parent
9062422ab9
commit
50ead6075c
22 changed files with 473 additions and 0 deletions
@ -0,0 +1,37 @@ |
||||
--- |
||||
|
||||
# Version of papermerge to deploy |
||||
papermerge_version: 1.5.0 |
||||
# URL of the tarball |
||||
papermerge_archive_url: https://github.com/ciur/papermerge/archive/v{{ papermerge_version }}.tar.gz |
||||
# Expected sha1 of the archive, to check the download was OK |
||||
papermerge_archive_sha1: d97d63f3102a48af9aaeb261e498533c54d22bc3 |
||||
|
||||
# Papermerge uses 2 ports. for gunicorn and will only listen on the loopback |
||||
# The other for nginx and is the one which will be accessible over the network |
||||
# The port defined here is for nginx. Gunicorn will use this port +1 |
||||
papermerge_port: 8010 |
||||
# List of IP (or CIDR networks) for which access to the nginx port will be allowed |
||||
papermerge_src_ip: [] |
||||
|
||||
# Should ansible manage papermerge upgrades or just initial install |
||||
papermerge_manage_upgrade: True |
||||
|
||||
# Parameter for the postgres database |
||||
papermerge_db_server: "{{ pg_server | default('localhost') }}" |
||||
papermerge_db_port: 5432 |
||||
papermerge_db_user: papermerge |
||||
papermerge_db_name: papermerge |
||||
# If papermerge_db_pass is not defined, a random one will be created |
||||
#papermerge_db_pass: S3cr3t. |
||||
|
||||
# Unix user under which papermerge will run |
||||
papermerge_user: papermerge |
||||
# Top dir where papermerge will be installed |
||||
papermerge_root_dir: /opt/papermerge |
||||
|
||||
# Default lang for the OCR |
||||
papermerge_ocr_default_lang: fra |
||||
|
||||
# Django secret key. A random one will be created if not set |
||||
# papermerge_secret_key: abc123 |
@ -0,0 +1,7 @@ |
||||
--- |
||||
|
||||
- name: restart papermerge |
||||
service: name={{ item }} state=restarted |
||||
loop: |
||||
- papermerge-web |
||||
- papermerge-worker |
@ -0,0 +1,9 @@ |
||||
--- |
||||
|
||||
dependencies: |
||||
- role: repo_scl # For python 3.8 |
||||
- role: repo_nux_dextop # For pdftk |
||||
- role: nginx |
||||
- role: postgresql_server |
||||
when: papermerge_db_server == '127.0.0.1' or papermerge_db_server == 'localhost' |
||||
|
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- import_tasks: ../includes/webapps_compress_archive.yml |
||||
vars: |
||||
- root_dir: "{{ papermerge_root_dir }}" |
||||
- version: "{{ papermerge_current_version }}" |
||||
tags: ged |
||||
|
@ -0,0 +1,38 @@ |
||||
--- |
||||
|
||||
- name: Create the archive dir |
||||
file: path={{ papermerge_root_dir }}/archives/{{ papermerge_current_version }} state=directory |
||||
tags: ged |
||||
|
||||
- name: Stop sevices during upgrade |
||||
service: name={{ item }} state=stopped |
||||
loop: |
||||
- papermerge-web |
||||
- papermerge-worker |
||||
tags: ged |
||||
|
||||
- name: Archive previous version |
||||
synchronize: |
||||
src: "{{ papermerge_root_dir }}/{{ item }}" |
||||
dest: "{{ papermerge_root_dir }}/archives/{{ papermerge_current_version }}/" |
||||
recursive: True |
||||
delete: True |
||||
loop: |
||||
- venv |
||||
- app |
||||
delegate_to: "{{ inventory_hostname }}" |
||||
tags: ged |
||||
|
||||
- name: Dump the database |
||||
command: > |
||||
/usr/pgsql-13/bin/pg_dump |
||||
--clean |
||||
--host={{ papermerge_db_server | quote }} |
||||
--port={{ papermerge_db_port | quote }} |
||||
--username=sqladmin {{ papermerge_db_name | quote }} |
||||
--file="{{ papermerge_root_dir }}/archives/{{ papermerge_current_version }}/{{ papermerge_db_name }}.sql" |
||||
environment: |
||||
- PGPASSWORD: "{{ pg_admin_pass }}" |
||||
tags: ged |
||||
|
||||
|
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Remove tmp and obsolete files |
||||
file: path={{ item }} state=absent |
||||
loop: |
||||
- "{{ papermerge_root_dir }}/tmp/papermerge-{{ papermerge_version }}" |
||||
- "{{ papermerge_root_dir }}/tmp/papermerge-{{ papermerge_version }}.tar.gz" |
||||
tags: ged |
@ -0,0 +1,49 @@ |
||||
--- |
||||
|
||||
- name: Deploy configuration |
||||
template: src={{ item }}.j2 dest={{ papermerge_root_dir }}/app/{{ item }} group={{ papermerge_user }} mode=640 |
||||
loop: |
||||
- papermerge.conf.py |
||||
- gunicorn.conf.py |
||||
notify: restart papermerge |
||||
tags: ged |
||||
|
||||
- name: Deploy production settings |
||||
template: |
||||
src: production.py.j2 |
||||
dest: "{{ papermerge_root_dir }}/app/config/settings/production.py" |
||||
group: "{{ papermerge_user }}" |
||||
mode: 640 |
||||
tags: ged |
||||
|
||||
- name: Iniialize or update the database |
||||
django_manage: |
||||
command: migrate |
||||
app_path: "{{ papermerge_root_dir }}/app" |
||||
virtualenv: "{{ papermerge_root_dir }}/venv" |
||||
when: papermerge_install_mode != 'none' |
||||
notify: restart papermerge |
||||
tags: ged |
||||
|
||||
- name: Collect staic files |
||||
django_manage: |
||||
command: collectstatic |
||||
app_path: "{{ papermerge_root_dir }}/app" |
||||
virtualenv: "{{ papermerge_root_dir }}/venv" |
||||
when: papermerge_install_mode != 'none' |
||||
tags: ged |
||||
|
||||
- name: Create an initial superuser |
||||
django_manage: |
||||
command: createsuperuser --noinput --username admin --email admin@example.org |
||||
app_path: "{{ papermerge_root_dir }}/app" |
||||
virtualenv: "{{ papermerge_root_dir }}/venv" |
||||
environment: |
||||
DJANGO_SUPERUSER_PASSWORD: admin |
||||
when: papermerge_install_mode == 'install' |
||||
tags: ged |
||||
|
||||
- name: Deploy nginx configuration |
||||
template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/40-papermerge.conf |
||||
notify: reload nginx |
||||
tags: ged |
@ -0,0 +1,24 @@ |
||||
--- |
||||
|
||||
- name: Create directories |
||||
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} |
||||
loop: |
||||
- dir: "{{ papermerge_root_dir }}" |
||||
group: nginx |
||||
mode: 750 |
||||
- dir: "{{ papermerge_root_dir }}/app" |
||||
owner: "{{ papermerge_user }}" |
||||
group: nginx |
||||
mode: 750 |
||||
- dir: "{{ papermerge_root_dir }}/data" |
||||
owner: "{{ papermerge_user }}" |
||||
mode: 700 |
||||
- dir: "{{ papermerge_root_dir }}/input" |
||||
- dir: "{{ papermerge_root_dir }}/tmp" |
||||
owner: "{{ papermerge_user }}" |
||||
mode: 700 |
||||
- dir: "{{ papermerge_root_dir }}/meta" |
||||
mode: 700 |
||||
- dir: "{{ papermerge_root_dir }}/archives" |
||||
mode: 700 |
||||
tags: ged |
@ -0,0 +1,40 @@ |
||||
--- |
||||
|
||||
- fail: msg="pg_admin_pass must be set" |
||||
when: pg_admin_pass is not defined |
||||
tags: ged |
||||
|
||||
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||
vars: |
||||
- root_dir: "{{ papermerge_root_dir }}" |
||||
- version: "{{ papermerge_version }}" |
||||
tags: ged |
||||
|
||||
- import_tasks: ../includes/webapps_set_install_mode.yml |
||||
vars: |
||||
- root_dir: "{{ papermerge_root_dir }}" |
||||
- version: "{{ papermerge_version }}" |
||||
tags: ged |
||||
|
||||
- block: |
||||
- set_fact: papermerge_install_mode={{ (install_mode == 'upgrade' and not papermerge_manage_upgrade) | ternary('none',install_mode) }} |
||||
- set_fact: papermerge_current_version={{ current_version | default('') }} |
||||
tags: ged |
||||
|
||||
# Create a random pass for the DB if needed |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ papermerge_root_dir }}/meta/ansible_dbpass" |
||||
- set_fact: papermerge_db_pass={{ rand_pass }} |
||||
when: papermerge_db_pass is not defined |
||||
tags: ged |
||||
|
||||
# Create a random secret key |
||||
- block: |
||||
- import_tasks: ../includes/get_rand_pass.yml |
||||
vars: |
||||
- pass_file: "{{ papermerge_root_dir }}/meta/ansible_secret_key" |
||||
- set_fact: papermerge_secret_key={{ rand_pass }} |
||||
when: papermerge_secret_key is not defined |
||||
tags: ged |
@ -0,0 +1,105 @@ |
||||
--- |
||||
|
||||
- name: Install needed tools |
||||
yum: |
||||
name: |
||||
- rh-python38-python-pip |
||||
- rh-python38-python-setuptools |
||||
- rh-python38-python-devel |
||||
- postgresql-devel |
||||
- tesseract |
||||
- tesseract-langpack-fra |
||||
- tesseract-langpack-deu |
||||
- tesseract-langpack-spa |
||||
- tesseract-langpack-ita |
||||
- pdftk |
||||
- glibc.i686 # pdftk from nux-dextop only exists for i686 |
||||
- libstdc++.i686 # so install a few i686 libs to get it working |
||||
- zlib.i686 |
||||
- poppler-utils |
||||
- ImageMagick |
||||
- git |
||||
- tar |
||||
tags: ged |
||||
|
||||
- when: papermerge_install_mode != 'none' |
||||
block: |
||||
- name: Download papermerge |
||||
get_url: |
||||
url: "{{ papermerge_archive_url }}" |
||||
dest: "{{ papermerge_root_dir }}/tmp/" |
||||
checksum: "sha1:{{ papermerge_archive_sha1 }}" |
||||
|
||||
- name: Extract the archive |
||||
unarchive: src={{ papermerge_root_dir }}/tmp/papermerge-{{ papermerge_version }}.tar.gz dest={{ papermerge_root_dir }}/tmp remote_src=True |
||||
|
||||
- name: Move papermerge to the correct dir |
||||
synchronize: |
||||
src: "{{ papermerge_root_dir }}/tmp/papermerge-{{ papermerge_version }}/" |
||||
dest: "{{ papermerge_root_dir }}/app/" |
||||
recursive: True |
||||
delete: True |
||||
delegate_to: "{{ inventory_hostname }}" |
||||
|
||||
- name: Fix permissions on the app folder |
||||
file: path={{ papermerge_root_dir }}/app/ owner={{ papermerge_user }} group=nginx mode=750 |
||||
|
||||
- name: Wipe the venv on upgrades |
||||
file: path={{ papermerge_root_dir }}/venv state=absent |
||||
|
||||
- name: Create the venv dir |
||||
file: path={{ papermerge_root_dir }}/venv state=directory |
||||
|
||||
- name: Create the venv |
||||
pip: |
||||
requirements: "{{ papermerge_root_dir }}/app/requirements/base.txt" |
||||
virtualenv: "{{ papermerge_root_dir }}/venv" |
||||
virtualenv_command: /opt/rh/rh-python38/root/usr/local/bin/virtualenv |
||||
virtualenv_python: /opt/rh/rh-python38/root/bin/python |
||||
notify: restart papermerge |
||||
|
||||
- name: Install additional python modules |
||||
pip: |
||||
name: |
||||
- psycopg2-binary # building fails here, Python.h not found (??) |
||||
- gunicorn |
||||
virtualenv: "{{ papermerge_root_dir }}/venv" |
||||
virtualenv_command: /opt/rh/rh-python38/root/usr/local/bin/virtualenv |
||||
virtualenv_python: /opt/rh/rh-python38/root/bin/python |
||||
notify: restart papermerge |
||||
tags: ged |
||||
|
||||
- name: Create the PostgreSQL role |
||||
postgresql_user: |
||||
db: postgres |
||||
name: "{{ papermerge_db_user }}" |
||||
password: "{{ papermerge_db_pass }}" |
||||
login_host: "{{ papermerge_db_server }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ pg_admin_pass }}" |
||||
tags: ged |
||||
|
||||
- name: Create the PostgreSQL database |
||||
postgresql_db: |
||||
name: "{{ papermerge_db_name }}" |
||||
encoding: UTF-8 |
||||
template: template0 |
||||
owner: "{{ papermerge_db_user }}" |
||||
login_host: "{{ papermerge_db_server }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ pg_admin_pass }}" |
||||
tags: ged |
||||
|
||||
- name: Create systemd units |
||||
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service |
||||
loop: |
||||
- papermerge-web |
||||
- papermerge-worker |
||||
notify: restart papermerge |
||||
register: papermerge_units |
||||
tags: ged |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: papermerge_units.results | selectattr('changed','equalto',True) | list | length > 0 |
||||
tags: ged |
@ -0,0 +1,9 @@ |
||||
--- |
||||
|
||||
- name: Handle papermerge port in the firewall |
||||
iptables_raw: |
||||
name: papermerge_port |
||||
state: "{{ (papermerge_src_ip | length > 0) | ternary('present','absent') }}" |
||||
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ papermerge_port }} -s {{ papermerge_src_ip | join(',') }} -j ACCEPT" |
||||
tags: firewall,ged |
||||
|
@ -0,0 +1,18 @@ |
||||
--- |
||||
|
||||
- include: user.yml |
||||
- include: directories.yml |
||||
- include: facts.yml |
||||
- include: archive_pre.yml |
||||
when: papermerge_install_mode == 'upgrade' |
||||
- include: install.yml |
||||
- include: selinux.yml |
||||
when: ansible_selinux.status == 'enabled' |
||||
- include: conf.yml |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
- include: services.yml |
||||
- include: write_version.yml |
||||
- include: archive_post.yml |
||||
when: papermerge_install_mode == 'upgrade' |
||||
- include: cleanup.yml |
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Allow nginx to bind on papermerge port |
||||
seport: ports={{ papermerge_port }} proto=tcp setype=http_port_t state=present |
||||
tags: ged |
@ -0,0 +1,8 @@ |
||||
--- |
||||
|
||||
- name: Start and enable services |
||||
service: name={{ item }} state=started enabled=True |
||||
loop: |
||||
- papermerge-web |
||||
- papermerge-worker |
||||
tags: ged |
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Create user account |
||||
user: name={{ papermerge_user }} home={{ papermerge_root_dir }} system=True |
||||
tags: ged |
@ -0,0 +1,5 @@ |
||||
--- |
||||
|
||||
- name: Write installed version |
||||
copy: content={{ papermerge_version }} dest={{ papermerge_root_dir }}/meta/ansible_version |
||||
tags: ged |
@ -0,0 +1,2 @@ |
||||
workers = 2 |
||||
bind = ["127.0.0.1:{{ papermerge_port | int + 1 }}"] |
@ -0,0 +1,18 @@ |
||||
server { |
||||
server_name papermerge; |
||||
listen {{ papermerge_port }}; |
||||
|
||||
location /static/ { |
||||
alias {{ papermerge_root_dir }}/app/static/; |
||||
} |
||||
|
||||
location /media/ { |
||||
alias {{ papermerge_root_dir }}/app/media/; |
||||
} |
||||
|
||||
location / { |
||||
proxy_pass http://127.0.0.1:{{ papermerge_port | int + 1}}; |
||||
# Don't restrict size here. You will probably put another front proxy anyway |
||||
client_max_body_size 200m; |
||||
} |
||||
} |
@ -0,0 +1,23 @@ |
||||
[Unit] |
||||
Description=Paperemerge web service |
||||
After=postgresql.service |
||||
Requires=papermerge-worker.service |
||||
|
||||
[Service] |
||||
WorkingDirectory={{ papermerge_root_dir }}/app |
||||
Environment=DJANGO_SETTINGS_MODULE=config.settings.production |
||||
ExecStart={{ papermerge_root_dir }}/venv/bin/gunicorn config.wsgi:application --config {{ papermerge_root_dir }}/app/gunicorn.conf.py |
||||
User={{ papermerge_user }} |
||||
Group={{ papermerge_user }} |
||||
PrivateTmp=yes |
||||
PrivateDevices=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,23 @@ |
||||
[Unit] |
||||
Description=Papermerge Worker |
||||
After=network.target |
||||
|
||||
[Service] |
||||
Type=simple |
||||
WorkingDirectory={{ papermerge_root_dir }}/app |
||||
Environment=DJANGO_SETTINGS_MODULE=config.settings.production |
||||
ExecStart={{ papermerge_root_dir }}/venv/bin/python manage.py worker |
||||
User={{ papermerge_user }} |
||||
Group={{ papermerge_user }} |
||||
PrivateTmp=yes |
||||
PrivateDevices=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=1024M |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
@ -0,0 +1,27 @@ |
||||
DBTYPE = "postgres" |
||||
DBNAME = "{{ papermerge_db_name }}" |
||||
DBUSER = "{{ papermerge_db_user }}" |
||||
DBPASS = "{{ papermerge_db_pass }}" |
||||
DBHOST = "{{ papermerge_db_server }}" |
||||
DBPORT = "{{ papermerge_db_port }}" |
||||
MEDIA_DIR = "{{ papermerge_root_dir }}/data" |
||||
IMPORTER_DIR = "{{ papermerge_root_dir }}/input" |
||||
FILES_MIN_UNMODIFIED_DURATION = 10 |
||||
OCR_DEFAULT_LANGUAGE = "{{ papermerge_ocr_default_lang }}" |
||||
LANGUAGE_FROM_AGENT = True |
||||
MIDDLEWARE.append( |
||||
'django.middleware.locale.LocaleMiddleware' |
||||
) |
||||
TASK_QUEUE_DIR = "{{ papermerge_root_dir }}/tmp/queue" |
||||
OCR_LANGUAGES = { |
||||
"deu": "Deutsch", |
||||
"eng": "English", |
||||
"fra": "Français", |
||||
"spa": "Spanish", |
||||
"ita": "Italian" |
||||
} |
||||
|
||||
METADATA_DATE_FORMATS = [ |
||||
'yyyy-mm-dd', |
||||
'month' |
||||
] |
@ -0,0 +1,5 @@ |
||||
from .base import * # noqa |
||||
DEBUG = False |
||||
ALLOWED_HOSTS = ['127.0.0.1'] |
||||
SECRET_KEY = "{{ papermerge_secret_key }}" |
||||
|
Loading…
Reference in new issue