Update to 2021-12-01 19:13

roles/onlyoffice_document_server/defaults/main.yml

@@ -0,0 +1,21 @@
+---
+
+oo_db_server: "{{ mysql_server | default('localhost') }}"
+oo_db_name: onlyoffice
+oo_db_user: onlyoffice
+oo_db_port: 3306
+# Random created if not set
+# oo_db_pass: SeCr3t
+
+# Redis server
+oo_redis_server: localhost
+oo_redis_port: 6379
+
+# Secret key
+# oo_secret: XXXX
+
+oo_ds_vhost: onlyoffice-ds.{{ ansible_domain }}
+
+# Is auto-saving of file enabled
+# If true, files will be saved every 5 minutes
+oo_auto_save: True

roles/onlyoffice_document_server/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: restart documentserver
+  service: name={{ item }} state=restarted
+  loop: "{{ oo_services }}"
+

roles/onlyoffice_document_server/meta/main.yml

@@ -0,0 +1,9 @@
+---
+
+dependencies:
+  - role: repo_onlyoffice
+  - role: nginx
+  - role: redis_server
+  - role: rabbitmq_server
+  - role: mysql_server
+    when: oo_db_server in ['localhost','127.0.0.1']

roles/onlyoffice_document_server/tasks/cleanup.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Remove obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - /etc/systemd/system/documentserver-spellchecker.service
+    - /etc/systemd/system/multi-user.target.wants/documentserver-spellchecker.service
+  tags: oo

roles/onlyoffice_document_server/tasks/conf.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Deploy configuration
+  template: src={{ item }}.j2 dest=/etc/onlyoffice/documentserver/{{ item }} owner=ds group=ds mode=440
+  loop:
+    - oods.json
+  notify: restart documentserver
+  tags: oo
+
+- name: Deploy nginx configuration
+  template: src=nginx_vhost.conf.j2 dest=/etc/nginx/ansible_conf.d/32-oods.conf
+  notify: reload nginx
+  tags: oo

roles/onlyoffice_document_server/tasks/directories.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Create meta directory
+  file: path=/etc/onlyoffice/meta state=directory mode=700
+  tags: oo

roles/onlyoffice_document_server/tasks/facts.yml

@@ -0,0 +1,33 @@
+---
+
+- set_fact:
+    oo_services:
+      - documentserver-converter
+      - documentserver-docservice
+      - documentserver-metrics
+  tags: oo
+
+- when: oo_db_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: /etc/onlyoffice/meta/ansible_db_pass
+    - set_fact: oo_db_pass={{ rand_pass }}
+  tags: oo
+
+- name: Detect installed version
+  shell: rpm -q --qf "%{version}-%{release}" onlyoffice-documentserver || echo 0
+  args:
+    warn: False
+  register: oo_current_version
+  changed_when: False
+  tags: oo
+
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: /etc/onlyoffice/
+        - version: "{{ oo_current_version.stdout }}"
+    - set_fact: oo_install_mode={{ install_mode }}
+  tags: oo
+

roles/onlyoffice_document_server/tasks/install.yml

@@ -0,0 +1,89 @@
+---
+
+- name: Install packages
+  yum:
+    name:
+      - onlyoffice-documentserver
+  tags: oo
+
+  # Font generation migh fail during upgrades, which can result in a broken install
+  # like https://github.com/ONLYOFFICE/DocumentServer/issues/1106
+- when: oo_install_mode != 'none'
+  block:
+    - name: Stop services
+      service: name={{ item }} state=stopped
+      loop: "{{ oo_services }}"
+      failed_when: False # don't fail on initial install when the services doesn't exist yet
+
+    - name: Generate fonts
+      command: documentserver-generate-allfonts.sh true
+  tags: oo
+
+- name: Fix permissions on onlyoffice web resources
+  file: path=/var/www/onlyoffice state=directory mode=755
+  tags: oo
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ oo_db_name }}"
+    - db_user: "{{ oo_db_user }}"
+    - db_server: "{{ oo_db_server }}"
+    - db_pass: "{{ oo_db_pass }}"
+  tags: oo
+
+- name: Load MySQL schema
+  mysql_db:
+    name: "{{ oo_db_name }}"
+    state: import
+    target: /var/www/onlyoffice/documentserver/server/schema/mysql/createdb.sql
+    login_host: "{{ oo_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+  when: db_created.changed
+  tags: oo
+
+- name: Set permissions for default conf
+  file: path=/etc/onlyoffice/documentserver/{{ item }} mode=644
+  loop:
+    - default.json
+    - development-mac.json
+    - development-windows.json
+    - production-linux.json
+    - log4js/development.json
+    - log4js/production.json
+  tags: oo
+
+- name: Set permission on config directory
+  file: path=/etc/onlyoffice state=directory mode=755
+  tags: oo
+
+- name: Fix permissions on data dir
+  command: chown -R ds:ds /var/lib/onlyoffice/documentserver/
+  args:
+    warn: False
+  changed_when: False
+  tags: oo
+
+- name: Deploy systemd service units
+  template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
+  loop: "{{ oo_services }}"
+  register: oo_units
+  notify: restart documentserver
+  tags: oo
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: oo_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: oo
+
+- name: Remove obsolete services
+  file: path=/etc/systemd/system/{{ item }}.service state=absent
+  loop:
+    - documentserver-gc
+  register: oo_obsolete_units
+  tags: oo
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: oo_obsolete_units.changed
+  tags: oo

roles/onlyoffice_document_server/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: install.yml
+- include: conf.yml
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+- include: services.yml
+- include: write_version.yml
+- include: cleanup.yml

roles/onlyoffice_document_server/tasks/selinux.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Set correct context for binaries
+  sefcontext:
+    target: "{{ item }}"
+    setype: bin_t
+  loop:
+    - /var/www/onlyoffice/documentserver/server/FileConverter/converter
+    - /var/www/onlyoffice/documentserver/server/DocService/docservice
+    - /var/www/onlyoffice/documentserver/server/Metrics/metrics
+  register: oo_bin_context
+  notify: restart documentserver
+  tags: oo
+
+- name: Reset SELinux context
+  command: restorecon -R /var/www/onlyoffice/documentserver/server/ /var/lib/onlyoffice/
+  when: oo_bin_context.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: oo
+
+- name: Remove useless SELinux policy
+  file: path=/etc/selinux/targeted/local/{{ item }} state=absent
+  loop:
+    - onlyoffice_docserver.te
+    - onlyoffice_docserver.mod
+    - onlyoffice_docserver.pp
+  tags: oo
+

roles/onlyoffice_document_server/tasks/services.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Stop and disable supervisord
+  systemd: name=supervisord state=stopped enabled=False masked=True
+  tags: oo
+
+- name: Start and enable documentserver services
+  service: name={{ item }} state=started enabled=True
+  loop: "{{ oo_services }}"
+  tags: oo
+

roles/onlyoffice_document_server/tasks/user.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create a system user
+  user:
+    name: ds
+    comment: OnlyOffice Document Server
+    system: True
+    home: /var/www/onlyoffice
+    shell: /sbin/nologin
+  tags: oo

roles/onlyoffice_document_server/tasks/write_version.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Detect installed version
+  shell: rpm -q --qf "%{version}-%{release}" onlyoffice-documentserver || echo 0
+  args:
+    warn: False
+  register: oo_current_version
+  changed_when: False
+  #when: oo_current_version | string == '0' # Only detect again on first install
+  tags: oo
+
+- name: Write current version
+  copy: content={{ oo_current_version.stdout }} dest=/etc/onlyoffice/meta/ansible_version
+  tags: oo

roles/onlyoffice_document_server/templates/documentserver-converter.service.j2

@@ -0,0 +1,25 @@
+[Unit]
+Description=Only Office converter
+Requires=rabbitmq-server.service
+
+[Service]
+Type=simple
+ExecStart=/var/www/onlyoffice/documentserver/server/FileConverter/converter
+WorkingDirectory=/var/www/onlyoffice/documentserver/server/FileConverter/
+User=ds
+Group=ds
+Environment=NODE_ENV=oods
+Environment=NODE_CONFIG_DIR=/etc/onlyoffice/documentserver
+Environment=NODE_DISABLE_COLORS=1
+Environment=APPLICATION_NAME=ONLYOFFICE
+Restart=always
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+SyslogIdentifier=oods-converter
+MemoryLimit=1024M
+
+[Install]
+WantedBy=multi-user.target

roles/onlyoffice_document_server/templates/documentserver-docservice.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Only Office document service
+Requires=rabbitmq-server.service
+
+[Service]
+Type=simple
+ExecStart=/var/www/onlyoffice/documentserver/server/DocService/docservice
+WorkingDirectory=/var/www/onlyoffice/documentserver/server/DocService/
+User=ds
+Group=ds
+Environment=NODE_ENV=oods
+Environment=NODE_CONFIG_DIR=/etc/onlyoffice/documentserver
+Environment=NODE_DISABLE_COLORS=1
+Restart=always
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+SyslogIdentifier=oods-docservice
+MemoryLimit=600M
+
+[Install]
+WantedBy=multi-user.target

roles/onlyoffice_document_server/templates/documentserver-metrics.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Only Office metrics
+
+[Service]
+Type=simple
+ExecStart=/var/www/onlyoffice/documentserver/server/Metrics/metrics ./config/config.js
+WorkingDirectory=/var/www/onlyoffice/documentserver/server/Metrics/
+User=ds
+Group=ds
+Environment=NODE_DISABLE_COLORS=1
+Restart=always
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+SyslogIdentifier=oods-metrics
+MemoryLimit=50M
+
+[Install]
+WantedBy=multi-user.target

roles/onlyoffice_document_server/templates/httpd.conf.j2

@@ -0,0 +1,32 @@
+# {{ ansible_managed }}
+
+<VirtualHost *:80>
+  ServerName {{ oo_vhost }}
+  Include ansible_conf.d/common_env.inc
+
+  SetEnvIf Host "^(.*)$" THE_HOST=$1
+  RequestHeader setifempty X-Forwarded-Proto http
+  RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
+  ProxyAddHeaders Off
+
+  ProxyPassMatch (.*)(/websocket)$                            ws://localhost:8000/$1$2
+
+  RewriteEngine On
+
+  RewriteRule ^/$                                             /welcome                         [R=301,L]
+  RewriteRule ^/OfficeWeb(/apps/.*)$                          /2018-01-11-13-33/web-apps$1     [R=301,L]
+
+  ProxyPassMatch ^(/2018-01-11-13-33)?(/fonts/.*)             http://localhost:{{ oo_docserver_port }}$2
+  ProxyPassMatch ^(/2018-01-11-13-33)?(/doc/.*)               http://localhost:{{ oo_docserver_port }}$2
+  ProxyPassMatch ^(/2018-01-11-13-33)?(/.*)                   http://localhost:{{ oo_docserver_port }}$2
+  ProxyPassMatch ^(/2018-01-11-13-33)?(/spellchecker)(/.*)    http://localhost:{{ oo_spellchecker_port }}/$3
+
+  AliasMatch ^(/cache/files.*)(/.*)                                          /var/lib/onlyoffice/documentserver/App_Data$1
+  AliasMatch ^(/2018-01-11-13-33)?/(web-apps/apps/api/documents/api.js)$     /var/www/onlyoffice/documentserver/$2
+  AliasMatch ^(/2018-01-11-13-33)?/(web-apps|sdkjs|sdkjs-plugins)(/.*)$      /var/www/onlyoffice/documentserver/$2$3
+
+  <Directory /var/lib/onlyoffice/documentserver/App_Data>
+    Require all granted
+  </Directory>
+
+</VirtualHost>

roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2

@@ -0,0 +1,6 @@
+include /etc/onlyoffice/documentserver/nginx/includes/http-common.conf;
+server {
+  listen 0.0.0.0:80;
+  server_name {{ oo_ds_vhost }};
+  include /etc/onlyoffice/documentserver/nginx/includes/ds-docservice.conf;
+}

roles/onlyoffice_document_server/templates/oods.json.j2

@@ -0,0 +1,103 @@
+{
+  "log": {
+    "filePath": "/etc/onlyoffice/documentserver/log4js/production.json"
+  },
+  "storage": {
+    "fs": {
+      "folderPath": "/var/lib/onlyoffice/documentserver/App_Data/cache/files"
+    }
+  },
+  "services": {
+    "CoAuthoring": {
+{% if oo_secret is defined %}
+      "secret": {
+        "inbox": {
+          "string": "{{ oo_secret }}"
+        },
+        "outbox": {
+          "string": "{{ oo_secret }}"
+        }
+      },
+      "token": {
+        "enable": {
+          "browser": true,
+          "request": {
+            "inbox": true,
+            "outbox": true
+          }
+        }
+      },
+{% endif %}
+      "sql": {
+        "type": "mysql",
+        "dbHost": "{{ oo_db_server }}",
+        "dbPort": {{ oo_db_port }},
+        "dbName": "{{ oo_db_name }}",
+        "dbUser": "{{ oo_db_user }}",
+        "dbPass": "{{ oo_db_pass }}",
+        "charset": "utf8"
+      },
+{% if oo_auto_save %}
+      "autoAssembly": {
+        "enable": true,
+        "interval": "5m"
+      },
+{% endif %}
+      "server": {
+        "static_content": {
+          "/fonts": {
+            "path": "/var/www/onlyoffice/documentserver/fonts",
+            "options": {"maxAge": "7d"}
+          },
+          "/sdkjs": {
+            "path": "/var/www/onlyoffice/documentserver/sdkjs",
+            "options": {"maxAge": "7d"}
+          },
+          "/web-apps": {
+            "path": "/var/www/onlyoffice/documentserver/web-apps",
+            "options": {"maxAge": "7d"}
+          },
+          "/welcome": {
+            "path": "/var/www/onlyoffice/documentserver/server/welcome",
+            "options": {"maxAge": "7d"}
+          },
+          "/info": {
+            "path": "/var/www/onlyoffice/documentserver/server/info",
+            "options": {"maxAge": "7d"}
+          },
+          "/sdkjs-plugins": {
+            "path": "/var/www/onlyoffice/documentserver/sdkjs-plugins",
+            "options": {"maxAge": "7d"}
+          }
+        }
+      },
+      "utils": {
+        "utils_common_fontdir": "/usr/share/fonts"
+      },
+      "sockjs": {
+        "sockjs_url": "/web-apps/vendor/sockjs/sockjs.min.js"
+      }
+    }
+  },
+  "license": {
+    "license_file": "/var/www/onlyoffice/documentserver/../Data/license.lic",
+    "warning_limit_percents": "70"
+  },
+  "FileConverter": {
+    "converter": {
+      "fontDir": "/usr/share/fonts",
+      "presentationThemesDir": "/var/www/onlyoffice/documentserver/sdkjs/slide/themes",
+      "x2tPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t",
+      "docbuilderPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/docbuilder",
+      "docbuilderAllFontsPath": "/var/lib/onlyoffice/documentserver/App_Data/docbuilder/AllFonts.js"
+    }
+  },
+  "FileStorage": {
+    "directory": "/var/lib/onlyoffice/documentserver/App_Data"
+  },
+  "SpellChecker": {
+    "server": {
+      "dictDir": "/var/www/onlyoffice/documentserver/server/SpellChecker/dictionaries"
+    }
+  }
+}