From 8071e340dd24fc1ff186dd3a3808fe9d66452892 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 16:09:17 +0100 Subject: [PATCH 01/15] init espocrm role --- roles/espocrm/README.md | 37 ++++++++++ roles/espocrm/defaults/main.yml | 21 ++++++ roles/espocrm/handlers/main.yml | 7 ++ roles/espocrm/meta/main.yml | 12 +++ roles/espocrm/tasks/main.yml | 71 ++++++++++++++++++ roles/espocrm/templates/nginx_app.j2 | 105 +++++++++++++++++++++++++++ roles/espocrm/tests/inventory | 2 + roles/espocrm/tests/test.yml | 5 ++ roles/espocrm/vars/main.yml | 13 ++++ 9 files changed, 273 insertions(+) create mode 100644 roles/espocrm/README.md create mode 100644 roles/espocrm/defaults/main.yml create mode 100644 roles/espocrm/handlers/main.yml create mode 100644 roles/espocrm/meta/main.yml create mode 100644 roles/espocrm/tasks/main.yml create mode 100644 roles/espocrm/templates/nginx_app.j2 create mode 100644 roles/espocrm/tests/inventory create mode 100644 roles/espocrm/tests/test.yml create mode 100644 roles/espocrm/vars/main.yml diff --git a/roles/espocrm/README.md b/roles/espocrm/README.md new file mode 100644 index 00000000..ab1db5d3 --- /dev/null +++ b/roles/espocrm/README.md @@ -0,0 +1,37 @@ +# EspoCRM + +Role for EspoCRM web app. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +GPLv3 + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/espocrm/defaults/main.yml b/roles/espocrm/defaults/main.yml new file mode 100644 index 00000000..0f47072d --- /dev/null +++ b/roles/espocrm/defaults/main.yml @@ -0,0 +1,21 @@ +--- +app_version: 1.1.14 + +app_user_chrooted: "yes" + +php_composer: "no" +python3: "no" +app_wsgi: "no" + +# +# smtp default parameters +# + +smtp_security: STARTTLS +smtp_host: false +smtp_user: null +smtp_pass: null +smtp_port: 587 + + +app_backup_data: "yes" diff --git a/roles/espocrm/handlers/main.yml b/roles/espocrm/handlers/main.yml new file mode 100644 index 00000000..0529fe1d --- /dev/null +++ b/roles/espocrm/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: reload nginx web_app - EspoCRM + service: name=nginx state=reloaded + +- name: reload php-fpm web_app - EspoCRM + service: name=php{{ php_version }}-fpm state=reloaded \ No newline at end of file diff --git a/roles/espocrm/meta/main.yml b/roles/espocrm/meta/main.yml new file mode 100644 index 00000000..9fa2caea --- /dev/null +++ b/roles/espocrm/meta/main.yml @@ -0,0 +1,12 @@ +galaxy_info: + author: Julien Gomes Dias + description: EspoCRM role + company: Paquerette + + license: GPL-3.0-or-later + + min_ansible_version: 2.1 + + galaxy_tags: [] + +dependencies: [] diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml new file mode 100644 index 00000000..9e1eb73d --- /dev/null +++ b/roles/espocrm/tasks/main.yml @@ -0,0 +1,71 @@ +--- + +- name: "Import web_app role - EspoCRM" + import_role: + name: _web_app + +- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + when: app_wsgi == "no" + notify: reload {{ rev_proxy }} web_app + tags: + - espocrm_rev_proxy + + +- name: "cron monthly retrieving slaves backups" + cron: + name: "Cron EspoCRM" + hour: "23" + minute: "0" + job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" + user: "{{ app_instance_id }}" + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/data" + mode: 0755 + tags: + - espocrm_files_rights + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/custom" + mode: 0755 + tags: + - espocrm_files_rights + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/client/custom" + mode: 0755 + tags: + - espocrm_files_rights + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/application/Espo/Modules" + mode: 0775 + tags: + - espocrm_files_rights + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/client/modules" + mode: 0775 + tags: + - espocrm_files_rights + +- name: "directory and permissions on {{ base_prod_path }}" + file: + state: directory + path: "{{ app_instance_root }}/bin/command" + mode: 0754 + tags: + - espocrm_files_rights \ No newline at end of file diff --git a/roles/espocrm/templates/nginx_app.j2 b/roles/espocrm/templates/nginx_app.j2 new file mode 100644 index 00000000..b293453e --- /dev/null +++ b/roles/espocrm/templates/nginx_app.j2 @@ -0,0 +1,105 @@ +upstream php-handler{{ app_instance_id }} { + server unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock; +} + + +map $http_user_agent $log_ua { + ~Monit 0; + default 1; +} + +server { + listen 80; + listen [::]:80; + server_name {{ app_domain | mandatory }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ app_domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Strict-Transport-Security "max-age=15768000"; + + access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua; + error_log {{ www_log }}/{{ app_instance_id }}/error.log; + + include {{ app_instance_www_root }}/nginx/*.conf; + + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + root {{ app_instance_root }}/public; # path to public dir + + location /client { + root {{ app_instance_root }}; # path to espocrm root dir + autoindex off; + + location ~* ^.+.(js|css|png|jpg|jpeg|gif|ico|tpl)$ { + access_log off; + expires max; + } + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + } + + location /api/v1/ { + if (!-e $request_filename){ + rewrite ^/api/v1/(.*)$ /api/v1/index.php last; break; + } + } + + location /portal/ { + try_files $uri $uri/ /portal/index.php?$query_string; + } + + location /api/v1/portal-access { + if (!-e $request_filename){ + rewrite ^/api/v1/(.*)$ /api/v1/portal-access/index.php last; break; + } + } + + location ~ /(\.htaccess|\web.config|\.git) { + deny all; + } +} diff --git a/roles/espocrm/tests/inventory b/roles/espocrm/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/roles/espocrm/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/espocrm/tests/test.yml b/roles/espocrm/tests/test.yml new file mode 100644 index 00000000..16d6db0d --- /dev/null +++ b/roles/espocrm/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - espocrm diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml new file mode 100644 index 00000000..b1a2673b --- /dev/null +++ b/roles/espocrm/vars/main.yml @@ -0,0 +1,13 @@ +--- +app_program: "Garradin" + +app_src_root_name: "EspoCRM-{{ app_version }}" +database_type: "mysql" +packages_list: [] + +app_src: "hhttps://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip" +php_version: "7.4" + +app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data" + +app_group: www-data -- GitLab From fdb288e9f6345d5098e8b7c411e485c798309c2a Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 16:37:14 +0100 Subject: [PATCH 02/15] init espocrm role --- roles/espocrm/defaults/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/espocrm/defaults/main.yml b/roles/espocrm/defaults/main.yml index 0f47072d..6ae7675f 100644 --- a/roles/espocrm/defaults/main.yml +++ b/roles/espocrm/defaults/main.yml @@ -1,5 +1,5 @@ --- -app_version: 1.1.14 +app_version: 7.0.8 app_user_chrooted: "yes" @@ -16,6 +16,3 @@ smtp_host: false smtp_user: null smtp_pass: null smtp_port: 587 - - -app_backup_data: "yes" -- GitLab From ee38efcb283144d7926f8d2b2a2fe8507e9a63cc Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Mon, 13 Dec 2021 16:54:37 +0100 Subject: [PATCH 03/15] [fix] some corrections on role --- roles/espocrm/tasks/main.yml | 6 +++--- roles/espocrm/vars/main.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 9e1eb73d..33e15766 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -20,7 +20,7 @@ hour: "23" minute: "0" job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" - user: "{{ app_instance_id }}" + user: "{{ app_user }}" - name: "directory and permissions on {{ base_prod_path }}" file: @@ -64,8 +64,8 @@ - name: "directory and permissions on {{ base_prod_path }}" file: - state: directory + state: file path: "{{ app_instance_root }}/bin/command" mode: 0754 tags: - - espocrm_files_rights \ No newline at end of file + - espocrm_files_rights diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index b1a2673b..4dd43537 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -5,7 +5,7 @@ app_src_root_name: "EspoCRM-{{ app_version }}" database_type: "mysql" packages_list: [] -app_src: "hhttps://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip" +app_src: "https://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip" php_version: "7.4" app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data" -- GitLab From db740f3b177b57c03c23276d79f43ba0746fd6c1 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 16:57:15 +0100 Subject: [PATCH 04/15] [fix] add php packages --- roles/espocrm/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index 4dd43537..b7c56c83 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -3,7 +3,7 @@ app_program: "Garradin" app_src_root_name: "EspoCRM-{{ app_version }}" database_type: "mysql" -packages_list: [] +packages_list: [ "php{{ php_version }}-mysql", "php{{ php_version }}-json", "php{{ php_version }}-gd", "php{{ php_version }}-zip", "php{{ php_version }}-imap", "php{{ php_version }}-mbstring", "php{{ php_version }}-curl", "php{{ php_version }}-exif", "php{{ php_version }}-ldap" ] app_src: "https://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip" php_version: "7.4" -- GitLab From 85eee069068b6a1cb1c2a817f00843fedc21aed4 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 19:26:14 +0100 Subject: [PATCH 05/15] [fix] add php_value in php_fpm (to be changed in future) --- roles/espocrm/tasks/main.yml | 46 ++++++++++++++++++++++++++++ roles/espocrm/templates/nginx_app.j2 | 2 ++ roles/espocrm/vars/main.yml | 10 +++++- 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 33e15766..c981fff6 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -69,3 +69,49 @@ mode: 0754 tags: - espocrm_files_rights + + +- name: "Configure max_execution_time" + lineinfile: + line: "php_value[max_execution_time] = {{ php.max_execution_time }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + notify: reload php-fpm php7_fpm + tags: + - confphpfpm_espocrm + +- name: "Configure max_input_time" + lineinfile: + line: "php_value[max_input_time] = {{ php.max_input_time }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + notify: reload php-fpm php7_fpm + tags: + - confphpfpm_espocrm + +- name: "Configure memory_limit" + lineinfile: + line: "php_value[memory_limit] = {{ php.memory_limit }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + notify: reload php-fpm php7_fpm + tags: + - confphpfpm_espocrm + +- name: "Configure post_max_size" + lineinfile: + line: "php_value[post_max_size] = {{ php.post_max_size }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + notify: reload php-fpm php7_fpm + tags: + - confphpfpm_espocrm + +- name: "Configure upload_max_filesize" + lineinfile: + line: "php_value[upload_max_filesize] = {{ php.upload_max_filesize }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + notify: reload php-fpm php7_fpm + tags: + - confphpfpm_espocrm diff --git a/roles/espocrm/templates/nginx_app.j2 b/roles/espocrm/templates/nginx_app.j2 index b293453e..347462ff 100644 --- a/roles/espocrm/templates/nginx_app.j2 +++ b/roles/espocrm/templates/nginx_app.j2 @@ -62,6 +62,8 @@ server { root {{ app_instance_root }}/public; # path to public dir + index index.php; + location /client { root {{ app_instance_root }}; # path to espocrm root dir autoindex off; diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index b7c56c83..20211b6e 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -3,7 +3,7 @@ app_program: "Garradin" app_src_root_name: "EspoCRM-{{ app_version }}" database_type: "mysql" -packages_list: [ "php{{ php_version }}-mysql", "php{{ php_version }}-json", "php{{ php_version }}-gd", "php{{ php_version }}-zip", "php{{ php_version }}-imap", "php{{ php_version }}-mbstring", "php{{ php_version }}-curl", "php{{ php_version }}-exif", "php{{ php_version }}-ldap" ] +packages_list: [ "php{{ php_version }}-mysql", "php{{ php_version }}-xml", "php{{ php_version }}-xmlwriter", "php{{ php_version }}-json", "php{{ php_version }}-gd", "php{{ php_version }}-zip", "php{{ php_version }}-imap", "php{{ php_version }}-mbstring", "php{{ php_version }}-curl", "php{{ php_version }}-exif", "php{{ php_version }}-ldap" ] app_src: "https://github.com/espocrm/espocrm/releases/download/7.0.8/EspoCRM-{{ app_version }}.zip" php_version: "7.4" @@ -11,3 +11,11 @@ php_version: "7.4" app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data" app_group: www-data + + +php: + max_execution_time: 180 + max_input_time: 180 + memory_limit: 256M + post_max_size: 50M + upload_max_filesize: 50M -- GitLab From e772b07a98c66ba8a14ea8a06a1b94f30d18addb Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 20:18:48 +0100 Subject: [PATCH 06/15] [fix] add php_value properly --- roles/espocrm/tasks/main.yml | 48 +++++++----------------------------- roles/espocrm/vars/main.yml | 14 ++++++----- 2 files changed, 17 insertions(+), 45 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index c981fff6..c7db06ea 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -70,48 +70,18 @@ tags: - espocrm_files_rights - -- name: "Configure max_execution_time" - lineinfile: - line: "php_value[max_execution_time] = {{ php.max_execution_time }}" - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - state: present - notify: reload php-fpm php7_fpm - tags: - - confphpfpm_espocrm - -- name: "Configure max_input_time" +- name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" lineinfile: - line: "php_value[max_input_time] = {{ php.max_input_time }}" - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - state: present - notify: reload php-fpm php7_fpm - tags: - - confphpfpm_espocrm - -- name: "Configure memory_limit" - lineinfile: - line: "php_value[memory_limit] = {{ php.memory_limit }}" - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - state: present - notify: reload php-fpm php7_fpm - tags: - - confphpfpm_espocrm - -- name: "Configure post_max_size" - lineinfile: - line: "php_value[post_max_size] = {{ php.post_max_size }}" - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - state: present - notify: reload php-fpm php7_fpm - tags: - - confphpfpm_espocrm + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + regex: '^php_value[{{ item.key }}]' + state: absent + loop: {{ php_params }} -- name: "Configure upload_max_filesize" +- name: "Configure {{ item.key }}" lineinfile: - line: "php_value[upload_max_filesize] = {{ php.upload_max_filesize }}" + line: "php_value[{{ item.key }}] = {{ item.val }}" path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" state: present - notify: reload php-fpm php7_fpm + loop: {{ php_params }} tags: - - confphpfpm_espocrm + - confphpfpm_espocrm \ No newline at end of file diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index 20211b6e..3b08915f 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -13,9 +13,11 @@ app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data" app_group: www-data -php: - max_execution_time: 180 - max_input_time: 180 - memory_limit: 256M - post_max_size: 50M - upload_max_filesize: 50M +php_params: [ + { key: max_execution_time, val: 180 }, + { key: max_input_time, val: 180 }, + { key: memory_limit, val: 256M }, + { key: post_max_size, val: 50M }, + { key: upload_max_filesize, val: 50M } +] + \ No newline at end of file -- GitLab From 621e972fe73dc2d931bc4b4b2b89ef0830af5d6c Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 20:21:46 +0100 Subject: [PATCH 07/15] [fix] tags --- roles/espocrm/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index c7db06ea..435f94b7 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -75,7 +75,9 @@ path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" regex: '^php_value[{{ item.key }}]' state: absent - loop: {{ php_params }} + loop: {{ php_params }} + tags: + - confphpfpm_espocrm - name: "Configure {{ item.key }}" lineinfile: -- GitLab From 5f36fa4533720ff5f6f58493ed8840b80e93b044 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Mon, 13 Dec 2021 20:28:59 +0100 Subject: [PATCH 08/15] [fix] quote missing for loop --- roles/espocrm/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 435f94b7..05c108f4 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -75,7 +75,7 @@ path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" regex: '^php_value[{{ item.key }}]' state: absent - loop: {{ php_params }} + loop: "{{ php_params }}" tags: - confphpfpm_espocrm @@ -84,6 +84,6 @@ line: "php_value[{{ item.key }}] = {{ item.val }}" path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" state: present - loop: {{ php_params }} + loop: "{{ php_params }}" tags: - - confphpfpm_espocrm \ No newline at end of file + - confphpfpm_espocrm -- GitLab From 3012ca57de2bfde498432eac355edb50cec741f9 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Mon, 13 Dec 2021 20:33:36 +0100 Subject: [PATCH 09/15] [fix] print db_infos --- roles/espocrm/tasks/main.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 435f94b7..4b7f76ea 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -86,4 +86,14 @@ state: present loop: {{ php_params }} tags: - - confphpfpm_espocrm \ No newline at end of file + - confphpfpm_espocrm + +- name: Print db informations for manual installation + vars: + msg: | + db_name: {{ app_instance_id }}_db + db_user: {{ app_instance_id }}_usr + db_pass: {{ database_password }} + debug: + msg: "{{ msg.split('\n') }}" + tags: debug_db_info \ No newline at end of file -- GitLab From e8a01ca7146df91171b1a3ca1e86a23931accb9f Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 14 Dec 2021 11:03:52 +0100 Subject: [PATCH 10/15] [fix] factorisation des droits --- roles/espocrm/tasks/main.yml | 57 ++++++++++++++++-------------------- roles/espocrm/vars/main.yml | 9 +++++- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 1e69cfe7..d12a59b7 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -13,7 +13,6 @@ tags: - espocrm_rev_proxy - - name: "cron monthly retrieving slaves backups" cron: name: "Cron EspoCRM" @@ -22,54 +21,47 @@ job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" user: "{{ app_user }}" -- name: "directory and permissions on {{ base_prod_path }}" - file: - state: directory - path: "{{ app_instance_root }}/data" - mode: 0755 - tags: - - espocrm_files_rights - -- name: "directory and permissions on {{ base_prod_path }}" - file: - state: directory - path: "{{ app_instance_root }}/custom" - mode: 0755 +- name: check if file and paths exists before attributing rights + stat: + path: "{{ item.path }}" + register: "{{ item.name }}_exist" + loop: "{{ files_rights }}" tags: - espocrm_files_rights -- name: "directory and permissions on {{ base_prod_path }}" +- name: attribute correct rights on files file: state: directory - path: "{{ app_instance_root }}/client/custom" - mode: 0755 + path: "{{ item.path }}" + mode: "{{ item.mode }}" tags: - espocrm_files_rights + when: "{{ item.name }}_exist.stat.exists" + loop: "{{ files_rights }}" -- name: "directory and permissions on {{ base_prod_path }}" - file: - state: directory - path: "{{ app_instance_root }}/application/Espo/Modules" - mode: 0775 - tags: - - espocrm_files_rights - -- name: "directory and permissions on {{ base_prod_path }}" - file: - state: directory - path: "{{ app_instance_root }}/client/modules" - mode: 0775 +- name: check if file {{ app_instance_root }}/bin/command exists before attributing rights + stat: + path: "{{ app_instance_root }}/bin/command" + register: "command_exist" tags: - espocrm_files_rights -- name: "directory and permissions on {{ base_prod_path }}" +- name: "directory and permissions on {{ app_instance_root }}/bin/command" file: state: file path: "{{ app_instance_root }}/bin/command" mode: 0754 tags: - espocrm_files_rights + when: command_exist.stat.exists +- name: check if file /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf exists before modifying configuration + stat: + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + register: "fpmconf_espo_exist" + tags: + - confphpfpm_espocrm + - name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" lineinfile: path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" @@ -78,6 +70,7 @@ loop: "{{ php_params }}" tags: - confphpfpm_espocrm + when: fpmconf_espo_exist.stat.exists - name: "Configure {{ item.key }}" lineinfile: @@ -87,6 +80,7 @@ loop: "{{ php_params }}" tags: - confphpfpm_espocrm + when: fpmconf_espo_exist.stat.exists - name: Print db informations for manual installation vars: @@ -97,3 +91,4 @@ debug: msg: "{{ msg.split('\n') }}" tags: debug_db_info + when: app_run == "install" || app_run == "reinstall" diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index 3b08915f..95efdcd2 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -20,4 +20,11 @@ php_params: [ { key: post_max_size, val: 50M }, { key: upload_max_filesize, val: 50M } ] - \ No newline at end of file + +files_rights_directory: [ + {mode: 755, path: "{{ app_instance_root }}/client/modules", name: modules}, + {mode: 755, path: "{{ app_instance_root }}/data", name: data}, + {mode: 755, path: "{{ app_instance_root }}/client/custom", name: client_custom}, + {mode: 775, path: "{{ app_instance_root }}/application/Espo/Modules", name: espo_modules}, + {mode: 775, path: "{{ app_instance_root }}/client/modules", name: client_modules}, +] \ No newline at end of file -- GitLab From 241d531e9fe99ed43864d367017f73e860918dbc Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 14 Dec 2021 11:12:18 +0100 Subject: [PATCH 11/15] [fix] idem (mais sans templating pour le register /!\ interdit !) --- roles/espocrm/tasks/main.yml | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index d12a59b7..977f4de8 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -21,11 +21,10 @@ job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" user: "{{ app_user }}" -- name: check if file and paths exists before attributing rights +- name: check if {{ app_instance_root }} exists stat: - path: "{{ item.path }}" - register: "{{ item.name }}_exist" - loop: "{{ files_rights }}" + path: "{{ app_instance_root }}" + register: "app_root_exist" tags: - espocrm_files_rights @@ -36,16 +35,9 @@ mode: "{{ item.mode }}" tags: - espocrm_files_rights - when: "{{ item.name }}_exist.stat.exists" + when: "app_root_exist.stat.exists" loop: "{{ files_rights }}" -- name: check if file {{ app_instance_root }}/bin/command exists before attributing rights - stat: - path: "{{ app_instance_root }}/bin/command" - register: "command_exist" - tags: - - espocrm_files_rights - - name: "directory and permissions on {{ app_instance_root }}/bin/command" file: state: file @@ -53,7 +45,7 @@ mode: 0754 tags: - espocrm_files_rights - when: command_exist.stat.exists + when: app_root_exist.stat.exists - name: check if file /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf exists before modifying configuration stat: @@ -61,7 +53,7 @@ register: "fpmconf_espo_exist" tags: - confphpfpm_espocrm - + - name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" lineinfile: path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" -- GitLab From 7bbe14f19e9f87da9a012531422dc76c3eba03df Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Tue, 14 Dec 2021 11:13:14 +0100 Subject: [PATCH 12/15] correct name of var --- roles/espocrm/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index d12a59b7..8ae45b89 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -25,7 +25,7 @@ stat: path: "{{ item.path }}" register: "{{ item.name }}_exist" - loop: "{{ files_rights }}" + loop: "{{ files_rights_directory }}" tags: - espocrm_files_rights @@ -37,7 +37,7 @@ tags: - espocrm_files_rights when: "{{ item.name }}_exist.stat.exists" - loop: "{{ files_rights }}" + loop: "{{ files_rights_directory }}" - name: check if file {{ app_instance_root }}/bin/command exists before attributing rights stat: -- GitLab From d13f2ca9ab6dfb203c81636f39bd01b5023ace19 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Tue, 14 Dec 2021 11:34:59 +0100 Subject: [PATCH 13/15] idem --- roles/espocrm/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 99de32f7..1d3dc789 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -83,4 +83,4 @@ debug: msg: "{{ msg.split('\n') }}" tags: debug_db_info - when: app_run == "install" || app_run == "reinstall" + when: app_run in ['install', 'reinstall'] -- GitLab From 4f0f83a2e467daf31613b852883dc247d41ccb2d Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 14 Dec 2021 18:47:43 +0100 Subject: [PATCH 14/15] [fix] role name --- roles/espocrm/defaults/main.yml | 10 ---------- roles/espocrm/vars/main.yml | 2 +- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/roles/espocrm/defaults/main.yml b/roles/espocrm/defaults/main.yml index 6ae7675f..2627f145 100644 --- a/roles/espocrm/defaults/main.yml +++ b/roles/espocrm/defaults/main.yml @@ -6,13 +6,3 @@ app_user_chrooted: "yes" php_composer: "no" python3: "no" app_wsgi: "no" - -# -# smtp default parameters -# - -smtp_security: STARTTLS -smtp_host: false -smtp_user: null -smtp_pass: null -smtp_port: 587 diff --git a/roles/espocrm/vars/main.yml b/roles/espocrm/vars/main.yml index 95efdcd2..7c89d9e6 100644 --- a/roles/espocrm/vars/main.yml +++ b/roles/espocrm/vars/main.yml @@ -1,5 +1,5 @@ --- -app_program: "Garradin" +app_program: "EspoCRM" app_src_root_name: "EspoCRM-{{ app_version }}" database_type: "mysql" -- GitLab From e89fb03d84dd6c55d3b62ad8f97935a4a8c1d937 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Thu, 27 Jan 2022 11:51:51 +0100 Subject: [PATCH 15/15] [fix] uninstall espocrm --- roles/espocrm/tasks/install.yml | 86 ++++++++++++++++++++++++++++++ roles/espocrm/tasks/main.yml | 88 ++----------------------------- roles/espocrm/tasks/uninstall.yml | 5 ++ 3 files changed, 95 insertions(+), 84 deletions(-) create mode 100644 roles/espocrm/tasks/install.yml create mode 100644 roles/espocrm/tasks/uninstall.yml diff --git a/roles/espocrm/tasks/install.yml b/roles/espocrm/tasks/install.yml new file mode 100644 index 00000000..1d3dc789 --- /dev/null +++ b/roles/espocrm/tasks/install.yml @@ -0,0 +1,86 @@ +--- + +- name: "Import web_app role - EspoCRM" + import_role: + name: _web_app + +- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + when: app_wsgi == "no" + notify: reload {{ rev_proxy }} web_app + tags: + - espocrm_rev_proxy + +- name: "cron monthly retrieving slaves backups" + cron: + name: "Cron EspoCRM" + hour: "23" + minute: "0" + job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" + user: "{{ app_user }}" + +- name: check if {{ app_instance_root }} exists + stat: + path: "{{ app_instance_root }}" + register: "app_root_exist" + tags: + - espocrm_files_rights + +- name: attribute correct rights on files + file: + state: directory + path: "{{ item.path }}" + mode: "{{ item.mode }}" + tags: + - espocrm_files_rights + when: "app_root_exist.stat.exists" + loop: "{{ files_rights_directory }}" + +- name: "directory and permissions on {{ app_instance_root }}/bin/command" + file: + state: file + path: "{{ app_instance_root }}/bin/command" + mode: 0754 + tags: + - espocrm_files_rights + when: app_root_exist.stat.exists + +- name: check if file /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf exists before modifying configuration + stat: + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + register: "fpmconf_espo_exist" + tags: + - confphpfpm_espocrm + +- name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + lineinfile: + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + regex: '^php_value[{{ item.key }}]' + state: absent + loop: "{{ php_params }}" + tags: + - confphpfpm_espocrm + when: fpmconf_espo_exist.stat.exists + +- name: "Configure {{ item.key }}" + lineinfile: + line: "php_value[{{ item.key }}] = {{ item.val }}" + path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + state: present + loop: "{{ php_params }}" + tags: + - confphpfpm_espocrm + when: fpmconf_espo_exist.stat.exists + +- name: Print db informations for manual installation + vars: + msg: | + db_name: {{ app_instance_id }}_db + db_user: {{ app_instance_id }}_usr + db_pass: {{ database_password }} + debug: + msg: "{{ msg.split('\n') }}" + tags: debug_db_info + when: app_run in ['install', 'reinstall'] diff --git a/roles/espocrm/tasks/main.yml b/roles/espocrm/tasks/main.yml index 1d3dc789..27b0405f 100644 --- a/roles/espocrm/tasks/main.yml +++ b/roles/espocrm/tasks/main.yml @@ -1,86 +1,6 @@ --- +- import_tasks: install.yml + when: app_run in ['install', 'reinstall', 'upgrade'] -- name: "Import web_app role - EspoCRM" - import_role: - name: _web_app - -- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" - template: - src: "{{ rev_proxy }}_app.j2" - dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" - when: app_wsgi == "no" - notify: reload {{ rev_proxy }} web_app - tags: - - espocrm_rev_proxy - -- name: "cron monthly retrieving slaves backups" - cron: - name: "Cron EspoCRM" - hour: "23" - minute: "0" - job: "/usr/bin/php -f {{ app_instance_root }}/cron.php > /dev/null 2>&1" - user: "{{ app_user }}" - -- name: check if {{ app_instance_root }} exists - stat: - path: "{{ app_instance_root }}" - register: "app_root_exist" - tags: - - espocrm_files_rights - -- name: attribute correct rights on files - file: - state: directory - path: "{{ item.path }}" - mode: "{{ item.mode }}" - tags: - - espocrm_files_rights - when: "app_root_exist.stat.exists" - loop: "{{ files_rights_directory }}" - -- name: "directory and permissions on {{ app_instance_root }}/bin/command" - file: - state: file - path: "{{ app_instance_root }}/bin/command" - mode: 0754 - tags: - - espocrm_files_rights - when: app_root_exist.stat.exists - -- name: check if file /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf exists before modifying configuration - stat: - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - register: "fpmconf_espo_exist" - tags: - - confphpfpm_espocrm - -- name : "Delete {{ item.key }} line in /etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - lineinfile: - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - regex: '^php_value[{{ item.key }}]' - state: absent - loop: "{{ php_params }}" - tags: - - confphpfpm_espocrm - when: fpmconf_espo_exist.stat.exists - -- name: "Configure {{ item.key }}" - lineinfile: - line: "php_value[{{ item.key }}] = {{ item.val }}" - path: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - state: present - loop: "{{ php_params }}" - tags: - - confphpfpm_espocrm - when: fpmconf_espo_exist.stat.exists - -- name: Print db informations for manual installation - vars: - msg: | - db_name: {{ app_instance_id }}_db - db_user: {{ app_instance_id }}_usr - db_pass: {{ database_password }} - debug: - msg: "{{ msg.split('\n') }}" - tags: debug_db_info - when: app_run in ['install', 'reinstall'] +- import_tasks: uninstall.yml + when: app_run == 'uninstall' \ No newline at end of file diff --git a/roles/espocrm/tasks/uninstall.yml b/roles/espocrm/tasks/uninstall.yml new file mode 100644 index 00000000..0c974885 --- /dev/null +++ b/roles/espocrm/tasks/uninstall.yml @@ -0,0 +1,5 @@ +--- + +- name: "Import web_app role - EspoCRM" + import_role: + name: _web_app \ No newline at end of file -- GitLab