Update to 2021-12-01 19:13

2025-07-26 15:55:56 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/openproject/tasks/conf.yml
+++ b/roles/openproject/tasks/conf.yml
@@ -0,0 +1,22 @@
+---
+
+- name: List conf fragment
+  shell: find /etc/openproject/conf.d -maxdepth 1 -mindepth 1 -type f -exec basename "{}" \;
+  register: openproject_conf_fragments
+  changed_when: False
+  tags: openproject
+
+- name: Remove unmanaged conf fragments
+  file: path=/etc/openproject/conf.d/{{ item }} state=absent
+  loop: "{{ openproject_conf_fragments.stdout_lines }}"
+  when: item != 'ansible'
+  tags: openproject
+
+- name: Deploy configuration
+  template: src={{ item }}.j2 dest=/etc/openproject/{{ item }} owner=openproject group=openproject mode=640
+  loop:
+    - installer.dat
+    - conf.d/ansible
+  notify:
+    - restart openproject
+  tags: openproject
--- a/roles/openproject/tasks/directories.yml
+++ b/roles/openproject/tasks/directories.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Create directories
+  file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - path: /opt/openproject/meta
+      mode: 700
+    - path: "{{ openproject_data_dir }}"
+      owner: openproject
+      group: openproject
+      mode: 700
+  tags: openproject
--- a/roles/openproject/tasks/facts.yml
+++ b/roles/openproject/tasks/facts.yml
@@ -0,0 +1,28 @@
+---
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: /opt/openproject/meta/ansible_dbpass
+  when: openproject_db_pass is not defined
+  tags: openproject
+- set_fact: openproject_db_pass={{ rand_pass }}
+  when: openproject_db_pass is not defined
+  tags: openproject
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: /opt/openproject/meta/ansible_secret_key_base
+  when: openproject_secret_key_base is not defined
+  tags: openproject
+- set_fact: openproject_secret_key_base={{ rand_pass }}
+  when: openproject_secret_key_base is not defined
+  tags: openproject
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: /opt/openproject/meta/ansible_secret_token
+  when: openproject_secret_token is not defined
+  tags: openproject
+- set_fact: openproject_secret_token={{ rand_pass }}
+  when: openproject_secret_token is not defined
+  tags: openproject
--- a/roles/openproject/tasks/install.yml
+++ b/roles/openproject/tasks/install.yml
@@ -0,0 +1,48 @@
+---
+
+- name: Install openproject
+  yum:
+    name:
+      - openproject
+      - python-psycopg2
+      - pgloader-ccl
+      - postgresql11
+  tags: openproject
+
+- name: Create the PostgreSQL role
+  postgresql_user:
+    db: postgres
+    name: "{{ openproject_db_user }}"
+    password: "{{ openproject_db_pass }}"
+    login_host: "{{ openproject_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ pg_admin_pass }}"
+  tags: openproject
+
+- name: Create the PostgreSQL database
+  postgresql_db:
+    name: "{{ openproject_db_name }}"
+    encoding: UTF-8
+    lc_collate: C
+    lc_ctype: C
+    template: template0
+    owner: "{{ openproject_db_user }}"
+    login_host: "{{ openproject_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ pg_admin_pass }}"
+  tags: openproject
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/openproject mode=755
+  loop:
+    - pre
+    - post
+  tags: openproject
+
+- name: Make openproject user a member of postdrop group
+  user:
+    name: openproject
+    groups: postdrop
+    append: True
+  notify: restart openproject
+  tags: openproject
--- a/roles/openproject/tasks/iptables.yml
+++ b/roles/openproject/tasks/iptables.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Handle ports for openproject
+  iptables_raw:
+    name: openproject_ports
+    state: "{{ (openproject_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -p tcp --dport {{ openproject_port }} -s {{ openproject_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: firewall,openproject
--- a/roles/openproject/tasks/main.yml
+++ b/roles/openproject/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+
+- include: directories.yml
+- include: facts.yml
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+- include: service.yml
--- a/roles/openproject/tasks/service.yml
+++ b/roles/openproject/tasks/service.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Cleanup systemd units
+  file: path=/etc/systemd/system/{{ item }} state=absent
+  loop:
+    - openproject-worker-1.service
+    - openproject-web-1.service
+  register: openproject_rm_units
+  tags: openproject
+
+- name: Deploy clean systemd units
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  register: openproject_ansible_units
+  loop:
+    - openproject.service
+    - openproject-worker.service
+  tags: openproject
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: openproject_rm_units.results | selectattr('changed','equalto',True) | list | length > 0 or openproject_ansible_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: openproject
+
+- name: Start and enable the service
+  service: name=openproject state=started enabled=True
+  tags: openproject