Procházet zdrojové kódy

serveral changes

master
rodič
revize
8c9d1f0990
13 změnil soubory, kde provedl 76 přidání a 146 odebrání
  1. +3
    -6
      defaults/main.yml
  2. +0
    -5
      handlers/main.yml
  3. +13
    -0
      tasks/certificate.yml
  4. +2
    -2
      tasks/configure.yml
  5. +0
    -6
      tasks/database.yml
  6. +8
    -3
      tasks/main.yml
  7. +4
    -10
      tasks/nginx.yml
  8. +1
    -0
      tasks/nodenv.yml
  9. +1
    -0
      tasks/rbenv.yml
  10. +12
    -0
      tasks/reset.yml
  11. +6
    -3
      templates/configuration.yml.j2
  12. +0
    -111
      templates/nginx.conf.j2
  13. +26
    -0
      vars/main.yml

+ 3
- 6
defaults/main.yml Zobrazit soubor

@@ -1,4 +1,5 @@
---
openproject_subdirectory: /

openproject_user: openproject
openproject_group: openproject
@@ -9,14 +10,10 @@ openproject_locale: en

plugins: {}

unicorn:
socket: unix
path: '{{openproject_path}}/unicorn.sock'
host: 0.0.0.0
port: 8042

secret_key_base: e7fc3c2c8bec7b789b1ddbac5425c680055aadd3a3015e93f58fd5914dfebbaef30249414ea5813db5df619ebab246e96cf5b4f38d58b42452de85f5af6cf242

memcached:
host: localhost
port: 11211

openproject_state: installed

+ 0
- 5
handlers/main.yml Zobrazit soubor

@@ -3,11 +3,6 @@
- name: reload systemd unit files
command: systemctl daemon-reload

- name: reload nginx
service:
name: nginx
state: reloaded

- name: restart openproject
service:
name: openproject


+ 13
- 0
tasks/certificate.yml Zobrazit soubor

@@ -0,0 +1,13 @@
---

- include_role:
name: certificate
vars:
certificate_name: openproject
certificate_directory: /etc/ssl
certificate_key_usage:
- digitalSignature
- keyEncipherment
certificate_extended_key_usage:
- serverAuth
certificate_alt_names: "{{ openproject_server_names | map('regex_replace', '(.*)','DNS:\\1') | list }}"

+ 2
- 2
tasks/configure.yml Zobrazit soubor

@@ -1,12 +1,12 @@
---

- name: create openproject environment configuration
- name: configuration
template:
src: '{{item}}.yml.j2'
dest: '{{openproject_path}}/openproject/config/{{item}}.yml'
with_items:
- database
#- configuration
- configuration
notify: restart openproject
become: yes
become_user: '{{openproject_user}}'


+ 0
- 6
tasks/database.yml Zobrazit soubor

@@ -8,12 +8,6 @@
priv: "{{ openproject_database_name }}.*:ALL"
delegate_to: "{{ openproject_database_host }}"

# - name: mysql database absent
# mysql_db:
# name: "{{ openproject_database_name }}"
# state: absent
# delegate_to: "{{ openproject_database_host }}"

- name: mysql database
mysql_db:
name: "{{ openproject_database_name }}"


+ 8
- 3
tasks/main.yml Zobrazit soubor

@@ -2,6 +2,9 @@

# shamelessly copied from https://github.com/fabianfreyer/ansible-openproject

- include: reset.yml
when: openproject_state == "reinstalled"

- include: user.yml

- include: rbenv.yml
@@ -20,8 +23,8 @@
nodenv_group: '{{openproject_group}}'
tags: node

- debug:
msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH
# - debug:
# msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH

- include: install.yml

@@ -36,10 +39,12 @@

- include: unicorn.yml

- include: certificate.yml

- include: nginx.yml
tags: nginx

#- include: cron.yml
# - include: cron.yml
# tags: cron

- name: flush handlers


+ 4
- 10
tasks/nginx.yml Zobrazit soubor

@@ -1,12 +1,6 @@
---

- name: install nginx
apt:
pkg: nginx-light

- name: nginx vhost configuration
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify:
- reload nginx
- include_role:
name: nginx
vars:
nginx_vhosts: "{{ _openproject_nginx_vhosts }}"

+ 1
- 0
tasks/nodenv.yml Zobrazit soubor

@@ -16,6 +16,7 @@
line: '{{item}}'
with_items:
- 'export PATH="{{nodenv_directory}}/bin:$PATH"'
- 'export PATH="{{nodenv_directory}}/shims:$PATH"'
- 'eval "$(nodenv init -)"'
become: yes
become_user: '{{nodenv_user}}'


+ 1
- 0
tasks/rbenv.yml Zobrazit soubor

@@ -36,6 +36,7 @@
line: '{{item}}'
with_items:
- 'export PATH="{{rbenv_directory}}/bin:$PATH"'
- 'export PATH="{{rbenv_directory}}/shims:$PATH"'
- 'eval "$(rbenv init -)"'
become: yes
become_user: '{{rbenv_user}}'


+ 12
- 0
tasks/reset.yml Zobrazit soubor

@@ -0,0 +1,12 @@
---

- name: delete openproject
file:
path: "{{openproject_path}}/openproject"
state: absent

- name: mysql database absent
mysql_db:
name: "{{ openproject_database_name }}"
state: absent
delegate_to: "{{ openproject_database_host }}"

+ 6
- 3
templates/configuration.yml.j2 Zobrazit soubor

@@ -1,8 +1,12 @@
---
default:

{#
{% if openproject_subdirectory != "/" %}
rails_relative_url_root: "{{ openproject_subdirectory }}"
{% endif %}

default:
email_delivery_method: :sendmail
{#
{% if mail_method == "sendmail" %}
email_delivery_method: :sendmail
{% elif mail_method == "smtp" %}
@@ -17,5 +21,4 @@ default:
rails_force_ssl: false
rails_cache_store: :memcache
{%endif%}

#}

+ 0
- 111
templates/nginx.conf.j2 Zobrazit soubor

@@ -1,111 +0,0 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;

upstream openproject {
{% if unicorn.socket == "unix" %}
server unix:{{unicorn.path}} fail_timeout=0;
{% elif unicorn.socket == "tcp" %}
server {{unicorn.host}}:{{unicorn.port}} fail_timeout=0;
{% endif %}
}

{% if false %}
server {
server_name {{inventory_hostname}};
return 301 https://$server_name$request_uri;
}
{% endif %}

server {
server_name {{inventory_hostname}};

{% if false %}
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/{{hostname}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem;
{% else %}
listen 80 default_server;
listen [::]:80 default_server;
{% endif %}

root {{openproject_path}}/openproject/public;

try_files $uri/index.html $uri @openproject;

location @openproject {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://openproject;
}

error_page 500 502 503 504 /500.html;
error_page 422 /422.html;
error_page 404 /404.html;

#client_max_body_size 4G;
#keepalive_timeout 10;
}

}

+ 26
- 0
vars/main.yml Zobrazit soubor

@@ -1 +1,27 @@
openproject_env_path: "{{openproject_path}}/.rbenv/bin:{{openproject_path}}/.rbenv/shims:{{openproject_path}}/.nodenv/bin:{{openproject_path}}/.nodenv/shims"
unicorn:
socket: unix
path: '{{openproject_path}}/unicorn.sock'

_openproject_nginx_vhosts: '{% if openproject_subdirectory == "/" %}{{_openproject_nginx_vhosts_root}}{% else %}{{_openproject_nginx_vhosts_subdir}}{% endif %}'

_openproject_nginx_vhosts_root:
- name: openproject
server_names: "{{ openproject_server_names }}"
root: "{{openproject_path}}/openproject/public"
try_files: $uri/index.html $uri @openproject
locations:
- location: "@openproject"
proxy_pass: http://unix:{{unicorn.path}}

_openproject_nginx_vhosts_subdir:
- name: openproject
server_names: "{{ openproject_server_names }}"
locations:
- location: /
redirect: /{{ openproject_subdirectory }}
- location: "{{ openproject_subdirectory }}"
alias: "{{openproject_path}}/openproject/public"
try_files: $uri/index.html $uri @openproject
- location: "@openproject"
proxy_pass: http://unix:{{unicorn.path}}

Načítá se…
Zrušit
Uložit