# install redmine - hosts: redmine_servers become: true become_method: su environment: "{{ proxy_env }}" vars: redmine_path: /srv/redmine tasks: - name: check facts fail: msg: "Not compatible with [{{ ansible_os_family }}] {{ ansible_distribution }} {{ ansible_distribution_major_version }}." when: ansible_os_family != 'RedHat' or ansible_distribution_major_version|int != 7 - name: install RPMs yum: name: - yum-utils - httpd state: latest - name: install docker shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo changed_when: False - yum: name=docker-ce state=latest notify: - restart Docker - name: set proxy for docker file: path=/etc/systemd/system/docker.service.d state=directory when: proxy_env.http_proxy is defined - copy: dest: /etc/systemd/system/docker.service.d/http-proxy.conf force: no content: "[Service]\nEnvironment = \"http_proxy={{ proxy_env.http_proxy }}\" \"https_proxy={{ proxy_env.https_proxy }}\"\n" when: proxy_env.http_proxy is defined - meta: flush_handlers - name: install docker-compose stat: path=/usr/local/bin/docker-compose register: result01 - shell: | curl --location --output /usr/local/bin/docker-compose \ $(curl --silent --show-error \ https://api.github.com/repos/docker/compose/releases/latest \ | grep 'Linux-x86_64"' \ | grep url \ | cut --delimiter='"' --fields=4 \ ) chmod +x /usr/local/bin/docker-compose args: warn: false when: result01.stat.exists == false - name: "create {{ redmine_path }}" file: path={{ redmine_path }} state=directory register: result02 - shell: | /usr/sbin/matchpathcon {{ redmine_path }} /usr/sbin/semanage fcontext --add --type container_file_t {{ redmine_path }} /usr/sbin/restorecon -v {{ redmine_path }} /usr/sbin/matchpathcon {{ redmine_path }} args: warn: false when: result02.changed == true - name: create config files file: path={{ redmine_path }}/config state=directory - copy: src: configuration.yml dest: "{{ redmine_path }}/config/configuration.yml" force: no - copy: dest: "{{ redmine_path }}/config/additional_environment.rb" force: no content: | config.cache_store = :mem_cache_store, "memcached" config.logger = Logger.new("#{Rails.root}/log/#{ENV['RAILS_ENV']}.log", 50, 1000000) config.logger.level = Logger::INFO - copy: dest: "{{ redmine_path }}/Gemfile.local" force: no content: "gem 'dalli'\n" - file: path={{ redmine_path }}/../mysql/conf.d state=directory - copy: dest: "{{ redmine_path }}/../mysql/conf.d/redmine.cnf" force: no content: | [mysqld] innodb_buffer_pool_size = 536870912 innodb_log_file_size = 201326592 - name: create a parent dir of git-repos file: path: /var/lib/git owner: nobody group: users state: directory mode: 02775 register: result03 - shell: | /usr/sbin/semanage fcontext -a -t httpd_git_content_t "/var/lib/git(/.*)?" /usr/sbin/restorecon -Rv /var/lib/git args: warn: false when: result03.changed == true - name: docker-compose up template: src: docker-compose.yml dest: "{{ redmine_path }}/docker-compose.yml" force: no - template: src: docker-env dest: "{{ redmine_path }}/.env" force: no mode: 0400 - shell: docker-compose --project-directory {{ redmine_path }} up --detach args: chdir: "{{ redmine_path }}" register: result04 changed_when: '" is up-to-date" not in result04.stderr' - name: wait for Completed 200 OK shell: docker container logs redmine 2>/dev/null | tail -15 register: result05 changed_when: false until: '"Completed 200 OK " in result05.stdout' retries: 100 delay: 5 - name: set db password file slurp: src: "{{ redmine_path }}/.env" register: result06 - copy: dest: ~/.my.cnf.org force: no content: "[client]\nuser = redmine\npassword = {{ result06['content'] | b64decode | regex_findall('REDMINE_DB_PASSWORD=(.+)\\n') | first }}\nhost = localhost\n" register: result07 - shell: docker cp ~/.my.cnf.org mysql:root/.my.cnf when: result07.changed - name: load default data shell: docker exec {% if proxy_env.http_proxy is defined -%} -e HTTP_PROXY={{ proxy_env.http_proxy }} -e HTTPS_PROXY={{ proxy_env.https_proxy }} {% endif -%} redmine bundle exec rake redmine:load_default_data RAILS_ENV=production REDMINE_LANG=ja register: result08 changed_when: '" is already loaded." not in result08.stdout' - name: update roles shell: | cat << '_EOQ_' | docker exec -i mysql mysql redmine UPDATE `roles` SET `permissions` = NULL WHERE `id` = '1' OR `id` = '2'; _EOQ_ changed_when: false - name: insert settings shell: | cat << '_EOQ_' | docker exec -i mysql mysql redmine SELECT count(*) FROM `settings` _EOQ_ changed_when: false register: result09 - shell: | cat settings.sql | docker exec --interactive mysql mysql redmine && \ docker exec redmine passenger-config restart-app /usr/src/redmine when: result09.stdout_lines[1] == "0" - name: clear rails cache shell: docker exec {% if proxy_env.http_proxy is defined -%} -e HTTP_PROXY={{ proxy_env.http_proxy }} -e HTTPS_PROXY={{ proxy_env.https_proxy }} {% endif -%} redmine bundle exec rails runner 'Rails.cache.clear' changed_when: false - name: bundle install shell: docker exec {% if proxy_env.http_proxy is defined -%} -e HTTP_PROXY={{ proxy_env.http_proxy }} -e HTTPS_PROXY={{ proxy_env.https_proxy }} {% endif -%} redmine bundle install changed_when: false - name: restart passenger shell: docker exec {% if proxy_env.http_proxy is defined -%} -e HTTP_PROXY={{ proxy_env.http_proxy }} -e HTTPS_PROXY={{ proxy_env.https_proxy }} {% endif -%} redmine passenger-config restart-app /usr/src/redmine changed_when: false - name: modify httpd.conf for redmine copy: dest: /etc/httpd/conf.d/proxy-redmine.conf force: no mode: 0644 content: | LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so ProxyPassMatch /git.* ! ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ register: result10 - shell: /usr/sbin/setsebool -P httpd_can_network_connect 1 when: result10.changed == true notify: - restart Apache - name: open ports firewalld: service: "{{ item }}" permanent: true state: enabled immediate: yes loop: - http - https handlers: - name: restart Docker systemd: name: docker state: restarted daemon_reload: yes enabled: yes - name: restart Apache systemd: name: httpd state: restarted daemon_reload: yes enabled: yes