From 8c9d1f09906bab21e0b6adac88a113a0b43ce311 Mon Sep 17 00:00:00 2001 From: Markus Katharina Brechtel Date: Sun, 19 Nov 2017 02:23:49 +0000 Subject: [PATCH] serveral changes --- defaults/main.yml | 9 +-- handlers/main.yml | 5 -- tasks/certificate.yml | 13 ++++ tasks/configure.yml | 4 +- tasks/database.yml | 6 -- tasks/main.yml | 11 +++- tasks/nginx.yml | 14 ++--- tasks/nodenv.yml | 1 + tasks/rbenv.yml | 1 + tasks/reset.yml | 12 ++++ templates/configuration.yml.j2 | 9 ++- templates/nginx.conf.j2 | 111 --------------------------------- vars/main.yml | 26 ++++++++ 13 files changed, 76 insertions(+), 146 deletions(-) create mode 100644 tasks/certificate.yml create mode 100644 tasks/reset.yml delete mode 100644 templates/nginx.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 0fb3e4f..8754d56 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,5 @@ --- +openproject_subdirectory: / openproject_user: openproject openproject_group: openproject @@ -9,14 +10,10 @@ openproject_locale: en plugins: {} -unicorn: - socket: unix - path: '{{openproject_path}}/unicorn.sock' - host: 0.0.0.0 - port: 8042 - secret_key_base: e7fc3c2c8bec7b789b1ddbac5425c680055aadd3a3015e93f58fd5914dfebbaef30249414ea5813db5df619ebab246e96cf5b4f38d58b42452de85f5af6cf242 memcached: host: localhost port: 11211 + +openproject_state: installed diff --git a/handlers/main.yml b/handlers/main.yml index 05294f7..1ec41aa 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,11 +3,6 @@ - name: reload systemd unit files command: systemctl daemon-reload -- name: reload nginx - service: - name: nginx - state: reloaded - - name: restart openproject service: name: openproject diff --git a/tasks/certificate.yml b/tasks/certificate.yml new file mode 100644 index 0000000..4f78c70 --- /dev/null +++ b/tasks/certificate.yml @@ -0,0 +1,13 @@ +--- + +- include_role: + name: certificate + vars: + certificate_name: openproject + certificate_directory: /etc/ssl + certificate_key_usage: + - digitalSignature + - keyEncipherment + certificate_extended_key_usage: + - serverAuth + certificate_alt_names: "{{ openproject_server_names | map('regex_replace', '(.*)','DNS:\\1') | list }}" diff --git a/tasks/configure.yml b/tasks/configure.yml index 7082ae2..e01354e 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,12 +1,12 @@ --- -- name: create openproject environment configuration +- name: configuration template: src: '{{item}}.yml.j2' dest: '{{openproject_path}}/openproject/config/{{item}}.yml' with_items: - database - #- configuration + - configuration notify: restart openproject become: yes become_user: '{{openproject_user}}' diff --git a/tasks/database.yml b/tasks/database.yml index 526365a..f133c1d 100644 --- a/tasks/database.yml +++ b/tasks/database.yml @@ -8,12 +8,6 @@ priv: "{{ openproject_database_name }}.*:ALL" delegate_to: "{{ openproject_database_host }}" -# - name: mysql database absent -# mysql_db: -# name: "{{ openproject_database_name }}" -# state: absent -# delegate_to: "{{ openproject_database_host }}" - - name: mysql database mysql_db: name: "{{ openproject_database_name }}" diff --git a/tasks/main.yml b/tasks/main.yml index 5e019c0..14da535 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,9 @@ # shamelessly copied from https://github.com/fabianfreyer/ansible-openproject +- include: reset.yml + when: openproject_state == "reinstalled" + - include: user.yml - include: rbenv.yml @@ -20,8 +23,8 @@ nodenv_group: '{{openproject_group}}' tags: node -- debug: - msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH +# - debug: +# msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH - include: install.yml @@ -36,10 +39,12 @@ - include: unicorn.yml +- include: certificate.yml + - include: nginx.yml tags: nginx -#- include: cron.yml +# - include: cron.yml # tags: cron - name: flush handlers diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 6034f87..8d64be7 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,12 +1,6 @@ --- -- name: install nginx - apt: - pkg: nginx-light - -- name: nginx vhost configuration - template: - src: nginx.conf.j2 - dest: /etc/nginx/nginx.conf - notify: - - reload nginx +- include_role: + name: nginx + vars: + nginx_vhosts: "{{ _openproject_nginx_vhosts }}" diff --git a/tasks/nodenv.yml b/tasks/nodenv.yml index 18797da..cf6d085 100644 --- a/tasks/nodenv.yml +++ b/tasks/nodenv.yml @@ -16,6 +16,7 @@ line: '{{item}}' with_items: - 'export PATH="{{nodenv_directory}}/bin:$PATH"' + - 'export PATH="{{nodenv_directory}}/shims:$PATH"' - 'eval "$(nodenv init -)"' become: yes become_user: '{{nodenv_user}}' diff --git a/tasks/rbenv.yml b/tasks/rbenv.yml index e818ccd..0cc0b40 100644 --- a/tasks/rbenv.yml +++ b/tasks/rbenv.yml @@ -36,6 +36,7 @@ line: '{{item}}' with_items: - 'export PATH="{{rbenv_directory}}/bin:$PATH"' + - 'export PATH="{{rbenv_directory}}/shims:$PATH"' - 'eval "$(rbenv init -)"' become: yes become_user: '{{rbenv_user}}' diff --git a/tasks/reset.yml b/tasks/reset.yml new file mode 100644 index 0000000..04dbe36 --- /dev/null +++ b/tasks/reset.yml @@ -0,0 +1,12 @@ +--- + +- name: delete openproject + file: + path: "{{openproject_path}}/openproject" + state: absent + +- name: mysql database absent + mysql_db: + name: "{{ openproject_database_name }}" + state: absent + delegate_to: "{{ openproject_database_host }}" diff --git a/templates/configuration.yml.j2 b/templates/configuration.yml.j2 index 5aa0d65..b1b001c 100644 --- a/templates/configuration.yml.j2 +++ b/templates/configuration.yml.j2 @@ -1,8 +1,12 @@ --- +default: -{# +{% if openproject_subdirectory != "/" %} + rails_relative_url_root: "{{ openproject_subdirectory }}" +{% endif %} -default: + email_delivery_method: :sendmail +{# {% if mail_method == "sendmail" %} email_delivery_method: :sendmail {% elif mail_method == "smtp" %} @@ -17,5 +21,4 @@ default: rails_force_ssl: false rails_cache_store: :memcache {%endif%} - #} diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 deleted file mode 100644 index 05cb2be..0000000 --- a/templates/nginx.conf.j2 +++ /dev/null @@ -1,111 +0,0 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # SSL Settings - ## - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - - ## - # Logging Settings - ## - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - - upstream openproject { - {% if unicorn.socket == "unix" %} - server unix:{{unicorn.path}} fail_timeout=0; - {% elif unicorn.socket == "tcp" %} - server {{unicorn.host}}:{{unicorn.port}} fail_timeout=0; - {% endif %} - } - - {% if false %} - server { - server_name {{inventory_hostname}}; - return 301 https://$server_name$request_uri; - } - {% endif %} - - server { - server_name {{inventory_hostname}}; - - {% if false %} - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - ssl_certificate /etc/letsencrypt/live/{{hostname}}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem; - {% else %} - listen 80 default_server; - listen [::]:80 default_server; - {% endif %} - - root {{openproject_path}}/openproject/public; - - try_files $uri/index.html $uri @openproject; - - location @openproject { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_pass http://openproject; - } - - error_page 500 502 503 504 /500.html; - error_page 422 /422.html; - error_page 404 /404.html; - - #client_max_body_size 4G; - #keepalive_timeout 10; - } - -} diff --git a/vars/main.yml b/vars/main.yml index 31136ec..b65fcd5 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1 +1,27 @@ openproject_env_path: "{{openproject_path}}/.rbenv/bin:{{openproject_path}}/.rbenv/shims:{{openproject_path}}/.nodenv/bin:{{openproject_path}}/.nodenv/shims" +unicorn: + socket: unix + path: '{{openproject_path}}/unicorn.sock' + +_openproject_nginx_vhosts: '{% if openproject_subdirectory == "/" %}{{_openproject_nginx_vhosts_root}}{% else %}{{_openproject_nginx_vhosts_subdir}}{% endif %}' + +_openproject_nginx_vhosts_root: + - name: openproject + server_names: "{{ openproject_server_names }}" + root: "{{openproject_path}}/openproject/public" + try_files: $uri/index.html $uri @openproject + locations: + - location: "@openproject" + proxy_pass: http://unix:{{unicorn.path}} + +_openproject_nginx_vhosts_subdir: + - name: openproject + server_names: "{{ openproject_server_names }}" + locations: + - location: / + redirect: /{{ openproject_subdirectory }} + - location: "{{ openproject_subdirectory }}" + alias: "{{openproject_path}}/openproject/public" + try_files: $uri/index.html $uri @openproject + - location: "@openproject" + proxy_pass: http://unix:{{unicorn.path}}