Update to 2020-12-15 21:00

roles/itop/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+
+itop_id: 1
+itop_manage_upgrade: True
+itop_version: 2.7.2-1
+itop_build: 6483
+itop_archive_url: https://sourceforge.net/projects/itop/files/itop/{{ item_version }}/iTop-{{ itop_version }}-{{ itop_build }}.zip
+itop_archive_sha1: 8efede1ba82ce49e35e7eee8b652a75533bfef81
+
+itop_root_dir: /opt/itop_{{ itop_id }}
+itop_php_user: php-itop_{{ itop_id }}
+itop_php_version: 74
+
+# If you prefer using a custom PHP FPM pool, set it's name.
+# You might need to adjust itop_php_user
+# itop_php_fpm_pool: custom_itop
+
+
+itop_db_server: "{{ mysql_server | default('localhost') }}"
+# itop_db_port: 3306
+itop_db_name: itop_{{ itop_id }}
+itop_db_user: itop_{{ itop_id }}
+# If not defined, a random pass will be generated and stored in the meta directory (under itop_root_dir)
+# itop_db_pass: itop
+
+# itop_alias: itop
+# itop_src_ip: []
+#   - 192.168.7.0/24
+#   - 10.2.0.0/24
+

roles/itop/meta/main.yml

@@ -0,0 +1,8 @@
+---
+
+allow_duplicates: True
+dependencies:
+  - role: httpd_php
+  - role: mysql_server
+    when: itop_db_server in [ 'localhost', '127.0.0.1' ]
+

roles/itop/tasks/archive_post.yml

@@ -0,0 +1,9 @@
+---
+
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ itop_root_dir }}"
+    - version: "{{ itop_current_version }}"
+  when: itop_install_mode == 'upgrade'
+  tags: itop
+

roles/itop/tasks/archive_pre.yml

@@ -0,0 +1,10 @@
+---
+
+- import_tasks: ../includes/webapps_archive.yml
+  vars:
+    - root_dir: "{{ itop_root_dir }}"
+    - version: "{{ itop_current_version }}"
+    - db_name: "{{ itop_db_name }}"
+    - db_server: "{{ itop_db_server }}"
+  tags: itop
+

roles/itop/tasks/cleanup.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Remove temp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ item_build }}.zip"
+    - "{{ itop_root_dir }}/tmp/web"
+    - "{{ itop_root_dir }}/tmp/INSTALL"
+    - "{{ itop_root_dir }}/tmp/README"
+    - "{{ itop_root_dir }}/tmp/LICENSE"
+  tags: itop

roles/itop/tasks/conf.yml

@@ -0,0 +1,9 @@
+---
+
+- import_tasks: ../includes/webapps_webconf.yml
+  vars:
+    - app_id: itop_{{ dolibarr_id }}
+    - php_version: "{{ itop_php_version }}"
+    - php_fpm_pool: "{{ itop_php_fpm_pool | default('') }}"
+  tags: itop
+

roles/itop/tasks/directories.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Create directory structure
+  file: path={{ item.dir }} state=directory mode={{ item.mode | default(omit) }}
+  with_items:
+    - dir: "{{ itop_root_dir }}"
+    - dir: "{{ itop_root_dir }}/archives"
+      mode: 700
+    - dir: "{{ itop_root_dir }}/tmp"
+      owner: "{{ itop_php_user }}"
+      mode: 700
+    - dir: "{{ itop_root_dir }}/sessions"
+      owner: "{{ itop_php_user }}"
+      mode: 700
+    - dir: "{{ itop_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ itop_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ itop_root_dir }}/data"
+  tags: itop
+

roles/itop/tasks/facts.yml

@@ -0,0 +1,19 @@
+---
+
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ itop_root_dir }}"
+        - version: "{{ itop_version }}"
+    - set_fact: itop_install_mode={{ (install_mode == 'upgrade' and not itop_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: itop_current_version={{ current_version | default('') }}
+  tags: itop
+
+- when: itop_db_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ itop_root_dir }}/meta/ansible_dbpass"
+    - set_fact: itop_db_pass={{ rand_pass }}
+  tags: itop
+

roles/itop/tasks/install.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Install needed tools
+  yum:
+    name:
+      - tar
+      - mariadb
+      - acl
+  tags: itop
+
+- when: itop_install_mode != 'none'
+  block:
+    - name: Download iTop
+      get_url:
+        url: "{{ itop_archive_url }}"
+        dest: "{{ itop_root_dir }}/tmp/"
+        checksum: "sha1:{{ itop_archive_sha1 }}"
+    
+    - name: Extract iTop archive
+      unarchive:
+        src: "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ itop_build }}.zip"
+        dest: "{{ itop_root_dir }}/tmp"
+        remote_src: yes
+    
+    - name: Move files to the correct directory
+      synchronize:
+        src: "{{ itop_root_dir }}/tmp/web/"
+        dest: "{{ itop_root_dir }}/web/"
+        recursive: True
+        delete: True
+      delegate_to: "{{ inventory_hostname }}"
+  tags: itop
+
+- name: Install backup hooks
+  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/itop_{{ itop_id }} mode=700
+  loop:
+    - pre
+    - post
+  tags: itop

roles/itop/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: itop_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: archive_post.yml
+  when: itop_install_mode == 'upgrade'
+- include: write_version.yml
+- include: cleanup.yml
+

roles/itop/tasks/user.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/create_system_user.yml
+  vars:
+    - user: "{{ itop_php_user }}"
+    - comment: "PHP FPM for itop {{ itop_id }}"
+  tags: itop
+

roles/itop/tasks/write_version.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/webapps_post.yml
+  vars:
+    - root_dir: "{{ itop_root_dir }}"
+    - version: "{{ itop_version }}"
+  tags: itop
+

roles/itop/templates/httpd.conf.j2

@@ -0,0 +1,20 @@
+{% if itop_alias is defined %}
+Alias /{{ itop_alias }} {{ itop_root_dir }}/web/
+{% else %}
+# No alias defined, create a vhost to access it
+{% endif %}
+
+RewriteEngine On
+<Directory {{ itop_root_dir }}/web/>
+  AllowOverride All
+  Options FollowSymLinks
+{% if itop_src_ip is defined %}
+  Require ip {{ itop_src_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+  <FilesMatch \.php$>
+    SetHandler "proxy:unix:/run/php-fpm/{{ itop_php_fpm_pool  | default('itop_' + itop_id | string) }}.sock|fcgi://localhost"
+  </FilesMatch>
+</Directory>
+

roles/itop/templates/perms.sh.j2

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+restorecon -R {{ itop_root_dir }}
+chown -R {{ itop_php_user }} {{ itop_root_dir }}/data
+chmod 700 {{ itop_root_dir }}/data
+setfacl -R -m u:{{ httpd_user | default('apache') }}:rX {{ itop_root_dir }}/data
+
+

roles/itop/templates/php.conf.j2

@@ -0,0 +1,38 @@
+; {{ ansible_managed }}
+
+[itop_{{ itop_id }}]
+
+listen.owner = root
+listen.group = {{ httpd_user | default('apache') }}
+listen.mode = 0660
+listen = /run/php-fpm/itop_{{ itop_id }}.sock
+user = {{ itop_php_user }}
+group = {{ itop_php_user }}
+catch_workers_output = yes
+
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 6
+pm.max_requests = 5000
+request_terminate_timeout = 60m
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 512M
+php_admin_value[session.save_path] = {{ itop_root_dir }}/sessions
+php_admin_value[upload_tmp_dir] = {{ itop_root_dir }}/tmp
+php_admin_value[sys_temp_dir] = {{ itop_root_dir }}/tmp
+php_admin_value[post_max_size] = 20M
+php_admin_value[upload_max_filesize] = 20M
+php_admin_value[disable_functions] = system, show_source, symlink, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = {{ itop_root_dir }}
+php_admin_value[max_execution_time] = 900
+php_admin_value[max_input_time] = 120
+php_admin_flag[allow_url_include] = off
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on
+

roles/itop/templates/post-backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ itop_root_dir }}/backup/*

roles/itop/templates/pre-backup.sh.j2

@@ -0,0 +1,13 @@
+#!/bin/bash -e
+
+/usr/bin/mysqldump \
+{% if itop_db_server not in ['127.0.0.1','localhost'] %}
+    --user={{ itop_db_user }} \
+    --password={{ itop_db_pass | quote }} \
+    --host={{ itop_db_server }} \
+{% if itop_db_port is defined %}
+    --port={{ itop_db_port }} \
+{% endif %}
+{% endif %}
+    --quick --single-transaction \
+    --add-drop-table {{ itop_db_name }} | zstd -c > {{ itop_root_dir }}/backup/{{ itop_db_name }}.sql.zst