diff --git a/roles/itop/defaults/main.yml b/roles/itop/defaults/main.yml index 90435ce..9b7dbcb 100644 --- a/roles/itop/defaults/main.yml +++ b/roles/itop/defaults/main.yml @@ -4,7 +4,7 @@ itop_id: 1 itop_manage_upgrade: True itop_version: 2.7.2-1 itop_build: 6483 -itop_archive_url: https://sourceforge.net/projects/itop/files/itop/{{ item_version }}/iTop-{{ itop_version }}-{{ itop_build }}.zip +itop_archive_url: https://sourceforge.net/projects/itop/files/itop/{{ itop_version }}/iTop-{{ itop_version }}-{{ itop_build }}.zip itop_archive_sha1: 8efede1ba82ce49e35e7eee8b652a75533bfef81 itop_root_dir: /opt/itop_{{ itop_id }} diff --git a/roles/itop/tasks/cleanup.yml b/roles/itop/tasks/cleanup.yml index 91e8366..7bf951b 100644 --- a/roles/itop/tasks/cleanup.yml +++ b/roles/itop/tasks/cleanup.yml @@ -3,7 +3,7 @@ - name: Remove temp and obsolete files file: path={{ item }} state=absent loop: - - "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ item_build }}.zip" + - "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ itop_build }}.zip" - "{{ itop_root_dir }}/tmp/web" - "{{ itop_root_dir }}/tmp/INSTALL" - "{{ itop_root_dir }}/tmp/README" diff --git a/roles/itop/tasks/conf.yml b/roles/itop/tasks/conf.yml index e56e007..e9cdbb7 100644 --- a/roles/itop/tasks/conf.yml +++ b/roles/itop/tasks/conf.yml @@ -2,7 +2,7 @@ - import_tasks: ../includes/webapps_webconf.yml vars: - - app_id: itop_{{ dolibarr_id }} + - app_id: itop_{{ itop_id }} - php_version: "{{ itop_php_version }}" - php_fpm_pool: "{{ itop_php_fpm_pool | default('') }}" tags: itop diff --git a/roles/itop/tasks/directories.yml b/roles/itop/tasks/directories.yml index f68b7b6..13b0ce1 100644 --- a/roles/itop/tasks/directories.yml +++ b/roles/itop/tasks/directories.yml @@ -1,7 +1,7 @@ --- - name: Create directory structure - file: path={{ item.dir }} state=directory mode={{ item.mode | default(omit) }} + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} with_items: - dir: "{{ itop_root_dir }}" - dir: "{{ itop_root_dir }}/archives" @@ -17,5 +17,10 @@ - dir: "{{ itop_root_dir }}/backup" mode: 700 - dir: "{{ itop_root_dir }}/data" + - dir: "{{ itop_root_dir }}/data/conf" + - dir: "{{ itop_root_dir }}/data/data" + - dir: "{{ itop_root_dir }}/data/log" + - dir: "{{ itop_root_dir }}/data/env-production" + - dir: "{{ itop_root_dir }}/data/env-production-build" tags: itop diff --git a/roles/itop/tasks/install.yml b/roles/itop/tasks/install.yml index a36e7cc..89188f0 100644 --- a/roles/itop/tasks/install.yml +++ b/roles/itop/tasks/install.yml @@ -28,7 +28,39 @@ dest: "{{ itop_root_dir }}/web/" recursive: True delete: True + rsync_opts: + - '--exclude=data' + - '--exclude=log' delegate_to: "{{ inventory_hostname }}" + + - name: Sync data and log dir + synchronize: + src: "{{ itop_root_dir }}/tmp/web/{{ item }}/" + dest: "{{ itop_root_dir }}/data/{{ item }}/" + recursive: True + delegate_to: "{{ inventory_hostname }}" + loop: + - data + - log + + tags: itop + +- name: Create directories + file: src={{ itop_root_dir }}/data/{{ item }} dest={{ itop_root_dir }}/web/{{ item }} state=link force=True + loop: + - log + - data + - conf + - env-production + - env-production-build + tags: itop + +- import_tasks: ../includes/webapps_create_mysql_db.yml + vars: + - db_name: "{{ itop_db_name }}" + - db_user: "{{ itop_db_user }}" + - db_server: "{{ itop_db_server }}" + - db_pass: "{{ itop_db_pass }}" tags: itop - name: Install backup hooks diff --git a/roles/itop/templates/httpd.conf.j2 b/roles/itop/templates/httpd.conf.j2 index cc96ab3..2b7f849 100644 --- a/roles/itop/templates/httpd.conf.j2 +++ b/roles/itop/templates/httpd.conf.j2 @@ -17,4 +17,8 @@ RewriteEngine On SetHandler "proxy:unix:/run/php-fpm/{{ itop_php_fpm_pool | default('itop_' + itop_id | string) }}.sock|fcgi://localhost" - +{% for dir in ['log','env-production','env-production-build','data','conf'] %} + + Require all denied + +{% endfor %} diff --git a/roles/itop/templates/perms.sh.j2 b/roles/itop/templates/perms.sh.j2 index a894b48..e580a95 100644 --- a/roles/itop/templates/perms.sh.j2 +++ b/roles/itop/templates/perms.sh.j2 @@ -5,4 +5,3 @@ chown -R {{ itop_php_user }} {{ itop_root_dir }}/data chmod 700 {{ itop_root_dir }}/data setfacl -R -m u:{{ httpd_user | default('apache') }}:rX {{ itop_root_dir }}/data - diff --git a/roles/itop/templates/php.conf.j2 b/roles/itop/templates/php.conf.j2 index 32b3e57..4a39c73 100644 --- a/roles/itop/templates/php.conf.j2 +++ b/roles/itop/templates/php.conf.j2 @@ -25,7 +25,7 @@ php_admin_value[memory_limit] = 512M php_admin_value[session.save_path] = {{ itop_root_dir }}/sessions php_admin_value[upload_tmp_dir] = {{ itop_root_dir }}/tmp php_admin_value[sys_temp_dir] = {{ itop_root_dir }}/tmp -php_admin_value[post_max_size] = 20M +php_admin_value[post_max_size] = 21M php_admin_value[upload_max_filesize] = 20M php_admin_value[disable_functions] = system, show_source, symlink, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd php_admin_value[open_basedir] = {{ itop_root_dir }}