diff --git a/roles/appsmith/defaults/main.yml b/roles/appsmith/defaults/main.yml new file mode 100644 index 0000000..3480328 --- /dev/null +++ b/roles/appsmith/defaults/main.yml @@ -0,0 +1,37 @@ +--- + +# Version to deploy +appsmith_version: 1.3.5.1 +# URL of the source archive +appsmith_archive_url: https://github.com/appsmithorg/appsmith/archive/v{{ appsmith_version }}.tar.gz +# sha1sum of the archive +appsmith_archive_sha1: a726767f37cbe6ddcbc95d4857cb1861a6d6b9ab + +# Root directory where appsmith will be installed +appsmith_root_dir: /opt/appsmith +# Should ansible handle upgrades (True) or only initial install (False) +appsmith_manage_upgrade: True + +# User account under which appsmith will run +appsmith_user: appsmith + +# appsmith needs a redis server and a mongodb one +appsmith_redis_url: redis://localhost:6379 +appsmith_mongo_url: mongodb://localhost/appsmith?retryWrites=true + +# appsmith server component +appsmith_server_port: 8088 +# List of IP/CIDR having access to appsmith_server_port +appsmith_server_src_ip: [] + +# Email settings +appsmith_email_from: noreply@{{ ansible_domain }} +appsmith_email_server: localhost +appsmith_email_port: 25 +appsmith_email_tls: "{{ (appsmith_email_port == 587) | ternary(True,False) }}" +# appsmith_email_user: account +# appsmith_email_pass: S3Cr3T4m@1l + +# Encryption settings. If not defined, random values will be created and used +# appsmith_encryption_pass: p@ssw0rd +# appsmith_encryption_salt: Salt diff --git a/roles/appsmith/handlers/main.yml b/roles/appsmith/handlers/main.yml new file mode 100644 index 0000000..e7b75f6 --- /dev/null +++ b/roles/appsmith/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: restart appsmith-server + service: name=appsmith-server state=restarted diff --git a/roles/appsmith/meta/main.yml b/roles/appsmith/meta/main.yml new file mode 100644 index 0000000..392092d --- /dev/null +++ b/roles/appsmith/meta/main.yml @@ -0,0 +1,9 @@ +--- + +dependencies: + - role: mkdir + - role: maven + - role: redis_server + when: appsmith_redis_url | urlsplit('hostname') in ['localhost','127.0.0.1'] + - role: mongodb_server + when: appsmith_mongo_url | urlsplit('hostname') in ['localhost','127.0.0.1'] diff --git a/roles/appsmith/tasks/archive_post.yml b/roles/appsmith/tasks/archive_post.yml new file mode 100644 index 0000000..85039f6 --- /dev/null +++ b/roles/appsmith/tasks/archive_post.yml @@ -0,0 +1,10 @@ +--- + +- name: Compress previous version + command: tar cf {{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}.tar.zst --use-compress-program=zstd ./ + environment: + ZST_CLEVEL: 10 + args: + chdir: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + warn: False + tags: appsmith diff --git a/roles/appsmith/tasks/archive_pre.yml b/roles/appsmith/tasks/archive_pre.yml new file mode 100644 index 0000000..c1f5d0e --- /dev/null +++ b/roles/appsmith/tasks/archive_pre.yml @@ -0,0 +1,21 @@ +--- + +- name: Create the archive dir + file: + path: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + state: directory + tags: appsmith + +- name: Archive previous version + synchronize: + src: "{{ appsmith_root_dir }}/{{ item }}" + dest: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + recursive: True + delete: True + loop: + - server + - client + - etc + delegate_to: "{{ inventory_hostname }}" + tags: appsmith + diff --git a/roles/appsmith/tasks/cleanup.yml b/roles/appsmith/tasks/cleanup.yml new file mode 100644 index 0000000..a3cfcbf --- /dev/null +++ b/roles/appsmith/tasks/cleanup.yml @@ -0,0 +1,7 @@ +--- + +- name: Remove tmp and unused files + file: path={{ item }} state=absent + loop: + - "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + tags: appsmith diff --git a/roles/appsmith/tasks/conf.yml b/roles/appsmith/tasks/conf.yml new file mode 100644 index 0000000..610be72 --- /dev/null +++ b/roles/appsmith/tasks/conf.yml @@ -0,0 +1,8 @@ +--- + +- name: Deploy appsmith server conf + template: src={{ item }}.j2 dest={{ appsmith_root_dir }}/etc/{{ item }} group={{ appsmith_user }} mode=640 + loop: + - env + notify: restart appsmith-server + tags: appsmith diff --git a/roles/appsmith/tasks/directories.yml b/roles/appsmith/tasks/directories.yml new file mode 100644 index 0000000..88d42c4 --- /dev/null +++ b/roles/appsmith/tasks/directories.yml @@ -0,0 +1,23 @@ +--- + +- name: Create directories + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: "{{ appsmith_root_dir }}" + - dir: "{{ appsmith_root_dir }}/archives" + mode: 700 + - dir: "{{ appsmith_root_dir }}/backup" + mode: 700 + - dir: "{{ appsmith_root_dir }}/tmp" + owner: "{{ appsmith_user }}" + mode: 700 + - dir: "{{ appsmith_root_dir }}/src" + - dir: "{{ appsmith_root_dir }}/server" + - dir: "{{ appsmith_root_dir }}/server/plugins" + - dir: "{{ appsmith_root_dir }}/client" + - dir: "{{ appsmith_root_dir }}/meta" + mode: 700 + - dir: "{{ appsmith_root_dir }}/etc" + group: "{{ appsmith_user }}" + mode: 750 + tags: appsmith diff --git a/roles/appsmith/tasks/facts.yml b/roles/appsmith/tasks/facts.yml new file mode 100644 index 0000000..1e6d935 --- /dev/null +++ b/roles/appsmith/tasks/facts.yml @@ -0,0 +1,32 @@ +--- + +# Detect installed version (if any) +- block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ appsmith_root_dir }}" + - version: "{{ appsmith_version }}" + - set_fact: appsmith_install_mode={{ (install_mode == 'upgrade' and not appsmith_manage_upgrade) | ternary('none',install_mode) }} + - set_fact: appsmith_current_version={{ current_version | default('') }} + tags: appsmith + +# Create a random encryption password +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_pass" + - set_fact: appsmith_encryption_pass={{ rand_pass }} + when: appsmith_encryption_pass is not defined + tags: appsmith + +# Create a random encryption salt +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_salt" + - complex: False + - pass_size: 10 + - set_fact: appsmith_encryption_salt={{ rand_pass }} + when: appsmith_encryption_salt is not defined + tags: appsmith + diff --git a/roles/appsmith/tasks/install.yml b/roles/appsmith/tasks/install.yml new file mode 100644 index 0000000..bd1c3a7 --- /dev/null +++ b/roles/appsmith/tasks/install.yml @@ -0,0 +1,94 @@ +--- + +- name: Install dependencies + yum: + name: + - nodejs + - java-11-openjdk + tags: appsmith + +- name: Detect exact JRE version + command: rpm -q java-11-openjdk + args: + warn: False + changed_when: False + register: appsmith_jre11_version + tags: appsmith + +- name: Select JRE 11 as default version + alternatives: + name: "{{ item.name }}" + link: "{{ item.link }}" + path: "{{ item.path }}" + loop: + - name: java + link: /usr/bin/java + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/java + - name: javac + link: /usr/bin/javac + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/javac + - name: jre_openjdk + link: /usr/lib/jvm/jre-openjdk + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }} + - name: java_sdk_openjdk + link: /usr/lib/jvm/java-openjdk + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }} + tags: appsmith + +- when: appsmith_install_mode != 'none' + block: + + - name: Download appsmith + get_url: + url: "{{ appsmith_archive_url }}" + dest: "{{ appsmith_root_dir }}/tmp" + checksum: sha1:{{ appsmith_archive_sha1 }} + + - name: Extract appsmith archive + unarchive: + src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}.tar.gz" + dest: "{{ appsmith_root_dir }}/tmp" + remote_src: True + + - name: Move sources + synchronize: + src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}/" + dest: "{{ appsmith_root_dir }}/src/" + compress: False + delete: True + delegate_to: "{{ inventory_hostname }}" + + - name: Compile the server + command: /opt/maven/apache-maven/bin/mvn -DskipTests clean package + args: + chdir: "{{ appsmith_root_dir }}/src/app/server" + + - name: Remove previous server version + shell: find {{ appsmith_root_dir }}/server -name \*.jar -exec rm -f "{}" \; + + - name: Copy server jar + copy: src={{ appsmith_root_dir }}/src/app/server/appsmith-server/target/server-1.0-SNAPSHOT.jar dest={{ appsmith_root_dir }}/server/ remote_src=True + notify: restart appsmith-server + + - name: List plugins + shell: find {{ appsmith_root_dir }}/src/app/server/appsmith-*/*/target -maxdepth 1 -name \*.jar \! -name original\* + register: appsmith_plugins_jar + + - name: Install plugins jar + copy: src={{ item }} dest={{ appsmith_root_dir }}/server/plugins/ remote_src=True + loop: "{{ appsmith_plugins_jar.stdout_lines }}" + + tags: appsmith + +- name: Deploy systemd unit + template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} + loop: + - appsmith-server.service + register: appsmith_units + notify: restart appsmith-server + tags: appsmith + +- name: Reload systemd + systemd: daemon_reload=True + when: appsmith_units.results | selectattr('changed','equalto',True) | list | length > 0 + tags: appsmith diff --git a/roles/appsmith/tasks/iptables.yml b/roles/appsmith/tasks/iptables.yml new file mode 100644 index 0000000..2e689fd --- /dev/null +++ b/roles/appsmith/tasks/iptables.yml @@ -0,0 +1,12 @@ +--- + +- name: Handle appsmith ports in the firewall + iptables_raw: + name: "{{ item.name }}" + state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}" + rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT" + loop: + - name: appsmith_server_port + port: "{{ appsmith_server_port }}" + src_ip: "{{ appsmith_server_src_ip }}" + tags: firewall,appsmith diff --git a/roles/appsmith/tasks/main.yml b/roles/appsmith/tasks/main.yml new file mode 100644 index 0000000..1208952 --- /dev/null +++ b/roles/appsmith/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- include: user.yml +- include: directories.yml +- include: facts.yml +- include: archive_pre.yml + when: appsmith_install_mode == 'upgrade' +- include: install.yml +- include: conf.yml +- include: iptables.yml + when: iptables_manage | default(True) +- include: services.yml +- include: write_version.yml +- include: archive_post.yml + when: appsmith_install_mode == 'upgrade' +- include: cleanup.yml + diff --git a/roles/appsmith/tasks/services.yml b/roles/appsmith/tasks/services.yml new file mode 100644 index 0000000..30847a4 --- /dev/null +++ b/roles/appsmith/tasks/services.yml @@ -0,0 +1,7 @@ +--- + +- name: Start and enable the services + service: name={{ item }} state=started enabled=True + loop: + - appsmith-server + tags: appsmith diff --git a/roles/appsmith/tasks/user.yml b/roles/appsmith/tasks/user.yml new file mode 100644 index 0000000..8c773cb --- /dev/null +++ b/roles/appsmith/tasks/user.yml @@ -0,0 +1,8 @@ +--- + +- name: Create appsmith user + user: + name: "{{ appsmith_user }}" + home: "{{ appsmith_root_dir }}" + system: True + tags: appsmith diff --git a/roles/appsmith/tasks/write_version.yml b/roles/appsmith/tasks/write_version.yml new file mode 100644 index 0000000..8cbcf5e --- /dev/null +++ b/roles/appsmith/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write installed version + copy: content={{ appsmith_version }} dest={{ appsmith_root_dir }}/meta/ansible_version + tags: appsmith diff --git a/roles/appsmith/templates/appsmith-server.service.j2 b/roles/appsmith/templates/appsmith-server.service.j2 new file mode 100644 index 0000000..bdcdf9b --- /dev/null +++ b/roles/appsmith/templates/appsmith-server.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Opensource framework to build app and workflows +After=syslog.target network.target mongodb.service redis.service + +[Service] +Type=simple +User={{ appsmith_user }} +Group={{ appsmith_user }} +EnvironmentFile={{ appsmith_root_dir }}/etc/env +WorkingDirectory={{ appsmith_root_dir }}/server +ExecStart=/bin/java -Djava.net.preferIPv4Stack=true -Dserver.port={{ appsmith_server_port }} -Djava.security.egd="file:/dev/./urandom" -jar server-1.0-SNAPSHOT.jar +PrivateTmp=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryLimit=4096M +Restart=on-failure +StartLimitInterval=0 +RestartSec=30 +SyslogIdentifier=appsmith-server + +[Install] +WantedBy=multi-user.target + diff --git a/roles/appsmith/templates/env.j2 b/roles/appsmith/templates/env.j2 new file mode 100644 index 0000000..d752936 --- /dev/null +++ b/roles/appsmith/templates/env.j2 @@ -0,0 +1,15 @@ +APPSMITH_MAIL_ENABLED=true +APPSMITH_MAIL_FROM={{ appsmith_email_from }} +APPSMITH_MAIL_HOST={{ appsmith_email_server }} +APPSMITH_MAIL_PORT={{ appsmith_email_port }} +APPSMITH_MAIL_SMTP_TLS_ENABLED={{ appsmith_email_tls | ternary('true','false') }} +{% if appsmith_email_user is defined and appsmith_email_pass is defined %} +APPSMITH_MAIL_SMTP_AUTH=true +APPSMITH_MAIL_USERNAME={{ appsmith_email_user }} +APPSMITH_MAIL_PASSWORD={{ appsmith_email_pass }} +{% endif %} +APPSMITH_REDIS_URL={{ appsmith_redis_url }} +APPSMITH_MONGODB_URI={{ appsmith_mongo_url }} +APPSMITH_DISABLE_TELEMETRY=true +APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }} +APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }}