnjfndgjkndfjkgnkfjdgn + [[ -n "${rvm_user_install_flag:-}" ]] || + case "$rvm_path" in + (/usr/local/rvm) rvm_user_install_flag=0 ;; + ($HOME/*|/${USER// /_}*) rvm_user_install_flag=1 ;; + (*) rvm_user_install_flag=0 ;; + esac +} + +rvm_install_parse_params() +{ + install_rubies=() + install_gems=() + flags=( ./scripts/install ) + forwarded_flags=() + while + (( $# > 0 )) + do + token="$1" + shift + case "$token" in + + (--trace) + set -o xtrace + rvm_trace_flag=1 + flags=( -x "${flags[@]}" "$token" ) + forwarded_flags+=( "$token" ) + ;; + + (--debug|--quiet-curl) + flags+=( "$token" ) + forwarded_flags+=( "$token" ) + token=${token#--} + token=${token//-/_} + export "rvm_${token}_flag"=1 + printf "%b" "Turning on ${token/_/ } mode.\n" + ;; + + (--path) + if [[ -n "${1:-}" ]] + then + rvm_path="$1" + shift + else + fail "--path must be followed by a path." + fi + ;; + + (--branch|branch) # Install RVM from a given branch + if [[ -n "${1:-}" ]] + then + case "$1" in + (/*) + branch=${1#/} + ;; + (*/) + branch=master + if [[ "${1%/}" -ne wayneeseguin ]] && [[ "${1%/}" -ne mpapis ]] + then sources=(github.com/${1%/}/rvm) + fi + ;; + (*/*) + branch=${1#*/} + if [[ "${1%%/*}" -ne wayneeseguin ]] && [[ "${1%%/*}" -ne mpapis ]] + then sources=(github.com/${1%%/*}/rvm) + fi + ;; + (*) + branch="$1" + ;; + esac + shift + else + fail "--branch must be followed by a branchname." + fi + ;; + + (--source|source) + if [[ -n "${1:-}" ]] + then + if [[ "$1" = */*/* ]] + then + sources=($1) + shift + else + fail "--source must be in the format //." + fi + else + fail "--source must be followed by a source." + fi + ;; + + (--user-install|--ignore-dotfiles) + token=${token#--} + token=${token//-/_} + export "rvm_${token}_flag"=1 + printf "%b" "Turning on ${token/_/ } mode.\n" + ;; + + (--auto-dotfiles) + flags+=( "$token" ) + export "rvm_auto_dotfiles_flag"=1 + printf "%b" "Turning on auto dotfiles mode.\n" + ;; + + (--auto) + export "rvm_auto_dotfiles_flag"=1 + printf "%b" "Warning, --auto is deprecated in favor of --auto-dotfiles.\n" + ;; + + (--verify-downloads) + if [[ -n "${1:-}" ]] + then + export rvm_verify_downloads_flag="$1" + forwarded_flags+=( "$token" "$1" ) + shift + else + fail "--verify-downloads must be followed by level(0|1|2)." + fi + ;; + + (--autolibs=*) + flags+=( "$token" ) + export rvm_autolibs_flag="${token#--autolibs=}" + forwarded_flags+=( "$token" ) + ;; + + (--without-gems=*|--with-gems=*|--with-default-gems=*) + flags+=( "$token" ) + value="${token#*=}" + token="${token%%=*}" + token="${token#--}" + token="${token//-/_}" + export "rvm_${token}"="${value}" + printf "%b" "Installing RVM ${token/_/ }: ${value}.\n" + ;; + + (--version|version) + version="$1" + shift + ;; + + (head|master) + version="head" + branch="master" + ;; + + (stable) + version="latest" + ;; + + (latest|latest-*|+([[:digit:]]).+([[:digit:]]).+([[:digit:]])) + version="$token" + ;; + + (--ruby) + install_rubies+=( ruby ) + ;; + + (--ruby=*) + token=${token#--ruby=} + install_rubies+=( ${token//,/ } ) + ;; + + (--rails) + install_gems+=( rails ) + ;; + + (--gems=*) + token=${token#--gems=} + install_gems+=( ${token//,/ } ) + ;; + + (--add-to-rvm-group) + export rvm_add_users_to_rvm_group="$1" + shift + ;; + + (help|usage) + usage + exit 0 + ;; + + (*) + usage + exit 1 + ;; + + esac + done + + if (( ${#install_gems[@]} > 0 && ${#install_rubies[@]} == 0 )) + then install_rubies=( ruby ) + fi + + true "${version:=head}" + true "${branch:=master}" + + if [[ -z "${sources[@]}" ]] + then sources=("${DEFAULT_SOURCES[@]}") + fi + + rvm_src_path="$rvm_path/src" + rvm_archives_path="$rvm_path/archives" + rvm_releases_url="https://rvm.io/releases" +} + +rvm_install_validate_rvm_path() +{ + case "$rvm_path" in + (*[[:space:]]*) + printf "%b" " +It looks you are one of the happy *space* users(in home dir name), +RVM is not yet fully ready for it, use this trick to fix it: + + sudo mkdir -p /${USER// /_}.rvm + sudo chown -R \"$USER:\" /${USER// /_}.rvm + echo \"export rvm_path=/${USER// /_}.rvm\" >> \"$HOME/.rvmrc\" + +and start installing again. + +" + exit 2 + ;; + (/usr/share/ruby-rvm) + printf "%b" " +It looks you are one of the happy Ubuntu users, +RVM packaged by Ubuntu is old and broken, +follow this link for details how to fix: + + http://stackoverflow.com/a/9056395/497756 + +" + [[ "${rvm_uses_broken_ubuntu_path:-no}" == "yes" ]] || exit 3 + ;; + esac + + if [[ "$rvm_path" != "/"* ]] + then fail "The rvm install path must be fully qualified. Tried $rvm_path" + fi +} + +rvm_install_select_and_get_version() +{ + typeset _version_release + + for dir in "$rvm_src_path" "$rvm_archives_path" + do + [[ -d "$dir" ]] || mkdir -p "$dir" + done + + _version_release="${version}" + case "${version}" in + (head) + _version_release="${branch}" + install_head sources[@] ${branch:-master} || exit $? + ;; + + (latest) + install_release sources[@] $(fetch_version sources[@]) || exit $? + ;; + + (latest-minor) + version="$(\cat "$rvm_path/VERSION")" + install_release sources[@] $(fetch_version sources[@] ${version%.*}) || exit $? + ;; + + (latest-*) + install_release sources[@] $(fetch_version sources[@] ${version#latest-}) || exit $? + ;; + + (+([[:digit:]]).+([[:digit:]]).+([[:digit:]])) # x.y.z + install_release sources[@] ${version} || exit $? + ;; + + (*) + fail "Something went wrong, unrecognized version '$version'" + ;; + esac + echo "${_version_release}" > "$rvm_path/RELEASE" +} + +rvm_install_main() +{ + [[ -f ./scripts/install ]] || + { + log "'./scripts/install' can not be found for installation, something went wrong, it usally means your 'tar' is broken, please report it here: https://github.com/rvm/rvm/issues" + return 127 + } + + # required flag - path to install + flags+=( --path "$rvm_path" ) + \command bash "${flags[@]}" +} + +rvm_install_ruby_and_gems() +( + if + (( ${#install_rubies[@]} > 0 )) + then + source ${rvm_scripts_path:-${rvm_path}/scripts}/rvm + source ${rvm_scripts_path:-${rvm_path}/scripts}/version + __rvm_version + + for _ruby in ${install_rubies[@]} + do command rvm "${forwarded_flags[@]}" install ${_ruby} -j 2 + done + # set the first one as default, skip rest + for _ruby in ${install_rubies[@]} + do + rvm "${forwarded_flags[@]}" alias create default ${_ruby} + break + done + + for _gem in ${install_gems[@]} + do rvm "${forwarded_flags[@]}" all do gem install ${_gem} + done + + printf "%b" " + * To start using RVM you need to run \`source $rvm_path/scripts/rvm\` + in all your open shell windows, in rare cases you need to reopen all shell windows. +" + + if + [[ "${install_gems[*]}" == *"rails"* ]] + then + printf "%b" " + * To start using rails you need to run \`rails new \`. +" + fi + fi +) + +rvm_install() +{ + rvm_install_initialize + rvm_install_commands_setup + rvm_install_default_settings + rvm_install_parse_params "$@" + rvm_install_validate_rvm_path + rvm_install_select_and_get_version + rvm_install_main + rvm_install_ruby_and_gems +} + +rvm_install "$@" diff --git a/roles/easyredmine/handlers/main.yml b/roles/easyredmine/handlers/main.yml index 91bd047..9543788 100644 --- a/roles/easyredmine/handlers/main.yml +++ b/roles/easyredmine/handlers/main.yml @@ -10,3 +10,7 @@ service: name=firewalld state=restarted sudo: yes + +- name: rebuild mail aliases + command: /usr/bin/newaliases + sudo: yes diff --git a/roles/easyredmine/tasks/database.yml b/roles/easyredmine/tasks/database.yml index 4571dd5..c126c89 100644 --- a/roles/easyredmine/tasks/database.yml +++ b/roles/easyredmine/tasks/database.yml @@ -14,6 +14,8 @@ - mysql_db: name='{{ redmine_db_name }}' state=present encoding=utf8 + login_user='{{ mysql_admin_login }}' + login_password='{{ mysql_admin_password }}' sudo: yes register: redmine_db_created @@ -34,6 +36,8 @@ mysql_db: name='{{ redmine_db_name }}' state=import target='{{ _redmine_db_import_file }}' + login_user='{{ mysql_admin_login }}' + login_password='{{ mysql_admin_password }}' register: redmine_db_import when: do_redmine_db_import == True and (redmine_db_import_done.stat.exists == False or redmine_db_created|changed) @@ -41,7 +45,7 @@ state=touch when: do_redmine_db_import == True and redmine_db_import_done.stat.exists == False and redmine_db_import|success -- name: create db user +- name: create redmine db user mysql_user: name='{{ redmine_db_user }}' password='{{ redmine_db_password }}' append_privs=yes diff --git a/roles/easyredmine/tasks/firewall.yml b/roles/easyredmine/tasks/firewall.yml index de9bae6..639647b 100644 --- a/roles/easyredmine/tasks/firewall.yml +++ b/roles/easyredmine/tasks/firewall.yml @@ -1,6 +1,7 @@ - service: name=firewalld state=started + enabled=yes sudo: yes - firewalld: service=https @@ -14,3 +15,25 @@ state=enabled sudo: yes notify: restart firewalld + +- firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept' + permanent=true + state=enabled + with_items: + - 128.192.75.0/24 + - 192.168.0.0/16 + - 172.16.0.0/16 + - 128.91.49.0/24 + sudo: yes + notify: restart firewalld + +- firewalld: service=ssh + permanent=true + state=disabled + sudo: yes + notify: restart firewalld + +- name: restart firewalld + service: name=firewalld + state=restarted + sudo: yes diff --git a/roles/easyredmine/tasks/main.yml b/roles/easyredmine/tasks/main.yml index c49d438..01debcd 100644 --- a/roles/easyredmine/tasks/main.yml +++ b/roles/easyredmine/tasks/main.yml @@ -1,11 +1,13 @@ --- +- include: system.yml + - include: firewall.yml - include: database.yml + when: do_database_management == True - include: redmine.yml - include: nginx.yml -- include: system.yml diff --git a/roles/easyredmine/tasks/nginx.yml b/roles/easyredmine/tasks/nginx.yml index 9bbf33e..54a3d3c 100644 --- a/roles/easyredmine/tasks/nginx.yml +++ b/roles/easyredmine/tasks/nginx.yml @@ -38,4 +38,5 @@ - service: name=nginx state=started + enabled=yes sudo: yes diff --git a/roles/easyredmine/tasks/redmine.yml b/roles/easyredmine/tasks/redmine.yml index c74a549..64f5cd2 100644 --- a/roles/easyredmine/tasks/redmine.yml +++ b/roles/easyredmine/tasks/redmine.yml @@ -2,6 +2,7 @@ yum: name='{{ item }}' sudo: yes with_items: + - mysql-devel - unzip - rubygems - ruby-devel @@ -14,6 +15,7 @@ - name: install bundler, redmine-installer gems gem: name='{{ item }}' user_install=no + executable=/usr/local/bin/gem # RVM's version sudo: yes with_items: - bundler @@ -27,7 +29,7 @@ - name: download installer get_url: url='{{ installer_package_url }}' - dest='{{ cache_dir }}' + dest='{{ remote_scratch_path }}' mode=0640 force=no when: has_installer_package.stat.exists == False @@ -54,18 +56,29 @@ register: mk_redmine_root_dir - name: run redmine installer - command: '{{ _redmine_install_wrapper }}' + shell: 'source ~/.bash_profile && {{ _redmine_install_wrapper }}' when: mk_redmine_root_dir|changed and do_redmine_installer == True + register: installer_run sudo: no - environment: - PATH: "{{ ansible_env.PATH }}:~/bin" - copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake' src='ebrc_settings.rake' sudo: yes +- name: restrict config permissions + file: path='{{ redmine_root_dir }}/config' + mode=0770 + - name: Configuring Redmine with eupath preferences command: 'rake redmine:ebrc_settings RAILS_ENV=production' args: chdir: '{{ redmine_root_dir }}' sudo: no + when: do_redmine_installer == True + +- name: adding crontab + cron: name="redmine tasks" + minute="*/15" + job='cd {{ redmine_root_dir }} && /usr/local/bin/bundle exec rake easyproject:scheduler:run_tasks RAILS_ENV=production > /dev/null' + user='{{ redmine_owner }}' + sudo: yes diff --git a/roles/easyredmine/tasks/system.yml b/roles/easyredmine/tasks/system.yml index b9514e3..269aa58 100644 --- a/roles/easyredmine/tasks/system.yml +++ b/roles/easyredmine/tasks/system.yml @@ -7,4 +7,34 @@ - rsync - strace - nmap + - yum-utils + - sendmail + - at + - nfs-utils + - vim-enhanced + - tmpwatch + - ntpdate + - cronie-noanacron + - ruby + - mailx + - crontabs + - logrotate + - which + - net-tools + - lsof + - screen + - mlocate + +- service: name=sendmail + state=started + enabled=yes + sudo: yes + +- name: set up redmine user mail aliases + lineinfile: > + dest=/etc/aliases + regexp="\b{{ redmine_owner }}" + line="{{ redmine_owner }}: {{ redmine_mail_alias }}" + sudo: yes + notify: rebuild mail aliases diff --git a/roles/easyredmine/templates/install_wrapper.j2 b/roles/easyredmine/templates/install_wrapper.j2 index 9f939c8..a7e21ab 100755 Binary files a/roles/easyredmine/templates/install_wrapper.j2 and b/roles/easyredmine/templates/install_wrapper.j2 differ diff --git a/roles/easyredmine/templates/installer_inputs.txt.j2 b/roles/easyredmine/templates/installer_inputs.txt.j2 deleted file mode 100644 index c7d768c..0000000 --- a/roles/easyredmine/templates/installer_inputs.txt.j2 +++ /dev/null @@ -1,11 +0,0 @@ -{{ redmine_root_dir }} -1 -{{ redmine_db_name }} -{{ redmine_db_host }} -{{ redmine_db_user }} -{{ redmine_db_password }} -{{ redmine_db_encoding }} -{{ redmine_db_port }} -2 -{{ sendmail_path }} -{{ sendmail_args }} diff --git a/roles/easyredmine/templates/passenger.conf.j2 b/roles/easyredmine/templates/passenger.conf.j2 index 9ecb540..ae30127 100644 --- a/roles/easyredmine/templates/passenger.conf.j2 +++ b/roles/easyredmine/templates/passenger.conf.j2 @@ -1,5 +1,5 @@ passenger_root /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini; -passenger_ruby /usr/bin/ruby; +passenger_ruby /usr/local/rvm/gems/ruby-{{ ruby_version }}/wrappers/ruby; passenger_instance_registry_dir /var/run/passenger-instreg;