Update to 2020-09-29 20:00

roles/mayan_edms/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+
+mayan_version: 3.4.17
+mayan_root_dir: /opt/mayan-edms
+mayan_user: mayan-edms
+# Should ansible handle upgrades ? If false, only initial install will be done
+mayan_manage_upgrade: True
+
+mayan_db_server: "{{ mysql_server | default('localhost') }}"
+mayan_db_user: mayanedms
+mayan_db_name: mayanedms
+# A random pass will be created if not defined
+# mayan_db_pass: S3cr3t.
+
+# URL of the redis server to use
+mayan_redis_url: redis://{% if redis_pass is defined %}:{{ redis_pass }}{% endif %}127.0.0.1:6379
+# Mayan EDMS needs 2 redis DB. Set here the ID
+# of the DB you want to use
+mayan_redis_db:
+  result_backend: 0
+  broker: 1
+
+# Number of web workers
+mayan_web_workers: 2
+
+# Port and list of allowed IP
+mayan_port: 8000
+mayan_src_ip: []
+
+# From email address
+mayan_from_mail: mayan-edsm@{{ ansible_domain }}
+
+# Main language for document
+mayan_doc_lang: fra

roles/mayan_edms/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: restart mayan-edms
+  service: name={{ item }} state=restarted
+  loop:
+    - mayan-edms-web
+    - mayan-edms-worker-fast
+    - mayan-edms-worker-medium
+    - mayan-edms-worker-slow
+    - mayan-edms-beat
+

roles/mayan_edms/meta/main.yml

@@ -0,0 +1,8 @@
+---
+
+dependencies:
+  - role: mkdir
+  - role: mysql_server
+    when: mayan_db_server == '127.0.0.1' or mayan_db_server == 'localhost'
+  - role: redis_server
+    when: mayan_redis_url | urlsplit('hostname') == '127.0.0.1' or mayan_redis_url | urlsplit('hostname') == 'localhost'

roles/mayan_edms/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ mayan_root_dir }}/archives/{{ mayan_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZST_CLEVEL: 10
+  args:
+    chdir: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}"
+    warn: False
+  tags: mayan

roles/mayan_edms/tasks/archive_pre.yml

@@ -0,0 +1,32 @@
+---
+
+- name: Create the archive dir
+  file: path={{ mayan_root_dir }}/archives/{{ mayan_current_version }} state=directory
+  tags: mayan
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ mayan_root_dir }}/{{ item }}"
+    dest: "{{ mayan_root_dir }}/archives/{{ mayan_current_version }}/"
+    recursive: True
+    delete: True
+  loop:
+    - app
+    - venv
+  delegate_to: "{{ inventory_hostname }}"
+  tags: mayan
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ mayan_db_name }}"
+    target: "{{ root_dir }}/archives/{{ mayan_current_version }}/{{ mayan_db_name }}.sql.xz"
+    login_host: "{{ mayan_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: mayan
+

roles/mayan_edms/tasks/cleanup.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Remove temp and obsolete files
+  file: path={{ item }} state=absent
+  loop: []
+  tags: mayan

roles/mayan_edms/tasks/conf.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Deploy configuration
+  template: src={{ item.src }} dest={{ item.dest }} group={{ mayan_user }} mode=640
+  loop:
+    - src: env.j2
+      dest: "{{ mayan_root_dir }}/config/.env"
+  notify: restart mayan-edms
+  tags: mayan

roles/mayan_edms/tasks/directories.yml

@@ -0,0 +1,26 @@
+---
+- name: Create directories
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner | default(omit) }}"
+    group: "{{ item.group | default(omit) }}"
+    mode: "{{ item.mode | default(omit) }}"
+  loop:
+    - path: "{{ mayan_root_dir }}/venv"
+    - path: "{{ mayan_root_dir }}/meta"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/tmp"
+      mode: 700
+      owner: "{{ mayan_user }}"
+    - path: "{{ mayan_root_dir }}/data"
+      mode: 700
+      owner: "{{ mayan_user }}"
+    - path: "{{ mayan_root_dir }}/archive"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/backup"
+      mode: 700
+    - path: "{{ mayan_root_dir }}/config"
+      group: "{{ mayan_user }}"
+      mode: 750
+  tags: mayan

roles/mayan_edms/tasks/facts.yml

@@ -0,0 +1,34 @@
+---
+
+- fail: msg="mysql_admin_pass must be set"
+  when: mysql_admin_pass is not defined
+  tags: mayan
+
+# Ensure we have recent enough MariaDB version
+- fail: msg="Require MariaDB > 10"
+  when:
+    - mayan_db_server == 'localhost' or mayan_db_server == '127.0.0.1'
+    - mysql_mariadb_version == 'default'
+  tags: mayan
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ mayan_root_dir }}"
+    - version: "{{ mayan_version }}"
+  tags: mayan
+
+- block:
+    - set_fact: mayan_install_mode={{ (install_mode == 'upgrade' and not mayan_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: mayan_current_version={{ current_version | default('') }}
+  tags: mayan
+
+  # Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ mayan_root_dir }}/meta/ansible_dbpass"
+    - set_fact: mayan_db_pass={{ rand_pass }}
+  when: mayan_db_pass is not defined
+  tags: mayan
+
+

roles/mayan_edms/tasks/install.yml

@@ -0,0 +1,105 @@
+---
+
+- name: Install needed tools
+  yum:
+    name:
+      - git
+      - gcc
+      - openssl-devel
+      - libffi-devel
+      - openldap-devel
+      - libjpeg-turbo-devel
+      - libpng-devel
+      - mysql-devel
+      - libexif
+      - ghostscript
+      - gnupg
+      - graphviz
+      - fuse-libs
+      - file-libs
+      - libreoffice
+      - poppler-utils
+      - sane-backends
+      - tesseract
+      - tesseract-langpack-fra
+      - python3-devel
+      - python3-pip
+      - python3-virtualenv
+      - python-setuptools
+  tags: mayan
+
+- name: Wipe the venv on upgrades
+  file: path={{ mayan_root_dir }}/venv state=absent
+  when: mayan_install_mode=='upgrade'
+  tags: mayan
+
+- name: Create the venv dir
+  file: path={{ mayan_root_dir }}/venv state=directory
+  tags: mayan
+
+- name: Create the virtualenv
+  pip:
+    name:
+      - pip
+      - redis
+      - mysql
+    state: "{{ (mayan_install_mode == 'none') | ternary('present', 'latest') }}"
+    virtualenv: "{{ mayan_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  tags: mayan
+
+- name: Install Mayan EDMS
+  pip:
+    name:
+      - mayan-edms=={{ mayan_version }}
+    virtualenv: "{{ mayan_root_dir }}/venv"
+    virtualenv_command: /usr/bin/virtualenv-3
+    virtualenv_python: /usr/bin/python3
+  tags: mayan
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ mayan_db_name }}"
+    - db_user: "{{ mayan_db_user }}"
+    - db_server: "{{ mayan_db_server }}"
+    - db_pass: "{{ mayan_db_pass }}"
+  tags: mayan
+
+- name: Initialize or upgrade database
+  command: >-
+    {{ mayan_root_dir }}/venv/bin/python
+      {{ mayan_root_dir }}/venv/bin/mayan-edms.py
+      {{ (mayan_install_mode == 'install') | ternary('initialsetup','performupgrade') }}
+  environment:
+    - MAYAN_MEDIA_ROOT: "{{ mayan_root_dir }}/data"
+    - MAYAN_DATABASE_ENGINE: django.db.backends.mysql
+    - MAYAN_DATABASE_NAME: "{{ mayan_db_name }}"
+    - MAYAN_DATABASE_PASSWORD: "{{ mayan_db_pass }}"
+    - MAYAN_DATABASE_USER: "{{ mayan_db_user }}"
+    - MAYAN_DATABASE_HOST: "{{ mayan_db_server }}"
+  when: mayan_install_mode != 'none'
+  tags: mayan
+
+- name: Deploy systemd units
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  loop:
+    - mayan-edms-web.service
+    - mayan-edms-worker-fast.service
+    - mayan-edms-worker-medium.service
+    - mayan-edms-worker-slow.service
+    - mayan-edms-beat.service
+  register: mayan_systemd_units
+  tags: mayan
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when:  mayan_systemd_units.results | selectattr('changed', 'equalto', True) | list | length > 0
+  tags: mayan
+
+- name: Install pre/post backup scripts
+  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/mayan_edms.sh mode=750
+  loop:
+    - pre
+    - post
+  tags: mayan

roles/mayan_edms/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name:  Handle Mayan EDMS port in the firewall
+  iptables_raw:
+    name: mayan_port
+    state: "{{ (mayan_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ mayan_port }} -s {{ mayan_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,mayan
+

roles/mayan_edms/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: mayan_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: mayan_install_mode == 'upgrade'
+- include: cleanup.yml

roles/mayan_edms/tasks/services.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Start and enable services
+  service: name={{ item }} state=started enabled=True
+  loop:
+    - mayan-edms-web
+    - mayan-edms-worker-fast
+    - mayan-edms-worker-medium
+    - mayan-edms-worker-slow
+    - mayan-edms-beat
+  tags: mayan

roles/mayan_edms/tasks/user.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create mayan user account
+  user: name={{ mayan_user }} home={{ mayan_root_dir }} system=True
+  tags: mayan
+

roles/mayan_edms/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write current version
+  copy: content={{ mayan_version }} dest={{ mayan_root_dir }}/meta/ansible_version
+  tags: mayan

roles/mayan_edms/templates/env.j2

@@ -0,0 +1,14 @@
+MAYAN_ALLOWED_HOSTS="['*']"
+PYTHONPATH="{{ mayan_root_dir }}/data/mayan_settings"
+DJANGO_SETTINGS_MODULE=mayan.settings.production
+MAYAN_MEDIA_ROOT="{{ mayan_root_dir }}/data"
+MAYAN_CELERY_RESULT_BACKEND="{{ mayan_redis_url }}/{{ mayan_redis_db.result_backend }}"
+MAYAN_CELERY_BROKER_URL="{{ mayan_redis_url }}/{{ mayan_redis_db.broker }}"
+MAYAN_DATABASES="{default: {ENGINE: django.db.backends.mysql, HOST: '{{ mayan_db_server }}', NAME: '{{ mayan_db_user }}', PASSWORD: '{{ mayan_db_pass }}', USER: '{{ mayan_db_user }}'}}"
+MAYAN_DEFAULT_FROM_EMAIL={{ mayan_from_mail | quote }}
+MAYAN_DOCUMENTS_LANGUAGE={{ mayan_doc_lang }}
+MAYAN_SECURE_PROXY_SSL_HEADER="('HTTP_X_FORWARDED_PROTO', 'https')"
+MAYAN_SESSION_COOKIE_NAME="mayanedmssessionid"
+MAYAN_STORAGE_TEMPORARY_DIRECTORY="{{ mayan_root_dir }}/tmp"
+MAYAN_TIME_ZONE={{ system_tz | default('UTC') }}
+MAYAN_USE_X_FORWARDED_HOST="true"

roles/mayan_edms/templates/mayan-edms-beat.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Mayan EDMS celery beat service
+After=redis.service postgresql.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery beat -A mayan --pidfile= -l INFO
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-beat
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/mayan_edms/templates/mayan-edms-web.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS web service
+After=redis.service postgresql.service maysql.service mariadb.service
+Wants=mayan-edms-worker-fast.service mayan-edms-worker-medium.service mayan-edms-worker-slow.service mayan-edms-beat.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/gunicorn -w {{ mayan_web_workers }} mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class sync --bind 0.0.0.0:{{ mayan_port }} --timeout 120
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-web
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/mayan_edms/templates/mayan-edms-worker-fast.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS fast celery worker
+After=redis.service postgresql.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q document_states_fast,converter,sources_fast -n mayan-worker-fast.%%h --concurrency=1
+Nice=1
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-worker-fast
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/mayan_edms/templates/mayan-edms-worker-medium.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS medium celery worker
+After=redis.service postgresql.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q default,checkouts_periodic,indexing,signatures,documents_periodic,uploads,documents,file_metadata,metadata,sources,sources_periodic -n mayan-worker-medium.%%h --concurrency=1
+Nice=18
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-worker-medium
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/mayan_edms/templates/mayan-edms-worker-slow.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Mayan EDMS slow celery worker
+After=redis.service postgresql.service mysql.service mariadb.service
+
+[Service]
+User={{ mayan_user }}
+WorkingDirectory={{ mayan_root_dir }}/
+EnvironmentFile={{ mayan_root_dir }}/config/.env
+ExecStart={{ mayan_root_dir }}/venv/bin/celery worker -A mayan -Ofair -l INFO -Q statistics,tools,common_periodic,parsing,document_states,mailing,ocr -n mayan-worker-slow.%%h --concurrency=1
+Nice=19
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=mayan-edms-worker-slow
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/mayan_edms/templates/post_backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ mayan_root_dir }}/backup/*

roles/mayan_edms/templates/pre_backup.sh.j2

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+/usr/bin/mysqldump --user={{ mayan_db_user | quote }} \
+                   --password={{ mayan_db_pass | quote }} \
+                   --host={{ mayan_db_server | quote }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ mayan_db_name | quote }} | zstd -c > {{ mayan_root_dir }}/backup/{{ mayan_db_name }}.sql.zst
+