Update to 2022-01-26 18:00

roles/taiga/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ taiga_root_dir }}/archives/{{ taiga_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ taiga_root_dir }}/archives/{{ taiga_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: taiga

roles/taiga/tasks/archive_pre.yml

@@ -0,0 +1,38 @@
+---
+
+- name: Create the archive dir
+  file: path={{ taiga_root_dir }}/archives/{{ taiga_current_version }} state=directory
+  tags: taiga
+
+- name: Install postgresql client
+  package:
+    name:
+      - postgresql14
+  tags: taiga
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ taiga_root_dir }}/{{ item }}"
+    dest: "{{ taiga_root_dir }}/archives/{{ taiga_current_version }}/"
+    recursive: True
+    delete: True
+    compress: False
+  loop:
+    - venv
+    - app
+  delegate_to: "{{ inventory_hostname }}"
+  tags: taiga
+
+- name: Dump the database
+  command: >
+    /usr/pgsql-14/bin/pg_dump
+    --clean
+    --create
+    --host={{ taiga_db_server | quote }}
+    --port={{ taiga_db_port | quote }}
+    --username={{ taiga_db_user | quote }} {{ taiga_db_name | quote }}
+    --file="{{ taiga_root_dir }}/archives/{{ taiga_current_version }}/{{ taiga_db_name }}.sql"
+  environment:
+    - PGPASSWORD: "{{ taiga_db_pass }}"
+  tags: taiga
+

roles/taiga/tasks/cleanup.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ taiga_root_dir }}/tmp/taiga-back-{{ taiga_version }}.tar.gz"
+    - "{{ taiga_root_dir }}/tmp/taiga-back-{{ taiga_version }}"
+    - "{{ taiga_root_dir }}/tmp/taiga-front-dist-{{ taiga_version }}.tar.gz"
+    - "{{ taiga_root_dir }}/tmp/taiga-front-dist-{{ taiga_version }}"
+    - "{{ taiga_root_dir }}/tmp/taiga-events-{{ taiga_version }}.tar.gz"
+    - "{{ taiga_root_dir }}/tmp/taiga-events-{{ taiga_version }}"
+    - "{{ taiga_root_dir }}/tmp/taiga-protected-{{ taiga_version }}.tar.gz"
+    - "{{ taiga_root_dir }}/tmp/taiga-protected-{{ taiga_version }}"
+    - "{{ taiga_root_dir }}/archives/{{ taiga_current_version }}"
+  tags: taiga

roles/taiga/tasks/conf.yml

@@ -0,0 +1,88 @@
+---
+
+- name: Deploy configuration
+  template: src={{ item.src }} dest={{ item.dest }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - src: back/config.py.j2
+      dest: "{{ taiga_root_dir }}/app/back/settings/config.py"
+      group: "{{ taiga_user }}"
+      mode: 640
+    - src: front/conf.json.j2
+      dest: "{{ taiga_root_dir }}/app/front/dist/conf.json"
+    - src: events/env.j2
+      dest: "{{ taiga_root_dir }}/app/events/.env"
+      group: "{{ taiga_user }}"
+      mode: 640
+    - src: protected/env.j2
+      dest: "{{ taiga_root_dir }}/app/protected/.env"
+      group: "{{ taiga_user }}"
+      mode: 640
+  notify: restart taiga
+  tags: taiga
+
+- name: Deploy nginx configuration
+  template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/10-taiga.conf
+  notify: reload nginx
+  tags: taiga
+
+- name: Create RabbitMQ user and vhost
+  shell: |
+    {% if taiga_amqp_user_exists.rc == 0 %}
+    rabbitmqctl change_password {{ taiga_amqp_user }} {{ taiga_amqp_pass }}
+    {% else %}
+    rabbitmqctl add_user {{ taiga_amqp_user }} {{ taiga_amqp_pass }}
+    {% endif %}
+    rabbitmqctl add_vhost {{ taiga_amqp_vhost }}
+    rabbitmqctl set_permissions -p {{ taiga_amqp_vhost }} {{ taiga_amqp_user }} ".*" ".*" ".*"
+  when: taiga_amqp_server in ['localhost', '127.0.0.1']
+  tags: taiga
+
+- when: taiga_install_mode != 'none'
+  block:
+
+    - name: Migrate database
+      django_manage:
+        command: migrate
+        app_path: "{{ taiga_root_dir }}/app/back"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+      become_user: "{{ taiga_user }}"
+
+    - name: Compile messages
+      django_manage:
+        command: compilemessages
+        app_path: "{{ taiga_root_dir }}/app/back"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+
+    - name: Collect static files
+      django_manage:
+        command: collectstatic
+        app_path: "{{ taiga_root_dir }}/app/back"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+
+  environment:
+    DJANGO_SETTINGS_MODULE: settings.config
+    CELERY_ENABLED: False
+  tags: taiga
+
+- when: taiga_install_mode == 'install'
+  block:
+
+    - name: Create admin user
+      django_manage:
+        command: createsuperuser --noinput --username admin --email admin@{{ ansible_domain }}
+        app_path: "{{ taiga_root_dir }}/app/back"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+
+    - name: load initial data
+      django_manage:
+        command: loaddata initial_project_templates
+        app_path: "{{ taiga_root_dir }}/app/back"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+
+  environment:
+    DJANGO_SUPERUSER_PASSWORD: '{{ taiga_admin_pass }}'
+    DJANGO_SETTINGS_MODULE: settings.config
+    CELERY_ENABLED: False
+  become_user: "{{ taiga_user }}"
+  when: taiga_install_mode == 'install'
+  tags: taiga

roles/taiga/tasks/directories.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Create needed directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ taiga_root_dir }}"
+      owner: "{{ taiga_user }}"
+      group: nginx
+      mode: 750
+    - dir: "{{ taiga_root_dir }}/backup"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ taiga_root_dir }}/meta"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ taiga_root_dir }}/archives"
+      owner: root
+      group: root
+      mode: 700
+    - dir: "{{ taiga_root_dir }}/tmp"
+      owner: "{{ taiga_user }}"
+      mode: 700
+    - dir: "{{ taiga_root_dir }}/app"
+    - dir: "{{ taiga_root_dir }}/app/back"
+    - dir: "{{ taiga_root_dir }}/app/front"
+    - dir: "{{ taiga_root_dir }}/app/events"
+    - dir: "{{ taiga_root_dir }}/app/protected"
+    - dir: "{{ taiga_root_dir }}/data/media"
+      owner: "{{ taiga_user }}"
+      group: "{{ taiga_user }}"
+      mode: 750
+  tags: taiga

roles/taiga/tasks/facts.yml

@@ -0,0 +1,65 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: taiga
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ taiga_root_dir }}"
+        - version: "{{ taiga_version }}"
+    - set_fact: taiga_install_mode={{ (install_mode == 'upgrade' and not taiga_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: taiga_current_version={{ current_version | default('') }}
+  tags: taiga
+
+# Generate a password for the database if needed
+- when: taiga_db_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ taiga_root_dir }}/meta/ansible_dbpass"
+    - set_fact: taiga_db_pass={{ rand_pass }}
+  tags: taiga
+
+# Create a random secret key
+- when: taiga_secret_key is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ taiga_root_dir }}/meta/ansible_secret_key"
+    - set_fact: taiga_secret_key={{ rand_pass }}
+  tags: taiga
+
+# AMQP password
+- when: taiga_amqp_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ taiga_root_dir }}/meta/ansible_amqp_pass"
+        - complex: False
+    - set_fact: taiga_amqp_pass={{ rand_pass }}
+  tags: taiga
+
+# Default admin pass
+- when: taiga_admin_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ taiga_root_dir }}/meta/ansible_admin_pass"
+        - complex: False
+    - set_fact: taiga_admin_pass={{ rand_pass }}
+  tags: taiga
+
+- name: Check if RabbitMQ user exists
+  shell: rabbitmqctl list_users | grep -qP '^{{ taiga_amqp_user }}\s+'
+  register: taiga_amqp_user_exists
+  failed_when: False
+  changed_when: False
+  tags: taiga

roles/taiga/tasks/install.yml

@@ -0,0 +1,135 @@
+---
+
+- name: Install packages
+  package: name={{ taiga_packages }}
+  tags: taiga
+
+- name: Stop services during upgrade
+  service: name={{ item }} state=stopped
+  loop:
+    - taiga-back
+    - taiga-async
+    - taiga-events
+    - taiga-protected
+  when: taiga_install_mode == 'upgrade'
+  tags: taiga
+
+- when: taiga_install_mode != 'none'
+  block:
+    - name: Download components
+      get_url:
+        url: "{{ taiga_archives[item].url }}"
+        dest: "{{ taiga_root_dir }}/tmp"
+        checksum: sha256:{{ taiga_archives[item].sha256 }}
+      loop: "{{ taiga_archives.keys() | list }}"
+
+    - name: Extract archives
+      unarchive:
+        src: "{{ taiga_root_dir }}/tmp/{{ taiga_archives[item].dir | default('taiga-' ~ item ~ '-' ~ taiga_version) }}.tar.gz"
+        dest: "{{ taiga_root_dir }}/tmp"
+        remote_src: True
+      loop: "{{ taiga_archives.keys() | list }}"
+
+    - name: Move components to their final dir
+      synchronize:
+        src: "{{ taiga_root_dir }}/tmp/{{ taiga_archives[item].dir | default('taiga-' ~ item ~ '-' ~ taiga_version) }}/"
+        dest: "{{ taiga_root_dir }}/app/{{ item }}/"
+        delete: True
+        compress: False
+      loop: "{{ taiga_archives.keys() | list }}"
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Create the virtualenv
+      pip:
+        name:
+          - pip
+          - wheel
+        virtualenv: "{{ taiga_root_dir }}/venv"
+        virtualenv_command: /bin/python3.9 -m venv
+
+    - name: Install taiga-back dependencies
+      pip:
+        requirements: "{{ taiga_root_dir }}/app/back/requirements.txt"
+        state: "{{ (taiga_install_mode == 'upgrade') | ternary('latest', 'present') }}"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+        virtualenv_command: /bin/python3.9 -m venv
+      #environment:
+      #  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/pgsql-14/bin/
+    
+    - name: Install the contrib-protected plugin
+      pip:
+        name: git+https://github.com/kaleidos-ventures/taiga-contrib-protected.git@stable#egg=taiga-contrib-protected
+        virtualenv: "{{ taiga_root_dir }}/venv"
+        virtualenv_command: /bin/python3.9 -m venv
+
+    - name: Install dependencies for taiga-events
+      npm:
+        path: "{{ taiga_root_dir }}/app/events/"
+
+    - name: Install requirements for taiga-protected
+      pip:
+        requirements: "{{ taiga_root_dir }}/app/protected/requirements.txt"
+        state: "{{ (taiga_install_mode == 'upgrade') | ternary('latest', 'present') }}"
+        virtualenv: "{{ taiga_root_dir }}/venv"
+        virtualenv_command: /bin/python3.9 -m venv
+
+  tags: taiga
+
+- block:
+    - name: Create the PostgreSQL role
+      postgresql_user:
+        db: postgres
+        name: "{{ taiga_db_user }}"
+        password: "{{ taiga_db_pass }}"
+        login_host: "{{ taiga_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ taiga_db_name }}"
+        encoding: UTF-8
+        template: template0
+        owner: "{{ taiga_db_user }}"
+        login_host: "{{ taiga_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+  tags: taiga
+
+- name: Install service units
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  loop:
+    - taiga-back.service
+    - taiga-async.service
+    - taiga-events.service
+    - taiga-protected.service
+  register: taiga_units
+  tags: taiga
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: taiga_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: taiga
+
+- name: Install backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/taiga mode=700
+  loop:
+    - pre
+    - post
+  tags: taiga
+
+- name: Copy SELinux policy
+  copy: src=taiga.te dest=/etc/selinux/targeted/local/
+  register: taiga_selinux_policy
+  tags: taiga
+
+- name: Compile and load SELinux policy
+  shell: |
+    cd /etc/selinux/targeted/local/
+    checkmodule -M -m -o taiga.mod taiga.te
+    semodule_package -o taiga.pp -m taiga.mod
+    semodule -i /etc/selinux/targeted/local/taiga.pp
+  when: ansible_selinux.status == 'enabled' and taiga_selinux_policy.changed
+  tags: taiga
+

roles/taiga/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: taiga_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: taiga_install_mode == 'upgrade'
+- include: cleanup.yml

roles/taiga/tasks/services.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Start and enable services
+  service: name={{ item }} state=started enabled=True
+  loop:
+    - taiga-back
+    - taiga-async
+    - taiga-events
+    - taiga-protected
+  tags: taiga

roles/taiga/tasks/user.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Create user
+  user:
+    name: "{{ taiga_user }}"
+    home: "{{ taiga_root_dir }}"
+    system: True
+    shell: /sbin/nologin
+  tags: taiga

roles/taiga/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ taiga_version }} dest={{ taiga_root_dir }}/meta/ansible_version
+  tags: taiga