Commit f8b50f4b authored by Pâquerette Instance's avatar Pâquerette Instance
Browse files

Migration vers Collabora 11

parent 3b46ad0b
......@@ -19,7 +19,7 @@
app_instance_root: "{{ base_root_opt }}"
loolwsd_log_dest: "{{ base_prod_path }}/log/loolwsd"
coolwsd_log_dest: "{{ base_prod_path }}/log/coolwsd"
# fatal, critical, error, warning, notice, information, debug, trace
collabora_log_level: "error"
......
......@@ -6,10 +6,10 @@
- import_role:
name: _letsencrypt_certificate
- name: "log dest {{ loolwsd_log_dest }}"
- name: "log dest {{ coolwsd_log_dest }}"
file:
state: directory
path: "{{ loolwsd_log_dest }}"
path: "{{ coolwsd_log_dest }}"
mode: "0777"
- name: "apt key for collabora - paquerette"
......@@ -26,9 +26,9 @@
state: present
update_cache: yes
- name: "install loolwsd"
- name: "install coolwsd"
apt:
name: loolwsd
name: coolwsd
state: latest
update_cache: yes
......@@ -41,28 +41,28 @@
- name: "copy letsencrypt cert.pem"
copy:
src: "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem"
dest: "/etc/loolwsd/cert.pem"
dest: "/etc/coolwsd/cert.pem"
mode: "0744"
remote_src: yes
- name: "copy letsencrypt privkey.pem"
copy:
src: "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem"
dest: "/etc/loolwsd/key.pem"
dest: "/etc/coolwsd/key.pem"
mode: "0744"
remote_src: yes
- name: "copy letsencrypt chain.pem"
copy:
src: "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem"
dest: "/etc/loolwsd/chain.pem"
dest: "/etc/coolwsd/chain.pem"
mode: "0744"
remote_src: yes
- name: "copy letsencrypt fullchain.pem"
copy:
src: "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem"
dest: "/etc/loolwsd/ca-chain.cert.pem"
dest: "/etc/coolwsd/ca-chain.cert.pem"
mode: "0744"
remote_src: yes
......@@ -86,23 +86,23 @@
minute: "{{ renew_cert_copy_minute }}"
job: "{{ base_prod_options }}/collabora/collabora-renew-cert.sh"
- name: "template for loolwsd.xml"
- name: "template for coolwsd.xml"
template:
src: loolwsd_xml.j2
dest: "/etc/loolwsd/loolwsd.xml"
src: coolwsd_xml.j2
dest: "/etc/coolwsd/coolwsd.xml"
backup: yes
- name: Replace lool log file destination in service.
- name: Replace cool log file destination in service.
replace:
path: /lib/systemd/system/loolwsd.service
path: /lib/systemd/system/coolwsd.service
regexp: '\/var\/log.*$'
replace: '/mnt/vdb/log'
- name: "reload and restart loolwsd service"
- name: "reload and restart coolwsd service"
systemd:
state: restarted
daemon_reload: yes
name: loolwsd
name: coolwsd
- name: "template nginx_collabora.j2 {{ collabora_domain }}"
template:
......
......@@ -5,12 +5,12 @@
<allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
<tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/var/cache/loolwsd"></tile_cache_path>
<tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/var/cache/coolwsd"></tile_cache_path>
<sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<lo_template_path desc="Path to a LibreOffice installation tree to be copied (linked) into the jails for child processes. Should be on the same file system as systemplate." type="path" relative="false" default="/opt/collaboraoffice6.0"></lo_template_path>
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default="">{{ collabora_domain }}</server_name>
<server_name desc="Hostname:port of the server running coolwsd. If empty, it's derived from the request." type="string" default="">{{ collabora_domain }}</server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
<memproportion desc="The maximum percentage of system memory consumed by all of the LibreOffice Online, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
......@@ -43,7 +43,7 @@
<color type="bool">true</color>
<level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">{{ collabora_log_level }}</level>
<file enable="true">
<property name="path" desc="Log file path.">{{ loolwsd_log_dest }}/loolwsd.log</property>
<property name="path" desc="Log file path.">{{ coolwsd_log_dest }}/coolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property>
......@@ -61,7 +61,7 @@
<loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/cooltrace-%.gz" compress="true" snapshot="false"></path>
<filter>
<message desc="Regex pattern of messages to exclude"></message>
</filter>
......@@ -72,7 +72,7 @@
<net desc="Network settings">
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
<listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
<service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
......@@ -81,15 +81,15 @@
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
</post_allow>
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
</net>
<ssl desc="SSL settings">
<enable type="bool" default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path>
<cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
......@@ -131,10 +131,10 @@
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled."></username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password>
</admin_console>
<monitors desc="Addresses of servers we connect to on start for monitoring">
</monitors>
</config>
\ No newline at end of file
</config>
......@@ -2,15 +2,15 @@
# Copy certificates files from lestencrypt to /etc/loowsd after renew of {{ collabora_domain }}
cp "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem" "/etc/loolwsd/cert.pem"
chmod 0744 "/etc/loolwsd/cert.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/cert.pem" "/etc/coolwsd/cert.pem"
chmod 0744 "/etc/coolwsd/cert.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem" "/etc/loolwsd/key.pem"
chmod 0744 "/etc/loolwsd/key.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/privkey.pem" "/etc/coolwsd/key.pem"
chmod 0744 "/etc/coolwsd/key.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem" "/etc/loolwsd/chain.pem"
chmod 0744 "/etc/loolwsd/chain.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/chain.pem" "/etc/coolwsd/chain.pem"
chmod 0744 "/etc/coolwsd/chain.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem" "/etc/loolwsd/ca-chain.cert.pem"
chmod 0744 "/etc/loolwsd/ca-chain.cert.pem"
cp "/etc/letsencrypt/live/{{ collabora_domain }}/fullchain.pem" "/etc/coolwsd/ca-chain.cert.pem"
chmod 0744 "/etc/coolwsd/ca-chain.cert.pem"
......@@ -12,7 +12,7 @@ server {
error_log {{ www_log | mandatory }}/{{ collabora_domain }}/error.log;
# static files
location ^~ /loleaflet {
location ^~ /browser {
proxy_pass https://localhost:{{ collabora_port | mandatory}};
proxy_set_header Host $http_host;
}
......@@ -30,7 +30,7 @@ server {
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
location ~ ^/cool/(.*)/ws$ {
proxy_pass https://localhost:{{ collabora_port }};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
......@@ -39,13 +39,13 @@ server {
}
# download, presentation and image upload
location ~ ^/lool {
location ~ ^/(c|l)ool {
proxy_pass https://localhost:{{ collabora_port }};
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
location ^~ /cool/adminws {
proxy_pass https://localhost:{{ collabora_port }};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment