Commit 4d71d212 authored by Julien Gomes Dias's avatar Julien Gomes Dias
Browse files

Merge branch 'espocrm_role' into 'master'

[add] Espocrm role

Closes infrastructure-p-querette#64

See merge request !9
parents acbe200f e89fb03d
# EspoCRM
Role for EspoCRM web app.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
GPLv3
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
app_version: 7.0.8
app_user_chrooted: "yes"
php_composer: "no"
python3: "no"
app_wsgi: "no"
---
- name: reload nginx web_app - EspoCRM
service: name=nginx state=reloaded
- name: reload php-fpm web_app - EspoCRM
service: name=php{{ php_version }}-fpm state=reloaded
\ No newline at end of file
galaxy_info:
author: Julien Gomes Dias
description: EspoCRM role
company: Paquerette
license: GPL-3.0-or-later
min_ansible_version: 2.1
galaxy_tags: []
dependencies: []
---
- name: "Import web_app role - EspoCRM"
import_role:
name: _web_app
- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}"
template:
src: "{{ rev_proxy }}_app.j2"
dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf"
when: app_wsgi == "no"
notify: reload {{ rev_proxy }} web_app
tags:
- espocrm_rev_proxy
- name: "cron monthly retrieving slaves backups"
cron:
name: "Cron EspoCRM"
hour: "23"
minute: "0"
job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1"
user: "{{ app_user }}"
- name: check if {{ app_instance_root }} exists
stat:
path: "{{ app_instance_root }}"
register: "app_root_exist"
tags:
- espocrm_files_rights
- name: attribute correct rights on files
file:
state: directory
path: "{{ item.path }}"
mode: "{{ item.mode }}"
tags:
- espocrm_files_rights
when: "app_root_exist.stat.exists"
loop: "{{ files_rights_directory }}"
- name: "directory and permissions on {{ app_instance_root }}/bin/command"
file:
state: file
path: "{{ app_instance_root }}/bin/command"
mode: 0754
tags:
- espocrm_files_rights
when: app_root_exist.stat.exists
- name: check if file /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf exists before modifying configuration
stat:
path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf"
register: "fpmconf_espo_exist"
tags:
- confphpfpm_espocrm
- name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf"
lineinfile:
path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf"
regex: '^php_value[{{ item.key }}]'
state: absent
loop: "{{ php_params }}"
tags:
- confphpfpm_espocrm
when: fpmconf_espo_exist.stat.exists
- name: "Configure {{ item.key }}"
lineinfile:
line: "php_value[{{ item.key }}] = {{ item.val }}"
path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf"
state: present
loop: "{{ php_params }}"
tags:
- confphpfpm_espocrm
when: fpmconf_espo_exist.stat.exists
- name: Print db informations for manual installation
vars:
msg: |
db_name: {{ app_instance_id }}_db
db_user: {{ app_instance_id }}_usr
db_pass: {{ database_password }}
debug:
msg: "{{ msg.split('\n') }}"
tags: debug_db_info
when: app_run in ['install', 'reinstall']
---
- import_tasks: install.yml
when: app_run in ['install', 'reinstall', 'upgrade']
- import_tasks: uninstall.yml
when: app_run == 'uninstall'
\ No newline at end of file
---
- name: "Import web_app role - EspoCRM"
import_role:
name: _web_app
\ No newline at end of file
upstream php-handler{{ app_instance_id }} {
server unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
}
map $http_user_agent $log_ua {
~Monit 0;
default 1;
}
server {
listen 80;
listen [::]:80;
server_name {{ app_domain | mandatory }};
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ app_domain }};
ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Strict-Transport-Security "max-age=15768000";
access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua;
error_log {{ www_log }}/{{ app_instance_id }}/error.log;
include {{ app_instance_www_root }}/nginx/*.conf;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
root {{ app_instance_root }}/public; # path to public dir
index index.php;
location /client {
root {{ app_instance_root }}; # path to espocrm root dir
autoindex off;
location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|tpl)$ {
access_log off;
expires max;
}
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
}
location /api/v1/ {
if (!-e $request_filename){
rewrite ^/api/v1/(.*)$ /api/v1/index.php last; break;
}
}
location /portal/ {
try_files $uri $uri/ /portal/index.php?$query_string;
}
location /api/v1/portal-access {
if (!-e $request_filename){
rewrite ^/api/v1/(.*)$ /api/v1/portal-access/index.php last; break;
}
}
location ~ /(\.htaccess|\web.config|\.git) {
deny all;
}
}
---
- hosts: localhost
remote_user: root
roles:
- espocrm
---
app_program: "EspoCRM"
app_src_root_name: "EspoCRM-{{ app_version }}"
database_type: "mysql"
packages_list: [ "php{{ php_version }}-mysql", "php{{ php_version }}-xml", "php{{ php_version }}-xmlwriter", "php{{ php_version }}-json", "php{{ php_version }}-gd", "php{{ php_version }}-zip", "php{{ php_version }}-imap", "php{{ php_version }}-mbstring", "php{{ php_version }}-curl", "php{{ php_version }}-exif", "php{{ php_version }}-ldap" ]
app_src: "https://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip"
php_version: "7.4"
app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data"
app_group: www-data
php_params: [
{ key: max_execution_time, val: 180 },
{ key: max_input_time, val: 180 },
{ key: memory_limit, val: 256M },
{ key: post_max_size, val: 50M },
{ key: upload_max_filesize, val: 50M }
]
files_rights_directory: [
{mode: 755, path: "{{ app_instance_root }}/client/modules", name: modules},
{mode: 755, path: "{{ app_instance_root }}/data", name: data},
{mode: 755, path: "{{ app_instance_root }}/client/custom", name: client_custom},
{mode: 775, path: "{{ app_instance_root }}/application/Espo/Modules", name: espo_modules},
{mode: 775, path: "{{ app_instance_root }}/client/modules", name: client_modules},
]
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment