Role sonarqube

roles/sonarqube/README.md

+WEBLATE
+=======
+
+Weblate deployement using docker and docker compose
+
+See : https://docs.weblate.org/en/latest/admin/install/docker.html
+
+Requirements
+------------
+
+Needs paquerette ansible utility rôles : https://git.paquerette.eu/paquerette/infrastructure/ansible-paquerette
+
+docker must be available on the machine
+
+Role Variables
+--------------
+
+```yml
+- role: weblate
+  app_instance_id: weblate_main
+  app_user: weblate_user
+  app_user_password: $6$w0Xq3Ebrn$kFq................
+  app_domain: weblate.domain.fr
+  app_admin_password: "sdj....."
+  database_password: "psp....;"
+  description: weblate 
+
+```
+
+Default variables
+
+Can be changed in instance configuration
+
+```yml
+
+  app_admin: "admin"
+  app_admin_email: "{{ smtp_user }}"
+
+  WEBLATE_MT_MYMEMORY_ENABLED: 1
+  WEBLATE_REGISTRATION_OPEN: 1
+
+```
+
+
+Dependencies
+------------
+
+- base_server
+- base_platform
+- docker
+
+
+Using the rôle
+--------------
+
+Installation :
+--------------
+
+`./play.py --inv hosts yourhost weblate_main reinstall`
+
+Uninstallation :
+----------------
+
+WARNING: Uninsall will remove volumes
+
+
+`/play.py --inv hosts yourhost weblate_main uninstall -e 'app_instance_to_uninstall=weblate_main'`
+
+License
+-------
+
+GPL V3
+
+Author Information
+------------------
+
+Jean-Yves LEBLEU jlebleu@gmail.com / contact@paquerette.eu

roles/sonarqube/defaults/main.yml

+---
+# defaults file for sonarqube
+
+app_main_port: "9000"
+app_group: "{{ app_user }}"
+
+database_user : "{{ app_instance_id }}_usr"
+database_name : "sonar"

roles/sonarqube/files/docker-compose.yml

+version: "3"
+
+services:
+  sonarqube:
+    image: sonarqube:community
+    depends_on:
+      - db
+    environment:
+      SONAR_JDBC_URL: jdbc:postgresql://db:5432/${POSTGRES_DATABASE}
+      SONAR_JDBC_USERNAME: ${POSTGRES_USER}
+      SONAR_JDBC_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - sonarqube_data:/opt/sonarqube/data
+      - sonarqube_extensions:/opt/sonarqube/extensions
+      - sonarqube_logs:/opt/sonarqube/logs
+    ports:
+      - 127.0.0.1:${APP_MAIN_PORT:-9000}:9000
+      - ::1:${APP_MAIN_PORT:-9000}:9000
+  db:
+    image: postgres:12
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - postgresql:/var/lib/postgresql
+      - postgresql_data:/var/lib/postgresql/data
+
+volumes:
+  sonarqube_data:
+  sonarqube_extensions:
+  sonarqube_logs:
+  postgresql:
+  postgresql_data:
\ No newline at end of file

roles/sonarqube/handlers/main.yml

+---
+# handlers file for sonarqube
+
+- name: reload nginx sonarqube
+  service: name=nginx state=reloaded

roles/sonarqube/tasks/install.yml

+---
+  - name: update vm.max_map_count
+    ansible.posix.sysctl:
+      name: vm.max_map_count
+      value: '262144'
+      state: present
+
+
+  - name: update or check inventory
+    import_role:
+      name: _app_log_inventory
+    vars:
+      log_type: "install"
+
+  - name: Create of update let'encrypt certificate
+    import_role:
+      name: _letsencrypt_certificate
+    when: app_domain is defined and app_domain != ""
+
+  - name: create user {{ app_user }}
+    import_role:
+      name: _user
+    vars:
+      user_name: "{{ app_user }}"
+      user_password: "{{ app_user_password }}"
+    when: app_user is defined
+
+  - import_tasks: nginx.yml
+
+  - import_tasks: install_sonarqube.yml
+
+  - name: log rotate
+    import_role:
+      name: _app_logrotate
+
+  - name: "enable site for {{ app_domain }}"
+    file:
+      state: link
+      path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf"
+      src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
+    notify: reload nginx sonarqube
+
+  - name: Add monit
+    import_role:
+      name: _app_monit
+    when: monit_request is defined and monit_request != ''

roles/sonarqube/tasks/install_sonarqube.yml

+---
+
+  - name: "copy docker-compose {{ app_instance_id }}"
+    copy:
+      src: "docker-compose.yml"
+      dest: "{{ app_instance_root }}/docker-compose.yml"
+    tags:
+      - sonarqube
+
+  - name: "template .env file {{ app_instance_id }}"
+    template:
+      src: ".env.j2"
+      dest: "{{ app_instance_root }}/.env"
+    tags:
+      - sonarqube
+
+  - name: "start sonarqube environment"
+    docker_compose:
+      project_src: "{{ app_instance_root }}"
+      state: present
+    tags:
+      - sonarqube
\ No newline at end of file

roles/sonarqube/tasks/main.yml

+---
+# tasks file for sonarqube
+
+- name: "set user home var "
+  set_fact:
+    app_user_home: "/home/{{ app_user }}"
+  tags:
+    - setpath
+
+- name: "set instance root"
+  set_fact:
+    app_instance_root: "{{ app_user_home }}/{{ app_instance_id }}"
+  tags:
+    - setpath
+
+- name: "set instance root"
+  set_fact:
+    run_user: "{{ app_user }}"
+  tags:
+    - setpath
+
+- import_tasks: install.yml
+  when: app_run in ['install', 'reinstall']
+
+- import_tasks: uninstall.yml
+  when: app_run == 'uninstall'
\ No newline at end of file

roles/sonarqube/tasks/nginx.yml

+---
+
+  - name: "directory for www logs mounted in jail"
+    file:
+      state: directory
+      path: "{{ app_instance_root }}/../logs"
+      mode: 0711
+      owner: "{{ app_user }}"
+      group: "{{ app_group }}"
+    when: app_user is defined
+
+  - name: "template nginx_app.j2 {{ app_instance_id }}"
+    template:
+      src: "nginx_app.j2"
+      dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
+    notify: reload nginx sonarqube
+    tags:
+      - rev_proxy
\ No newline at end of file

roles/sonarqube/tasks/uninstall.yml

+---
+  - name: log inventory role
+    import_role:
+      name: _app_log_inventory
+    vars:
+      log_type: "uninstall"
+
+  - name: uninstall ningx and logs
+    block:
+
+    - name: "disable site for {{ app_domain }}"
+      file:
+        state: absent
+        path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf"
+      when: app_domain is defined and app_domain != ""
+      register: disable_site
+
+    - import_role:
+        name: _app_monit
+      when: monit_request is defined and monit_request != ''
+
+    - name: reload monit
+      service: name=monit state=reloaded
+      when: disable_site.changed
+
+    - name: "remove nginx configuration for {{ app_instance_id }}"
+      file:
+        state: absent
+        path: "/etc/nginx/sites-available/{{ app_instance_id }}.conf"
+
+    - name: reload nginx
+      service: name=nginx state=reloaded
+      when: disable_site.changed
+
+    - import_role:
+        name: _letsencrypt_certificate
+
+    - import_role:
+        name: _app_logrotate
+
+    - name: "umount {{ app_instance_id }} logs"
+      shell: "umount {{ app_instance_root }}/../logs/{{ app_instance_id }}"
+      failed_when: False
+      changed_when: false
+      when: app_user is defined
+
+    - name: "Remove mount line in fstab for {{ app_user }}"
+      lineinfile:
+        path: "/etc/fstab"
+        regexp: "^{{ www_log }}/{{ app_instance_id }}"
+        state: absent
+      when: app_user is defined
+
+    - name: "remove mount point for {{ app_instance_id }} logs "
+      file:
+        state: absent
+        path: "{{ app_instance_root }}/../logs/{{ app_instance_id }}"
+      when: app_user is defined
+
+    when: app_domain != ""
+
+  - import_tasks: uninstall_sonarqube.yml
+
+  - name: "remove {{ app_instance_root }}"
+    file:
+      state: absent
+      path: "{{ app_instance_root }}"
+
+  - name: remove user {{ app_user }}
+    import_role:
+      name: _user
+    vars:
+      user_name: "{{ app_user }}"
+      user_password: "{{ app_user_password }}"
+      user_to_remove: "{{ app_user }}"
+    when: app_user is defined

roles/sonarqube/tasks/uninstall_sonarqube.yml

+---
+
+  - name: "test docker compose presence"
+    stat:
+      path: "{{ app_instance_root }}/docker-compose.yml"
+    register: compose
+
+  - name: "remove {{ app_service_name }} services and volumes"
+    docker_compose:
+      project_src: "{{ app_instance_root }}"
+      remove_volumes: yes
+      state: absent
+    when: compose.stat.exists
+
+  - name: "docker-compose.yml {{ app_service_name }}"
+    file:
+      state: absent
+      path: "{{ app_instance_root }}/docker-compose.yml"
+
+
+  - name: "remove .env file {{ app_service_name }}"
+    file:
+      state: absent
+      path: "{{ app_instance_root }}/.env"
\ No newline at end of file

roles/sonarqube/templates/.env.j2

+APP_MAIN_PORT={{ app_main_port }}
+POSTGRES_PASSWORD={{ database_password }}
+POSTGRES_USER={{ database_user }}
+POSTGRES_DATABASE={{ database_user }}

roles/sonarqube/templates/nginx_app.j2

+map $http_user_agent $log_ua {
+  ~Monit 0;
+  default 1;
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ app_domain | mandatory }};
+  # enforce https
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ app_domain }};
+
+  ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
+
+  # Add headers to serve security related headers
+  # Before enabling Strict-Transport-Security headers please read into this
+  # topic first.
+  # add_header Strict-Transport-Security "max-age=15768000;
+  # includeSubDomains; preload;";
+  #
+  # WARNING: Only add the preload option once you read about
+  # the consequences in https://hstspreload.org/. This option
+  # will add the domain to a hardcoded list that is shipped
+  # in all major browsers and getting removed from this list
+  # could take several months.
+
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag
+  add_header X-Download-Options noopen;
+  add_header X-Permitted-Cross-Domain-Policies none;
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  # Enable gzip but do not remove ETag headers
+  gzip on;
+  gzip_vary on;
+  gzip_comp_level 4;
+  gzip_min_length 256;
+  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+
+  access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua;
+  error_log {{ www_log }}/{{ app_instance_id }}/error.log;
+
+  # set max upload size
+  client_max_body_size 512M;
+  fastcgi_buffers 64 4K;
+
+
+  location / {
+      proxy_set_header HOST $host;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Host $server_name;
+      proxy_pass http://localhost:{{ app_main_port }};
+  }
+
+}

roles/sonarqube/vars/main.yml

+---
+# vars file for cvat
+
+app_program: "cvat"
\ No newline at end of file