--- # file: roles/zammad/tasks/main.yml - name: Install epel package: name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" state: present disable_gpg_check: True - name: Install prereq packages package: name: - imlib2 - glibc-langpack-en state: present disable_gpg_check: True - name: Install certbot pip: name: certbot executable: pip3 state: latest when: zammad_certbot - name: Deploy certbot renewal service template: src: certbot-renewal.service.j2 dest: /etc/systemd/system/certbot-renewal.service notify: Daemon Reload when: zammad_certbot - name: Deploy certbot renewal timer template: src: certbot-renewal.timer.j2 dest: /etc/systemd/system/certbot-renewal.timer notify: Daemon Reload when: zammad_certbot - name: Enable systemd timer for certbot renewal service: name: certbot-renewal.timer enabled: yes when: zammad_certbot - name: Get localectl status shell: cmd: localectl status | grep -E "en_US.UTF-8" register: locale_status failed_when: false changed_when: false - name: Set localectl setting to en_US command: localectl set-locale LANG=en_US.UTF-8 when: locale_status.rc == 1 - name: Import zammad rpm key rpm_key: state: present key: https://dl.packager.io/srv/zammad/zammad/key - name: Add zammad repo yum_repository: name: zammad description: "Repository for zammad/zammad (stable) packages." baseurl: "https://dl.packager.io/srv/rpm/zammad/zammad/stable/el/9/$basearch" gpgcheck: false gpgkey: "https://dl.packager.io/srv/zammad/zammad/key" state: present - name: Add elasticsearch repo yum_repository: name: elasticsearch description: "Elasticsearch repository for {{ zammad_es_version }}.x packages" baseurl: "https://artifacts.elastic.co/packages/{{ zammad_es_version }}.x/yum" gpgcheck: false gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" state: present - name: Install core packages package: name: - elasticsearch - nginx - postgresql-server - compat-openssl11 - redis state: present - name: Start and enable redis services service: name: redis state: started enabled: yes - name: Check if postgresql is initialized stat: path: "/var/lib/pgsql/data/pg_hba.conf" register: postgres_data - name: Initialize postgresql shell: "postgresql-setup initdb" when: not postgres_data.stat.exists - name: Ensure that password auth is enabled for postgre on ipv4 addresses lineinfile: path: /var/lib/pgsql/data/pg_hba.conf regexp: '^host all all 127.0.0.1/32' insertafter: '^# IPv4 local connections:' line: "host all all 127.0.0.1/32 md5" notify: Restart postgresql - name: Ensure that password auth is enabled for postgre on ipv6 addresses lineinfile: path: /var/lib/pgsql/data/pg_hba.conf regexp: '^host all all ::1/128' insertafter: '^# IPv6 local connections:' line: "host all all ::1/128 md5" notify: Restart postgresql - name: Start and enable postgresql services service: name: postgresql state: started enabled: yes - name: Install ingest-attachment plugin in elasticsearch elasticsearch_plugin: name: ingest-attachment state: present - name: Ensure the network host is set lineinfile: path: /etc/elasticsearch/elasticsearch.yml regexp: '^network.host:' insertafter: '^#network.host:' line: "network.host: {{ zammad_es_network_host }}" when: zammad_es_network_host != "" notify: Restart elasticsearch - name: Ensure the discovery seed hosts is set lineinfile: path: /etc/elasticsearch/elasticsearch.yml regexp: '^discovery.seed_hosts:' insertafter: '^#discovery.seed_hosts:' line: "discovery.seed_hosts: {{ zammad_es_discovery_seed_hosts }}" when: zammad_es_discovery_seed_hosts != "" notify: Restart elasticsearch - name: Ensure the max_content_length is set lineinfile: path: /etc/elasticsearch/elasticsearch.yml regexp: '^http.max_content_length:' insertafter: '^#http.max_content_length:' line: "http.max_content_length: {{ zammad_es_max_content_length }}" when: zammad_es_max_content_length != "" notify: Restart elasticsearch - name: Ensure the max_content_length is set lineinfile: path: /etc/elasticsearch/elasticsearch.yml regexp: '^indices.query.bool.max_clause_count:' insertafter: '^#indices.query.bool.max_clause_count:' line: "indices.query.bool.max_clause_count: {{ zammad_es_max_clause_count }}" when: zammad_es_max_clause_count != "" notify: Restart elasticsearch - name: Ensure the xpack_security is set lineinfile: path: /etc/elasticsearch/elasticsearch.yml regexp: '^xpack.security.enabled:' insertafter: '^#xpack.security.enabled:' line: "xpack.security.enabled: {{ zammad_es_xpack_security_enabled }}" when: zammad_es_xpack_security_enabled != "" notify: Restart elasticsearch # TODO Add elasticsearch user/pass - name: Enable elastic search ingest fix block: - name: Ensure directory exists for zammad scripts file: path: /bin/zammadUtilites recurse: yes state: directory - name: Deploy ingest-attachment-fix script template: src: ingest-attachment-fix.sh.j2 dest: /bin/zammadUtilites/ingest-attachment-fix.sh - name: Ensure directory exists for elasticsearch override file: path: /etc/systemd/system/elasticsearch.service.d recurse: yes state: directory - name: Configure elasticsearch-fail service template: src: elasticsearch-fail.service.j2 dest: /etc/systemd/system/elasticsearch-fail.service notify: Daemon Reload - name: Configure elasticsearch override template: src: elasticsearch.override.conf.j2 dest: /etc/systemd/system/elasticsearch.service.d/override.conf notify: Daemon Reload when: zammad_es_ingest_fix - name: Start and enable elasticsearch services service: name: elasticsearch state: started enabled: yes - name: Install zammad package: name: zammad state: present - name: Fix permissions on zammad public folder file: path: /opt/zammad/public owner: zammad group: zammad mode: '755' recurse: true - name: Manage es_user block: - name: Get es_user shell: zammad run rails r "p Setting.get('es_user')" changed_when: False register: es_user_result - name: Set es_user shell: zammad run rails r "Setting.set('es_user', '{{ zammad_es_username }}')" when: not ( ('"' + zammad_es_username + '"') == es_user_result.stdout) when: zammad_es_username != "" - name: Manage es_password block: - name: Get es_password shell: zammad run rails r "p Setting.get('es_password')" changed_when: False register: es_password_result - name: Set es_password shell: zammad run rails r "Setting.set('es_password', '{{ zammad_es_password }}')" when: not ( ('"' + zammad_es_password + '"') == es_password_result.stdout) when: zammad_es_password != "" - name: Get es_url shell: zammad run rails r "p Setting.get('es_url')" changed_when: False register: es_url_result - name: Manage es_url block: - name: Set es_url shell: zammad run rails r "Setting.set('es_url', '{{ zammad_es_url }}')" - name: Rebuild search index shell: zammad run rake zammad:searchindex:rebuild when: not ( ('"' + zammad_es_url + '"') == es_url_result.stdout) - name: Manage es_attachment_ignore block: - name: Get es_attachment_ignore shell: zammad run rails r "p Setting.get('es_attachment_ignore')" changed_when: False register: es_attachment_ignore_result - name: Set es_attachment_ignore shell: zammad run rails r "Setting.set('es_attachment_ignore', [ {{ zammad_es_attachment_ignore }} ] )" when: not ( ("[" + zammad_es_attachment_ignore | regex_replace("'", '"') + "]") == es_attachment_ignore_result.stdout ) when: zammad_es_attachment_ignore != "" - name: Manage es_attachment_max_size_in_mb block: - name: Get es_attachment_max_size_in_mb shell: zammad run rails r "p Setting.get('es_attachment_max_size_in_mb')" changed_when: False register: es_attachment_max_size_in_mb_result - name: Set es_attachment_max_size_in_mb shell: zammad run rails r "Setting.set('es_attachment_max_size_in_mb', '{{ zammad_es_attachment_max_size_in_mb }}')" when: not ( ('"' + zammad_es_attachment_max_size_in_mb + '"') == es_attachment_max_size_in_mb_result.stdout) when: zammad_es_attachment_max_size_in_mb != "" - name: Deploy custom CSS template: src: "{{ item }}" dest: "/opt/zammad/app/assets/stylesheets/custom/{{ item | basename }}" owner: zammad group: zammad with_fileglob: "{{ zammad_custom_css }}/*" notify: Zammad precompile - name: Get current template folders find: paths: "{{ role_path }}/{{ zammad_custom_templates }}/" file_type: directory register: templateDirs delegate_to: 127.0.0.1 - name: Process loop for a given template include_tasks: file: customTemplates.yml loop: "{{ templateDirs.files }}" loop_control: loop_var: templateType extended: yes - name: Enable zammad override block: - name: Ensure directory exists for zammad override file: path: /etc/systemd/system/zammad.service.d recurse: yes state: directory - name: Configure zammad override template: src: zammad.override.conf.j2 dest: /etc/systemd/system/zammad.service.d/override.conf notify: Daemon Reload when: zammad_precompile - name: Start and enable zammad service service: name: zammad state: started enabled: yes - name: Deploy zammad configuration file template: src: zammad.conf.j2 dest: /etc/nginx/conf.d/zammad.conf notify: Reload nginx - name: Deploy httpsRedirect configuration file template: src: httpsRedirect.conf.j2 dest: /etc/nginx/conf.d/httpsRedirect.conf notify: Reload nginx when: zammad_httpsRedirect - name: Start and enable nginx services service: name: nginx state: started enabled: yes - name: Set httpd_can_network_connect flag seboolean: name: httpd_can_network_connect state: true persistent: true - name: Allow apache to modify files in /opt/zammad/public/ sefcontext: target: '/opt/zammad/public(/.*)?' setype: httpd_sys_content_t state: present register: se_zammad_public - name: Apply SELinux file context to files command: restorecon -irv /opt/zammad/public when: se_zammad_public.changed - name: Allow http ports access through the firewall firewalld: service: http permanent: yes state: enabled notify: Reload firewalld - name: Allow https ports access through the firewall firewalld: service: https permanent: yes state: enabled notify: Reload firewalld