Tyler/Ansible-Zammad
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Ansible-Zammad/roles/zammad/tasks/main.yml
Tyler Hale 7533271edb
Updates for v6
2023-06-06 06:19:05 -06:00

384 lines
11 KiB
YAML
Raw Blame History

---
# file: roles/zammad/tasks/main.yml
- name: Install epel
package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
disable_gpg_check: True
- name: Install prereq packages
package:
name:
- imlib2
- glibc-langpack-en
state: present
disable_gpg_check: True
- name: Install certbot
pip:
name: certbot
executable: pip3
state: latest
when: zammad_certbot
- name: Deploy certbot renewal service
template:
src: certbot-renewal.service.j2
dest: /etc/systemd/system/certbot-renewal.service
notify: Daemon Reload
when: zammad_certbot
- name: Deploy certbot renewal timer
template:
src: certbot-renewal.timer.j2
dest: /etc/systemd/system/certbot-renewal.timer
notify: Daemon Reload
when: zammad_certbot
- name: Enable systemd timer for certbot renewal
service:
name: certbot-renewal.timer
enabled: yes
when: zammad_certbot
- name: Get localectl status
shell:
cmd: localectl status | grep -E "en_US.UTF-8"
register: locale_status
failed_when: false
changed_when: false
- name: Set localectl setting to en_US
command: localectl set-locale LANG=en_US.UTF-8
when: locale_status.rc == 1
- name: Import zammad rpm key
rpm_key:
state: present
key: https://dl.packager.io/srv/zammad/zammad/key
- name: Add zammad repo
yum_repository:
name: zammad
description: "Repository for zammad/zammad (stable) packages."
baseurl: "https://dl.packager.io/srv/rpm/zammad/zammad/stable/el/8/$basearch"
gpgcheck: false
gpgkey: "https://dl.packager.io/srv/zammad/zammad/key"
state: present
- name: Add elasticsearch repo
yum_repository:
name: elasticsearch
description: "Elasticsearch repository for {{ zammad_es_version }}.x packages"
baseurl: "https://artifacts.elastic.co/packages/{{ zammad_es_version }}.x/yum"
gpgcheck: false
gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
state: present
- name: Install core packages
package:
name:
- elasticsearch
- nginx
- postgresql-server
- compat-openssl11
- redis
state: present
- name: Start and enable redis services
service:
name: redis
state: started
enabled: yes
- name: Check if postgresql is initialized
stat:
path: "/var/lib/pgsql/data/pg_hba.conf"
register: postgres_data
- name: Initialize postgresql
shell: "postgresql-setup initdb"
when: not postgres_data.stat.exists
- name: Ensure that password auth is enabled for postgre on ipv4 addresses
lineinfile:
path: /var/lib/pgsql/data/pg_hba.conf
regexp: '^host all all 127.0.0.1/32'
insertafter: '^# IPv4 local connections:'
line: "host all all 127.0.0.1/32 md5"
notify: Restart postgresql
- name: Ensure that password auth is enabled for postgre on ipv6 addresses
lineinfile:
path: /var/lib/pgsql/data/pg_hba.conf
regexp: '^host all all ::1/128'
insertafter: '^# IPv6 local connections:'
line: "host all all ::1/128 md5"
notify: Restart postgresql
- name: Start and enable postgresql services
service:
name: postgresql
state: started
enabled: yes
- name: Install ingest-attachment plugin in elasticsearch
elasticsearch_plugin:
name: ingest-attachment
state: present
- name: Ensure the network host is set
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regexp: '^network.host:'
insertafter: '^#network.host:'
line: "network.host: {{ zammad_es_network_host }}"
when: zammad_es_network_host != ""
notify: Restart elasticsearch
- name: Ensure the discovery seed hosts is set
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regexp: '^discovery.seed_hosts:'
insertafter: '^#discovery.seed_hosts:'
line: "discovery.seed_hosts: {{ zammad_es_discovery_seed_hosts }}"
when: zammad_es_discovery_seed_hosts != ""
notify: Restart elasticsearch
- name: Ensure the max_content_length is set
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regexp: '^http.max_content_length:'
insertafter: '^#http.max_content_length:'
line: "http.max_content_length: {{ zammad_es_max_content_length }}"
when: zammad_es_max_content_length != ""
notify: Restart elasticsearch
- name: Ensure the max_content_length is set
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regexp: '^indices.query.bool.max_clause_count:'
insertafter: '^#indices.query.bool.max_clause_count:'
line: "indices.query.bool.max_clause_count: {{ zammad_es_max_clause_count }}"
when: zammad_es_max_clause_count != ""
notify: Restart elasticsearch
- name: Ensure the xpack_security is set
lineinfile:
path: /etc/elasticsearch/elasticsearch.yml
regexp: '^xpack.security.enabled:'
insertafter: '^#xpack.security.enabled:'
line: "xpack.security.enabled: {{ zammad_es_xpack_security_enabled }}"
when: zammad_es_xpack_security_enabled != ""
notify: Restart elasticsearch
# TODO Add elasticsearch user/pass
- name: Enable elastic search ingest fix
block:
- name: Ensure directory exists for zammad scripts
file:
path: /bin/zammadUtilites
recurse: yes
state: directory
- name: Deploy ingest-attachment-fix script
template:
src: ingest-attachment-fix.sh.j2
dest: /bin/zammadUtilites/ingest-attachment-fix.sh
- name: Ensure directory exists for elasticsearch override
file:
path: /etc/systemd/system/elasticsearch.service.d
recurse: yes
state: directory
- name: Configure elasticsearch-fail service
template:
src: elasticsearch-fail.service.j2
dest: /etc/systemd/system/elasticsearch-fail.service
notify: Daemon Reload
- name: Configure elasticsearch override
template:
src: elasticsearch.override.conf.j2
dest: /etc/systemd/system/elasticsearch.service.d/override.conf
notify: Daemon Reload
when: zammad_es_ingest_fix
- name: Start and enable elasticsearch services
service:
name: elasticsearch
state: started
enabled: yes
- name: Install zammad
package:
name: zammad
state: present
- name: Fix permissions on zammad public folder
file:
path: /opt/zammad/public
owner: zammad
group: zammad
mode: '755'
recurse: true
- name: Manage es_user
block:
- name: Get es_user
shell: zammad run rails r "p Setting.get('es_user')"
changed_when: False
register: es_user_result
- name: Set es_user
shell: zammad run rails r "Setting.set('es_user', '{{ zammad_es_username }}')"
when: not ( ('"' + zammad_es_username + '"') == es_user_result.stdout)
when: zammad_es_username != ""
- name: Manage es_password
block:
- name: Get es_password
shell: zammad run rails r "p Setting.get('es_password')"
changed_when: False
register: es_password_result
- name: Set es_password
shell: zammad run rails r "Setting.set('es_password', '{{ zammad_es_password }}')"
when: not ( ('"' + zammad_es_password + '"') == es_password_result.stdout)
when: zammad_es_password != ""
- name: Get es_url
shell: zammad run rails r "p Setting.get('es_url')"
changed_when: False
register: es_url_result
- name: Manage es_url
block:
- name: Set es_url
shell: zammad run rails r "Setting.set('es_url', '{{ zammad_es_url }}')"
- name: Rebuild search index
shell: zammad run rake zammad:searchindex:rebuild
when: not ( ('"' + zammad_es_url + '"') == es_url_result.stdout)
- name: Manage es_attachment_ignore
block:
- name: Get es_attachment_ignore
shell: zammad run rails r "p Setting.get('es_attachment_ignore')"
changed_when: False
register: es_attachment_ignore_result
- name: Set es_attachment_ignore
shell: zammad run rails r "Setting.set('es_attachment_ignore', [ {{ zammad_es_attachment_ignore }} ] )"
when: not ( ("[" + zammad_es_attachment_ignore | regex_replace("'", '"') + "]") == es_attachment_ignore_result.stdout )
when: zammad_es_attachment_ignore != ""
- name: Manage es_attachment_max_size_in_mb
block:
- name: Get es_attachment_max_size_in_mb
shell: zammad run rails r "p Setting.get('es_attachment_max_size_in_mb')"
changed_when: False
register: es_attachment_max_size_in_mb_result
- name: Set es_attachment_max_size_in_mb
shell: zammad run rails r "Setting.set('es_attachment_max_size_in_mb', '{{ zammad_es_attachment_max_size_in_mb }}')"
when: not ( ('"' + zammad_es_attachment_max_size_in_mb + '"') == es_attachment_max_size_in_mb_result.stdout)
when: zammad_es_attachment_max_size_in_mb != ""
- name: Deploy custom CSS
template:
src: "{{ item }}"
dest: "/opt/zammad/app/assets/stylesheets/custom/{{ item | basename }}"
owner: zammad
group: zammad
with_fileglob: "{{ zammad_custom_css }}/*"
notify: Zammad precompile
- name: Get current template folders
find:
paths: "{{ role_path }}/{{ zammad_custom_templates }}/"
file_type: directory
register: templateDirs
delegate_to: 127.0.0.1
- name: Process loop for a given template
include_tasks:
file: customTemplates.yml
loop: "{{ templateDirs.files }}"
loop_control:
loop_var: templateType
extended: yes
- name: Enable zammad override
block:
- name: Ensure directory exists for zammad override
file:
path: /etc/systemd/system/zammad.service.d
recurse: yes
state: directory
- name: Configure zammad override
template:
src: zammad.override.conf.j2
dest: /etc/systemd/system/zammad.service.d/override.conf
notify: Daemon Reload
when: zammad_precompile
- name: Start and enable zammad service
service:
name: zammad
state: started
enabled: yes
- name: Deploy zammad configuration file
template:
src: zammad.conf.j2
dest: /etc/nginx/conf.d/zammad.conf
notify: Reload nginx
- name: Deploy httpsRedirect configuration file
template:
src: httpsRedirect.conf.j2
dest: /etc/nginx/conf.d/httpsRedirect.conf
notify: Reload nginx
when: zammad_httpsRedirect
- name: Start and enable nginx services
service:
name: nginx
state: started
enabled: yes
- name: Set httpd_can_network_connect flag
seboolean:
name: httpd_can_network_connect
state: true
persistent: true
- name: Allow apache to modify files in /opt/zammad/public/
sefcontext:
target: '/opt/zammad/public(/.*)?'
setype: httpd_sys_content_t
state: present
register: se_zammad_public
- name: Apply SELinux file context to files
command: restorecon -irv /opt/zammad/public
when: se_zammad_public.changed
- name: Allow http ports access through the firewall
firewalld:
service: http
permanent: yes
state: enabled
notify: Reload firewalld
- name: Allow https ports access through the firewall
firewalld:
service: https
permanent: yes
state: enabled
notify: Reload firewalld
Reference in a new issue View git blame Copy permalink