parent
ba1979fde0
commit
4e6ece362a
23 changed files with 455 additions and 0 deletions
@ -0,0 +1,34 @@ |
||||
--- |
||||
|
||||
mayan_version: 3.4.17 |
||||
mayan_root_dir: /opt/mayan-edms |
||||
mayan_user: mayan-edms |
||||
# Should ansible handle upgrades ? If false, only initial install will be done |
||||
mayan_manage_upgrade: True |
||||
|
||||
mayan_db_server: "{{ mysql_server | default('localhost') }}" |
||||
mayan_db_user: mayanedms |
||||
mayan_db_name: mayanedms |
||||
# A random pass will be created if not defined |
||||
# mayan_db_pass: S3cr3t. |
||||
|
||||
# URL of the redis server to use |
||||
mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379 |
||||
# Mayan EDMS needs 2 redis DB. Set here the ID |
||||
# of the DB you want to use |
||||
mayan_redis_db: |
||||
result_backend: 0 |
||||
broker: 1 |
||||
|
||||
# Number of web workers |
||||
mayan_web_workers: 2 |
||||
|
||||
# Port and list of allowed IP |
||||
mayan_port: 8000 |
||||
mayan_src_ip: [] |
||||
|
||||
# From email address |
||||
mayan_from_mail: mayan-edsm@{{ ansible_domain }} |
||||
|
||||
# Main language for document |
||||
mayan_doc_lang: fra |
@ -0,0 +1,11 @@ |
||||
--- |
||||
|
||||
- name: restart mayan-edms |
||||
service: name={{ item }} state=restarted |
||||
loop: |
||||
- mayan-edms-web |
||||
- mayan-edms-worker-fast |
||||
- mayan-edms-worker-medium |
||||
- mayan-edms-worker-slow |
||||
- mayan-edms-beat |
||||
|
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
dependencies: |
||||
- role: mkdir |
||||
- role: mysql_server |
||||
when: mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost' |
||||
- role: redis_server |
||||
when: mayan_redis_url | urlsplit('hostname') == '127.0.0.1' or mayan_redis_url | urlsplit('hostname') == 'localhost' |
@ -0,0 +1,10 @@ |
||||
--- |
||||
|
||||
- name: Compress previous version |
||||
command: tar cf {{ mayan_root_dir }}/archives/{{ mayan_current_version }}.tar.zst --use-compress-program=zstd ./ |
||||
environment: |
||||
ZST_CLEVEL: 10 |
||||
args: |
||||
chdir: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}" |
||||
warn: False |
||||
tags: mayan |
@ -0,0 +1,32 @@ |
||||
--- |
||||
|
||||
- name: Create the archive dir |
||||
file: path={{ mayan_root_dir }}/archives/{{ mayan_current_version }} state=directory |
||||
tags: mayan |
||||
|
||||
- name: Archive previous version |
||||
synchronize: |
||||
src: "{{ mayan_root_dir }}/{{ item }}" |
||||
dest: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}/" |
||||
recursive: True |
||||
delete: True |
||||
loop: |
||||
- app |
||||
- venv |
||||
delegate_to: "{{ inventory_hostname }}" |
||||
tags: mayan |
||||
|
||||
- name: Dump the database |
||||
mysql_db: |
||||
state: dump |
||||
name: "{{ mayan_db_name }}" |
||||
target: "{{ root_dir }}/archives/{{ mayan_current_version }}/{{ mayan_db_name }}.sql.xz" |
||||
login_host: "{{ mayan_db_server }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ mysql_admin_pass }}" |
||||
quick: True |
||||
single_transaction: True |
||||
environment: |
||||
XZ_OPT: -T0 |
||||
tags: mayan |
||||
|
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
- name: Remove temp and obsolete files |
||||
file: path={{ item }} state=absent |
||||
loop: [] |
||||
tags: mayan |
@ -0,0 +1,9 @@ |
||||
--- |
||||
|
||||
- name: Deploy configuration |
||||
template: src={{ item.src }} dest={{ item.dest }} group={{ mayan_user }} mode=640 |
||||
loop: |
||||
- src: env.j2 |
||||
dest: "{{ mayan_root_dir }}/config/.env" |
||||
notify: restart mayan-edms |
||||
tags: mayan |
@ -0,0 +1,26 @@ |
||||
--- |
||||
- name: Create directories |
||||
file: |
||||
path: "{{ item.path }}" |
||||
state: directory |
||||
owner: "{{ item.owner | default(omit) }}" |
||||
group: "{{ item.group | default(omit) }}" |
||||
mode: "{{ item.mode | default(omit) }}" |
||||
loop: |
||||
- path: "{{ mayan_root_dir }}/venv" |
||||
- path: "{{ mayan_root_dir }}/meta" |
||||
mode: 700 |
||||
- path: "{{ mayan_root_dir }}/tmp" |
||||
mode: 700 |
||||
owner: "{{ mayan_user }}" |
||||
- path: "{{ mayan_root_dir }}/data" |
||||
mode: 700 |
||||
owner: "{{ mayan_user }}" |
||||
- path: "{{ mayan_root_dir }}/archive" |
||||
mode: 700 |
||||
- path: "{{ mayan_root_dir }}/backup" |
||||
mode: 700 |
||||
- path: "{{ mayan_root_dir }}/config" |
||||
group: "{{ mayan_user }}" |
||||
mode: 750 |
||||
tags: mayan |
@ -0,0 +1,34 @@ |
||||
--- |
||||
|
||||
- fail: msg="mysql_admin_pass must be set" |
||||
when: mysql_admin_pass is not defined |
||||
tags: mayan |
||||
|
||||
# Ensure we have recent enough MariaDB version |
||||
- fail: msg="Require MariaDB > 10" |
||||
when: |
||||
- mayan_db_server == 'localhost' or mayan_db_server == '127.0.0.1' |
||||
- mysql_mariadb_version == 'default' |
||||
tags: mayan |
||||
|
||||
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||
vars: |
||||
- root_dir: "{{ mayan_root_dir }}" |
||||
- version: "{{ mayan_version }}" |
||||
tags: mayan |
||||
|
||||
- block: |
||||
- set_fact: mayan_install_mode={{ (install_mode == 'upgrade' and not mayan_manage_upgrade) | ternary('none',install_mode) }} |
||||
- set_fact: mayan_current_version={{ current_version | default('') }} |
||||
tags: mayan |
||||
|
||||
# Create a random pass for the DB if needed |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ mayan_root_dir }}/meta/ansible_dbpass" |
||||
- set_fact: mayan_db_pass={{ rand_pass }} |
||||
when: mayan_db_pass is not defined |
||||
tags: mayan |
||||
|
||||
|
@ -0,0 +1,105 @@ |
||||
--- |
||||
|
||||
- name: Install needed tools |
||||
yum: |
||||
name: |
||||
- git |
||||
- gcc |
||||
- openssl-devel |
||||
- libffi-devel |
||||
- openldap-devel |
||||
- libjpeg-turbo-devel |
||||
- libpng-devel |
||||
- mysql-devel |
||||
- libexif |
||||
- ghostscript |
||||
- gnupg |
||||
- graphviz |
||||
- fuse-libs |
||||
- file-libs |
||||
- libreoffice |
||||
- poppler-utils |
||||
- sane-backends |
||||
- tesseract |
||||
- tesseract-langpack-fra |
||||
- python3-devel |
||||
- python3-pip |
||||
- python3-virtualenv |
||||
- python-setuptools |
||||
tags: mayan |
||||
|
||||
- name: Wipe the venv on upgrades |
||||
file: path={{ mayan_root_dir }}/venv state=absent |
||||
when: mayan_install_mode=='upgrade' |
||||
tags: mayan |
||||
|
||||
- name: Create the venv dir |
||||
file: path={{ mayan_root_dir }}/venv state=directory |
||||
tags: mayan |
||||
|
||||
- name: Create the virtualenv |
||||
pip: |
||||
name: |
||||
- pip |
||||
- redis |
||||
- mysql |
||||
state: "{{ (mayan_install_mode == 'none') | ternary('present', 'latest') }}" |
||||
virtualenv: "{{ mayan_root_dir }}/venv" |
||||
virtualenv_command: /usr/bin/virtualenv-3 |
||||
virtualenv_python: /usr/bin/python3 |
||||
tags: mayan |
||||
|
||||
- name: Install Mayan EDMS |
||||
pip: |
||||
name: |
||||
- mayan-edms=={{ mayan_version }} |
||||
virtualenv: "{{ mayan_root_dir }}/venv" |
||||
virtualenv_command: /usr/bin/virtualenv-3 |
||||
virtualenv_python: /usr/bin/python3 |
||||
tags: mayan |
||||
|
||||
- import_tasks: ../includes/webapps_create_mysql_db.yml |
||||
vars: |
||||
- db_name: "{{ mayan_db_name }}" |
||||
- db_user: "{{ mayan_db_user }}" |
||||
- db_server: "{{ mayan_db_server }}" |
||||
- db_pass: "{{ mayan_db_pass }}" |
||||
tags: mayan |
||||
|
||||
- name: Initialize or upgrade database |
||||
command: >- |
||||
{{ mayan_root_dir }}/venv/bin/python |
||||
{{ mayan_root_dir }}/venv/bin/mayan-edms.py |
||||
{{ (mayan_install_mode == 'install') | ternary('initialsetup','performupgrade') }} |
||||
environment: |
||||
- MAYAN_MEDIA_ROOT: "{{ mayan_root_dir }}/data" |
||||
- MAYAN_DATABASE_ENGINE: django.db.backends.mysql |
||||
- MAYAN_DATABASE_NAME: "{{ mayan_db_name }}" |
||||
- MAYAN_DATABASE_PASSWORD: "{{ mayan_db_pass }}" |
||||
- MAYAN_DATABASE_USER: "{{ mayan_db_user }}" |
||||
- MAYAN_DATABASE_HOST: "{{ mayan_db_server }}" |
||||
when: mayan_install_mode != 'none' |
||||
tags: mayan |
||||
|
||||
- name: Deploy systemd units |
||||
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} |
||||
loop: |
||||
- mayan-edms-web.service |
||||
- mayan-edms-worker-fast.service |
||||
- mayan-edms-worker-medium.service |
||||
- mayan-edms-worker-slow.service |
||||
- mayan-edms-beat.service |
||||
register: mayan_systemd_units |
||||
tags: mayan |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: mayan_systemd_units.results | selectattr('changed', 'equalto', True) | list | length > 0 |
||||
tags: mayan |
||||
|
||||
- name: Install pre/post backup scripts |
||||
template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/mayan_edms.sh mode=750 |
||||
loop: |
||||
- pre |
||||
- post |
||||
tags: mayan |
@ -0,0 +1,9 @@ |
||||
--- |
||||
|
||||
- name: Handle Mayan EDMS port in the firewall |
||||
iptables_raw: |
||||
name: mayan_port |
||||
state: "{{ (mayan_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mayan_port }} -s {{ mayan_src_ip | join(',') }} -j ACCEPT" |
||||
tags: firewall,mayan |
||||
|
@ -0,0 +1,15 @@ |
||||
--- |
||||
- include: user.yml |
||||
- include: directories.yml |
||||
- include: facts.yml |
||||
- include: archive_pre.yml |
||||
when: mayan_install_mode == 'upgrade' |
||||
- include: install.yml |
||||
- include: conf.yml |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
- include: services.yml |
||||
- include: write_version.yml |
||||
- include: archive_post.yml |
||||
when: mayan_install_mode == 'upgrade' |
||||
- include: cleanup.yml |
@ -0,0 +1,11 @@ |
||||
--- |
||||
|
||||
- name: Start and enable services |
||||
service: name={{ item }} state=started enabled=True |
||||
loop: |
||||
- mayan-edms-web |
||||
- mayan-edms-worker-fast |
||||
- mayan-edms-worker-medium |
||||
- mayan-edms-worker-slow |
||||
- mayan-edms-beat |
||||
tags: mayan |
@ -0,0 +1,6 @@ |
||||
--- |
||||
|
||||
- name: Create mayan user account |
||||
user: name={{ mayan_user }} home={{ mayan_root_dir }} system=True |
||||
tags: mayan |
||||
|
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Write current version |
||||
copy: content={{ mayan_version }} dest={{ mayan_root_dir }}/meta/ansible_version |
||||
tags: mayan |
@ -0,0 +1,14 @@ |
||||
MAYAN_ALLOWED_HOSTS="['*']" |
||||
PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings" |
||||
DJANGO_SETTINGS_MODULE=mayan.settings.production |
||||
MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data" |
||||
MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db.result_backend }}" |
||||
MAYAN_CELERY_BROKER_URL="{{ mayan_redis_url }}/{{ mayan_redis_db.broker }}" |
||||
MAYAN_DATABASES="{default: {ENGINE: django.db.backends.mysql, HOST: '{{ mayan_db_server }}', NAME: '{{ mayan_db_user }}', PASSWORD: '{{ mayan_db_pass }}', USER: '{{ mayan_db_user }}'}}" |
||||
MAYAN_DEFAULT_FROM_EMAIL={{ mayan_from_mail | quote }} |
||||
MAYAN_DOCUMENTS_LANGUAGE={{ mayan_doc_lang }} |
||||
MAYAN_SECURE_PROXY_SSL_HEADER="('HTTP_X_FORWARDED_PROTO', 'https')" |
||||
MAYAN_SESSION_COOKIE_NAME="mayanedmssessionid" |
||||
MAYAN_STORAGE_TEMPORARY_DIRECTORY="{{ mayan_root_dir }}/tmp" |
||||
MAYAN_TIME_ZONE={{ system_tz | default('UTC') }} |
||||
MAYAN_USE_X_FORWARDED_HOST="true" |
@ -0,0 +1,21 @@ |
||||
[Unit] |
||||
Description=Mayan EDMS celery beat service |
||||
After=redis.service postgresql.service mysql.service mariadb.service |
||||
|
||||
[Service] |
||||
User={{ mayan_user }} |
||||
WorkingDirectory={{ mayan_root_dir }} |
||||
EnvironmentFile={{ mayan_root_dir }}/config/.env |
||||
ExecStart={{ mayan_root_dir }}/venv/bin/celery beat -A mayan --pidfile= -l INFO |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
SyslogIdentifier=mayan-edms-beat |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,22 @@ |
||||
[Unit] |
||||
Description=Mayan EDMS web service |
||||
After=redis.service postgresql.service maysql.service mariadb.service |
||||
Wants=mayan-edms-worker-fast.service mayan-edms-worker-medium.service mayan-edms-worker-slow.service mayan-edms-beat.service |
||||
|
||||
[Service] |
||||
User={{ mayan_user }} |
||||
WorkingDirectory={{ mayan_root_dir }} |
||||
EnvironmentFile={{ mayan_root_dir }}/config/.env |
||||
ExecStart={{ mayan_root_dir }}/venv/bin/gunicorn -w {{ mayan_web_workers }} mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class sync --bind 0.0.0.0:{{ mayan_port }} --timeout 120 |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
SyslogIdentifier=mayan-edms-web |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,22 @@ |
||||
[Unit] |
||||
Description=Mayan EDMS fast celery worker |
||||
After=redis.service postgresql.service mysql.service mariadb.service |
||||
|
||||
[Service] |
||||
User={{ mayan_user }} |
||||
WorkingDirectory={{ mayan_root_dir }}/ |
||||
EnvironmentFile={{ mayan_root_dir }}/config/.env |
||||
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency=1 |
||||
Nice=1 |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
SyslogIdentifier=mayan-edms-worker-fast |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,22 @@ |
||||
[Unit] |
||||
Description=Mayan EDMS medium celery worker |
||||
After=redis.service postgresql.service mysql.service mariadb.service |
||||
|
||||
[Service] |
||||
User={{ mayan_user }} |
||||
WorkingDirectory={{ mayan_root_dir }}/ |
||||
EnvironmentFile={{ mayan_root_dir }}/config/.env |
||||
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q default,checkouts_periodic,indexing,signatures,documents_periodic,uploads,documents,file_metadata,metadata,sources,sources_periodic -n mayan-worker-medium.%%h --concurrency=1 |
||||
Nice=18 |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
SyslogIdentifier=mayan-edms-worker-medium |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,22 @@ |
||||
[Unit] |
||||
Description=Mayan EDMS slow celery worker |
||||
After=redis.service postgresql.service mysql.service mariadb.service |
||||
|
||||
[Service] |
||||
User={{ mayan_user }} |
||||
WorkingDirectory={{ mayan_root_dir }}/ |
||||
EnvironmentFile={{ mayan_root_dir }}/config/.env |
||||
ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q statistics,tools,common_periodic,parsing,document_states,mailing,ocr -n mayan-worker-slow.%%h --concurrency=1 |
||||
Nice=19 |
||||
PrivateTmp=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
SyslogIdentifier=mayan-edms-worker-slow |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,3 @@ |
||||
#!/bin/bash -e |
||||
|
||||
rm -f {{ mayan_root_dir }}/backup/* |
@ -0,0 +1,8 @@ |
||||
#!/bin/bash -e |
||||
|
||||
/usr/bin/mysqldump --user={{ mayan_db_user | quote }} \ |
||||
--password={{ mayan_db_pass | quote }} \ |
||||
--host={{ mayan_db_server | quote }} \ |
||||
--quick --single-transaction \ |
||||
--add-drop-table {{ mayan_db_name | quote }} | zstd -c > {{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst |
||||
|
Loading…
Reference in new issue