Update to 2020-09-29 20:00

master
Daniel Berteaud 4 years ago
parent ba1979fde0
commit 4e6ece362a
  1. 34
      roles/mayan_edms/defaults/main.yml
  2. 11
      roles/mayan_edms/handlers/main.yml
  3. 8
      roles/mayan_edms/meta/main.yml
  4. 10
      roles/mayan_edms/tasks/archive_post.yml
  5. 32
      roles/mayan_edms/tasks/archive_pre.yml
  6. 6
      roles/mayan_edms/tasks/cleanup.yml
  7. 9
      roles/mayan_edms/tasks/conf.yml
  8. 26
      roles/mayan_edms/tasks/directories.yml
  9. 34
      roles/mayan_edms/tasks/facts.yml
  10. 105
      roles/mayan_edms/tasks/install.yml
  11. 9
      roles/mayan_edms/tasks/iptables.yml
  12. 15
      roles/mayan_edms/tasks/main.yml
  13. 11
      roles/mayan_edms/tasks/services.yml
  14. 6
      roles/mayan_edms/tasks/user.yml
  15. 5
      roles/mayan_edms/tasks/write_version.yml
  16. 14
      roles/mayan_edms/templates/env.j2
  17. 21
      roles/mayan_edms/templates/mayan-edms-beat.service.j2
  18. 22
      roles/mayan_edms/templates/mayan-edms-web.service.j2
  19. 22
      roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2
  20. 22
      roles/mayan_edms/templates/mayan-edms-worker-medium.service.j2
  21. 22
      roles/mayan_edms/templates/mayan-edms-worker-slow.service.j2
  22. 3
      roles/mayan_edms/templates/post_backup.sh.j2
  23. 8
      roles/mayan_edms/templates/pre_backup.sh.j2

@ -0,0 +1,34 @@
---
mayan_version: 3.4.17
mayan_root_dir: /opt/mayan-edms
mayan_user: mayan-edms
# Should ansible handle upgrades ? If false, only initial install will be done
mayan_manage_upgrade: True
mayan_db_server: "{{ mysql_server | default('localhost') }}"
mayan_db_user: mayanedms
mayan_db_name: mayanedms
# A random pass will be created if not defined
# mayan_db_pass: S3cr3t.
# URL of the redis server to use
mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379
# Mayan EDMS needs 2 redis DB. Set here the ID
# of the DB you want to use
mayan_redis_db:
result_backend: 0
broker: 1
# Number of web workers
mayan_web_workers: 2
# Port and list of allowed IP
mayan_port: 8000
mayan_src_ip: []
# From email address
mayan_from_mail: mayan-edsm@{{ ansible_domain }}
# Main language for document
mayan_doc_lang: fra

@ -0,0 +1,11 @@
---
- name: restart mayan-edms
service: name={{ item }} state=restarted
loop:
- mayan-edms-web
- mayan-edms-worker-fast
- mayan-edms-worker-medium
- mayan-edms-worker-slow
- mayan-edms-beat

@ -0,0 +1,8 @@
---
dependencies:
- role: mkdir
- role: mysql_server
when: mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost'
- role: redis_server
when: mayan_redis_url | urlsplit('hostname') == '127.0.0.1' or mayan_redis_url | urlsplit('hostname') == 'localhost'

@ -0,0 +1,10 @@
---
- name: Compress previous version
command: tar cf {{ mayan_root_dir }}/archives/{{ mayan_current_version }}.tar.zst --use-compress-program=zstd ./
environment:
ZST_CLEVEL: 10
args:
chdir: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}"
warn: False
tags: mayan

@ -0,0 +1,32 @@
---
- name: Create the archive dir
file: path={{ mayan_root_dir }}/archives/{{ mayan_current_version }} state=directory
tags: mayan
- name: Archive previous version
synchronize:
src: "{{ mayan_root_dir }}/{{ item }}"
dest: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}/"
recursive: True
delete: True
loop:
- app
- venv
delegate_to: "{{ inventory_hostname }}"
tags: mayan
- name: Dump the database
mysql_db:
state: dump
name: "{{ mayan_db_name }}"
target: "{{ root_dir }}/archives/{{ mayan_current_version }}/{{ mayan_db_name }}.sql.xz"
login_host: "{{ mayan_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
environment:
XZ_OPT: -T0
tags: mayan

@ -0,0 +1,6 @@
---
- name: Remove temp and obsolete files
file: path={{ item }} state=absent
loop: []
tags: mayan

@ -0,0 +1,9 @@
---
- name: Deploy configuration
template: src={{ item.src }} dest={{ item.dest }} group={{ mayan_user }} mode=640
loop:
- src: env.j2
dest: "{{ mayan_root_dir }}/config/.env"
notify: restart mayan-edms
tags: mayan

@ -0,0 +1,26 @@
---
- name: Create directories
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner | default(omit) }}"
group: "{{ item.group | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
loop:
- path: "{{ mayan_root_dir }}/venv"
- path: "{{ mayan_root_dir }}/meta"
mode: 700
- path: "{{ mayan_root_dir }}/tmp"
mode: 700
owner: "{{ mayan_user }}"
- path: "{{ mayan_root_dir }}/data"
mode: 700
owner: "{{ mayan_user }}"
- path: "{{ mayan_root_dir }}/archive"
mode: 700
- path: "{{ mayan_root_dir }}/backup"
mode: 700
- path: "{{ mayan_root_dir }}/config"
group: "{{ mayan_user }}"
mode: 750
tags: mayan

@ -0,0 +1,34 @@
---
- fail: msg="mysql_admin_pass must be set"
when: mysql_admin_pass is not defined
tags: mayan
# Ensure we have recent enough MariaDB version
- fail: msg="Require MariaDB > 10"
when:
- mayan_db_server == 'localhost' or mayan_db_server == '127.0.0.1'
- mysql_mariadb_version == 'default'
tags: mayan
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ mayan_root_dir }}"
- version: "{{ mayan_version }}"
tags: mayan
- block:
- set_fact: mayan_install_mode={{ (install_mode == 'upgrade' and not mayan_manage_upgrade) | ternary('none',install_mode) }}
- set_fact: mayan_current_version={{ current_version | default('') }}
tags: mayan
# Create a random pass for the DB if needed
- block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ mayan_root_dir }}/meta/ansible_dbpass"
- set_fact: mayan_db_pass={{ rand_pass }}
when: mayan_db_pass is not defined
tags: mayan

@ -0,0 +1,105 @@
---
- name: Install needed tools
yum:
name:
- git
- gcc
- openssl-devel
- libffi-devel
- openldap-devel
- libjpeg-turbo-devel
- libpng-devel
- mysql-devel
- libexif
- ghostscript
- gnupg
- graphviz
- fuse-libs
- file-libs
- libreoffice
- poppler-utils
- sane-backends
- tesseract
- tesseract-langpack-fra
- python3-devel
- python3-pip
- python3-virtualenv
- python-setuptools
tags: mayan
- name: Wipe the venv on upgrades
file: path={{ mayan_root_dir }}/venv state=absent
when: mayan_install_mode=='upgrade'
tags: mayan
- name: Create the venv dir
file: path={{ mayan_root_dir }}/venv state=directory
tags: mayan
- name: Create the virtualenv
pip:
name:
- pip
- redis
- mysql
state: "{{ (mayan_install_mode == 'none') | ternary('present', 'latest') }}"
virtualenv: "{{ mayan_root_dir }}/venv"
virtualenv_command: /usr/bin/virtualenv-3
virtualenv_python: /usr/bin/python3
tags: mayan
- name: Install Mayan EDMS
pip:
name:
- mayan-edms=={{ mayan_version }}
virtualenv: "{{ mayan_root_dir }}/venv"
virtualenv_command: /usr/bin/virtualenv-3
virtualenv_python: /usr/bin/python3
tags: mayan
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ mayan_db_name }}"
- db_user: "{{ mayan_db_user }}"
- db_server: "{{ mayan_db_server }}"
- db_pass: "{{ mayan_db_pass }}"
tags: mayan
- name: Initialize or upgrade database
command: >-
{{ mayan_root_dir }}/venv/bin/python
{{ mayan_root_dir }}/venv/bin/mayan-edms.py
{{ (mayan_install_mode == 'install') | ternary('initialsetup','performupgrade') }}
environment:
- MAYAN_MEDIA_ROOT: "{{ mayan_root_dir }}/data"
- MAYAN_DATABASE_ENGINE: django.db.backends.mysql
- MAYAN_DATABASE_NAME: "{{ mayan_db_name }}"
- MAYAN_DATABASE_PASSWORD: "{{ mayan_db_pass }}"
- MAYAN_DATABASE_USER: "{{ mayan_db_user }}"
- MAYAN_DATABASE_HOST: "{{ mayan_db_server }}"
when: mayan_install_mode != 'none'
tags: mayan
- name: Deploy systemd units
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
loop:
- mayan-edms-web.service
- mayan-edms-worker-fast.service
- mayan-edms-worker-medium.service
- mayan-edms-worker-slow.service
- mayan-edms-beat.service
register: mayan_systemd_units
tags: mayan
- name: Reload systemd
systemd: daemon_reload=True
when: mayan_systemd_units.results | selectattr('changed', 'equalto', True) | list | length > 0
tags: mayan
- name: Install pre/post backup scripts
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/mayan_edms.sh mode=750
loop:
- pre
- post
tags: mayan

@ -0,0 +1,9 @@
---
- name: Handle Mayan EDMS port in the firewall
iptables_raw:
name: mayan_port
state: "{{ (mayan_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mayan_port }} -s {{ mayan_src_ip | join(',') }} -j ACCEPT"
tags: firewall,mayan

@ -0,0 +1,15 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: mayan_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: iptables.yml
when: iptables_manage | default(True)
- include: services.yml
- include: write_version.yml
- include: archive_post.yml
when: mayan_install_mode == 'upgrade'
- include: cleanup.yml

@ -0,0 +1,11 @@
---
- name: Start and enable services
service: name={{ item }} state=started enabled=True
loop:
- mayan-edms-web
- mayan-edms-worker-fast
- mayan-edms-worker-medium
- mayan-edms-worker-slow
- mayan-edms-beat
tags: mayan

@ -0,0 +1,6 @@
---
- name: Create mayan user account
user: name={{ mayan_user }} home={{ mayan_root_dir }} system=True
tags: mayan

@ -0,0 +1,5 @@
---
- name: Write current version
copy: content={{ mayan_version }} dest={{ mayan_root_dir }}/meta/ansible_version
tags: mayan

@ -0,0 +1,14 @@
MAYAN_ALLOWED_HOSTS="['*']"
PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings"
DJANGO_SETTINGS_MODULE=mayan.settings.production
MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data"
MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db.result_backend }}"
MAYAN_CELERY_BROKER_URL="{{ mayan_redis_url }}/{{ mayan_redis_db.broker }}"
MAYAN_DATABASES="{default: {ENGINE: django.db.backends.mysql, HOST: '{{ mayan_db_server }}', NAME: '{{ mayan_db_user }}', PASSWORD: '{{ mayan_db_pass }}', USER: '{{ mayan_db_user }}'}}"
MAYAN_DEFAULT_FROM_EMAIL={{ mayan_from_mail | quote }}
MAYAN_DOCUMENTS_LANGUAGE={{ mayan_doc_lang }}
MAYAN_SECURE_PROXY_SSL_HEADER="('HTTP_X_FORWARDED_PROTO', 'https')"
MAYAN_SESSION_COOKIE_NAME="mayanedmssessionid"
MAYAN_STORAGE_TEMPORARY_DIRECTORY="{{ mayan_root_dir }}/tmp"
MAYAN_TIME_ZONE={{ system_tz | default('UTC') }}
MAYAN_USE_X_FORWARDED_HOST="true"

@ -0,0 +1,21 @@
[Unit]
Description=Mayan EDMS celery beat service
After=redis.service postgresql.service mysql.service mariadb.service
[Service]
User={{ mayan_user }}
WorkingDirectory={{ mayan_root_dir }}
EnvironmentFile={{ mayan_root_dir }}/config/.env
ExecStart={{ mayan_root_dir }}/venv/bin/celery beat -A mayan --pidfile= -l INFO
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=1024M
SyslogIdentifier=mayan-edms-beat
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

@ -0,0 +1,22 @@
[Unit]
Description=Mayan EDMS web service
After=redis.service postgresql.service maysql.service mariadb.service
Wants=mayan-edms-worker-fast.service mayan-edms-worker-medium.service mayan-edms-worker-slow.service mayan-edms-beat.service
[Service]
User={{ mayan_user }}
WorkingDirectory={{ mayan_root_dir }}
EnvironmentFile={{ mayan_root_dir }}/config/.env
ExecStart={{ mayan_root_dir }}/venv/bin/gunicorn -w {{ mayan_web_workers }} mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class sync --bind 0.0.0.0:{{ mayan_port }} --timeout 120
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=1024M
SyslogIdentifier=mayan-edms-web
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

@ -0,0 +1,22 @@
[Unit]
Description=Mayan EDMS fast celery worker
After=redis.service postgresql.service mysql.service mariadb.service
[Service]
User={{ mayan_user }}
WorkingDirectory={{ mayan_root_dir }}/
EnvironmentFile={{ mayan_root_dir }}/config/.env
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency=1
Nice=1
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=1024M
SyslogIdentifier=mayan-edms-worker-fast
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

@ -0,0 +1,22 @@
[Unit]
Description=Mayan EDMS medium celery worker
After=redis.service postgresql.service mysql.service mariadb.service
[Service]
User={{ mayan_user }}
WorkingDirectory={{ mayan_root_dir }}/
EnvironmentFile={{ mayan_root_dir }}/config/.env
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q default,checkouts_periodic,indexing,signatures,documents_periodic,uploads,documents,file_metadata,metadata,sources,sources_periodic -n mayan-worker-medium.%%h --concurrency=1
Nice=18
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=1024M
SyslogIdentifier=mayan-edms-worker-medium
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

@ -0,0 +1,22 @@
[Unit]
Description=Mayan EDMS slow celery worker
After=redis.service postgresql.service mysql.service mariadb.service
[Service]
User={{ mayan_user }}
WorkingDirectory={{ mayan_root_dir }}/
EnvironmentFile={{ mayan_root_dir }}/config/.env
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q statistics,tools,common_periodic,parsing,document_states,mailing,ocr -n mayan-worker-slow.%%h --concurrency=1
Nice=19
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
MemoryLimit=1024M
SyslogIdentifier=mayan-edms-worker-slow
Restart=on-failure
StartLimitInterval=0
RestartSec=30
[Install]
WantedBy=multi-user.target

@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f {{ mayan_root_dir }}/backup/*

@ -0,0 +1,8 @@
#!/bin/bash -e
/usr/bin/mysqldump --user={{ mayan_db_user | quote }} \
--password={{ mayan_db_pass | quote }} \
--host={{ mayan_db_server | quote }} \
--quick --single-transaction \
--add-drop-table {{ mayan_db_name | quote }} | zstd -c > {{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst
Loading…
Cancel
Save