From 03b7fa343a222ff02cd4fdfa9e8a8f104f9ef0e3 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 16 Oct 2020 00:00:07 +0200 Subject: [PATCH] Update to 2020-10-16 00:00 --- roles/mayan_edms/defaults/main.yml | 12 ++++++------ roles/mayan_edms/meta/main.yml | 2 ++ roles/mayan_edms/tasks/facts.yml | 1 + roles/mayan_edms/tasks/install.yml | 1 + roles/mayan_edms/templates/env.j2 | 4 ++-- roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2 | 4 ++-- roles/postgresql_server/tasks/main.yml | 9 +++++++++ roles/rabbitmq_server/defaults/main.yml | 10 ++++++++++ roles/rabbitmq_server/handlers/main.yml | 4 ++++ roles/rabbitmq_server/tasks/conf.yml | 6 ++++++ roles/rabbitmq_server/tasks/install.yml | 8 ++++++++ roles/rabbitmq_server/tasks/iptables.yml | 8 ++++++++ roles/rabbitmq_server/tasks/main.yml | 7 +++++++ roles/rabbitmq_server/tasks/services.yml | 5 +++++ roles/rabbitmq_server/templates/rabbitmq.config.j2 | 12 ++++++++++++ 15 files changed, 83 insertions(+), 10 deletions(-) create mode 100644 roles/rabbitmq_server/defaults/main.yml create mode 100644 roles/rabbitmq_server/handlers/main.yml create mode 100644 roles/rabbitmq_server/tasks/conf.yml create mode 100644 roles/rabbitmq_server/tasks/install.yml create mode 100644 roles/rabbitmq_server/tasks/iptables.yml create mode 100644 roles/rabbitmq_server/tasks/main.yml create mode 100644 roles/rabbitmq_server/tasks/services.yml create mode 100644 roles/rabbitmq_server/templates/rabbitmq.config.j2 diff --git a/roles/mayan_edms/defaults/main.yml b/roles/mayan_edms/defaults/main.yml index 6b9847f..5a6c70f 100644 --- a/roles/mayan_edms/defaults/main.yml +++ b/roles/mayan_edms/defaults/main.yml @@ -17,14 +17,14 @@ mayan_db_name: mayanedms # URL of the redis server to use mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379 -# Mayan EDMS needs 2 redis DB. Set here the ID -# of the DB you want to use -mayan_redis_db: - result_backend: 0 - broker: 1 +# ID of the redis DB mayan will use +mayan_redis_db: 0 + +# URL of the amqp broker +mayan_amqp_url: amqp://127.0.0.1:5672/ # Number of web workers -mayan_web_workers: 2 +mayan_web_workers: 3 # Port and list of allowed IP mayan_port: 8000 diff --git a/roles/mayan_edms/meta/main.yml b/roles/mayan_edms/meta/main.yml index f11f156..115ebee 100644 --- a/roles/mayan_edms/meta/main.yml +++ b/roles/mayan_edms/meta/main.yml @@ -13,3 +13,5 @@ dependencies: - mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost' - role: redis_server when: mayan_redis_url | urlsplit('hostname') == '127.0.0.1' or mayan_redis_url | urlsplit('hostname') == 'localhost' + - role: rabbitmq_server + when: mayan_amqp_url | urlsplit('hostname') == '127.0.0.1' or mayan_amqp_url | urlsplit('hostname') == 'localhost' diff --git a/roles/mayan_edms/tasks/facts.yml b/roles/mayan_edms/tasks/facts.yml index 1ccb260..3938fa0 100644 --- a/roles/mayan_edms/tasks/facts.yml +++ b/roles/mayan_edms/tasks/facts.yml @@ -27,6 +27,7 @@ - import_tasks: ../includes/get_rand_pass.yml vars: - pass_file: "{{ mayan_root_dir }}/meta/ansible_dbpass" + - complex: False - set_fact: mayan_db_pass={{ rand_pass }} when: mayan_db_pass is not defined tags: mayan diff --git a/roles/mayan_edms/tasks/install.yml b/roles/mayan_edms/tasks/install.yml index f6ded13..124b24f 100644 --- a/roles/mayan_edms/tasks/install.yml +++ b/roles/mayan_edms/tasks/install.yml @@ -25,6 +25,7 @@ - python3-pip - python3-virtualenv - python-setuptools + - rabbitmq-server tags: mayan - name: Install MySQL support diff --git a/roles/mayan_edms/templates/env.j2 b/roles/mayan_edms/templates/env.j2 index 6c80ad8..c8f2574 100644 --- a/roles/mayan_edms/templates/env.j2 +++ b/roles/mayan_edms/templates/env.j2 @@ -2,8 +2,8 @@ MAYAN_ALLOWED_HOSTS="['*']" PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings" DJANGO_SETTINGS_MODULE={{ mayan_ldap_auth | ternary('auth','mayan.settings.production') }} MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data" -MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db.result_backend }}" -MAYAN_CELERY_BROKER_URL="{{ mayan_redis_url }}/{{ mayan_redis_db.broker }}" +MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db }}" +MAYAN_CELERY_BROKER_URL="{{ mayan_amqp_url }}" MAYAN_DATABASE_ENGINE="django.db.backends.{{ (mayan_db_engine == 'mysql') | ternary('mysql','postgresql') }}" MAYAN_DATABASE_NAME={{ mayan_db_name | quote }} MAYAN_DATABASE_PASSWORD={{ mayan_db_pass | quote }} diff --git a/roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2 b/roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2 index ba6f57f..0e02974 100644 --- a/roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2 +++ b/roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2 @@ -1,12 +1,12 @@ [Unit] Description=Mayan EDMS fast celery worker -After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service +After=redis.service {{ (pg_version is defined and pg_version != 'default') | ternary('postgresql-' + pg_version | string,'postgresql') }}.service mysql.service mariadb.service rabbitmq-server.service [Service] User={{ mayan_user }} WorkingDirectory={{ mayan_root_dir }}/ EnvironmentFile={{ mayan_root_dir }}/config/.env -ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency=1 +ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l ERROR -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency={{ ansible_processor_vcpus + 1 }} Nice=1 PrivateTmp=yes ProtectSystem=full diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 7aeb8af..2cc493e 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -8,6 +8,15 @@ gpgcheck: True gpgkey: https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-{{ pg_version }} state: "{{ (pg_version != 'default') | ternary('present','absent') }}" + register: pg_repo + tags: pg,repo + +- name: Clear PostgreSQL repo cache + file: path=/var/cache/yum/{{ ansible_architecture }}/{{ ansible_distribution_major_version }}/postgresql/{{ item }} state=absent + loop: + - cachecookie + - repomd.xml + when: pg_repo.changed tags: pg - name: Install dependencies diff --git a/roles/rabbitmq_server/defaults/main.yml b/roles/rabbitmq_server/defaults/main.yml new file mode 100644 index 0000000..7c6ba2b --- /dev/null +++ b/roles/rabbitmq_server/defaults/main.yml @@ -0,0 +1,10 @@ +--- + +# Plain TCP port +rabbitmq_port: 5672 + +# Access to the plain port +rabbitmq_src_ip: [] + +# Should the guest user available from anywhere ? If False, it'll only be accepted from loopback +rabbitmq_guest_from_anywhere: False diff --git a/roles/rabbitmq_server/handlers/main.yml b/roles/rabbitmq_server/handlers/main.yml new file mode 100644 index 0000000..23678c4 --- /dev/null +++ b/roles/rabbitmq_server/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: restart rabbitmq-server + service: name=rabbitmq-server state=reloaded diff --git a/roles/rabbitmq_server/tasks/conf.yml b/roles/rabbitmq_server/tasks/conf.yml new file mode 100644 index 0000000..e847e92 --- /dev/null +++ b/roles/rabbitmq_server/tasks/conf.yml @@ -0,0 +1,6 @@ +--- + +- name: Deploy configuration + template: src=rabbitmq.config.j2 dest=/etc/rabbitmq/rabbitmq.config + notify: restart rabbitmq-server + tags: rabbitmq diff --git a/roles/rabbitmq_server/tasks/install.yml b/roles/rabbitmq_server/tasks/install.yml new file mode 100644 index 0000000..c2b84ca --- /dev/null +++ b/roles/rabbitmq_server/tasks/install.yml @@ -0,0 +1,8 @@ +--- + +- name: Install RabbitMQ + yum: + name: + - rabbitmq-server + tags: rabbitmq + diff --git a/roles/rabbitmq_server/tasks/iptables.yml b/roles/rabbitmq_server/tasks/iptables.yml new file mode 100644 index 0000000..9a958bc --- /dev/null +++ b/roles/rabbitmq_server/tasks/iptables.yml @@ -0,0 +1,8 @@ +--- + +- name: Handle RabbitMQ Server port in the firewall + iptables_raw: + name: rabbitmq_port + state: "{{ (rabbitmq_src_ip | length > 0) | ternary('present','absent') }}" + rules: "-A INPUT -m state --state NEW -p tcp --dport {{ rabbitmq_port }} -s {{ rabbitmq_src_ip | join(',') }} -j ACCEPT" + tags: firewall,rabbitmq diff --git a/roles/rabbitmq_server/tasks/main.yml b/roles/rabbitmq_server/tasks/main.yml new file mode 100644 index 0000000..ddfcf45 --- /dev/null +++ b/roles/rabbitmq_server/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- include: install.yml +- include: conf.yml +- include: iptables.yml + when: iptables_manage | default(True) +- include: services.yml diff --git a/roles/rabbitmq_server/tasks/services.yml b/roles/rabbitmq_server/tasks/services.yml new file mode 100644 index 0000000..3e1b439 --- /dev/null +++ b/roles/rabbitmq_server/tasks/services.yml @@ -0,0 +1,5 @@ +--- + +- name: Start and enable the service + service: name=rabbitmq-server state=started enabled=True + tags: rabbitmq diff --git a/roles/rabbitmq_server/templates/rabbitmq.config.j2 b/roles/rabbitmq_server/templates/rabbitmq.config.j2 new file mode 100644 index 0000000..e869673 --- /dev/null +++ b/roles/rabbitmq_server/templates/rabbitmq.config.j2 @@ -0,0 +1,12 @@ +%% {{ ansible_managed }} + +[ + {rabbit, [ + {tcp_listeners, [{{ rabbitmq_port }}]} + ,{reverse_dns_lookups, false} +{% if rabbitmq_guest_from_anywhere %} + ,{loopback_users, []} +{% endif %} + ] + } +].