diff --git a/setup/odoo-playboook/Readme.txt b/setup/odoo-playboook/Readme.txt new file mode 100644 index 00000000..984015c7 --- /dev/null +++ b/setup/odoo-playboook/Readme.txt @@ -0,0 +1,33 @@ +Schritt 1: +Hostsfile um Host erweitern + +Schritt 2 - Playbooks anpassen: +Host angeben (Variable hosts) +Repository URL angeben (Variable odoo_repo_url) +Passwörter setzen (Variablen odoo_config_admin_passwd, odoo_config_db_password, odoo_general_user_passwd) + +Schritt 3: +Die Playbooks wie in den nachfolgenden Beispielen beschrieben ausführen + +[Odoo Test Instanz aufsetzen] +1. Playbook ausführen: ansible-playbook odoo-playboook/playbook-test.yml -i odoo-playboook/hosts --ask-become-pass +2. Auf den Server verbinden: ssh odoo-test@[host] +3. Public SSH Key kopieren und in Gitlab beim Projekt unter Settings/Repository eintragen: cat .ssh/id_rsa.pub +4. Playbook nochaml ausführen: ansible-playbook odoo-playboook/playbook-test.yml -i odoo-playboook/hosts + +[Odoo Prod Instanz aufsetzen] +1. Playbook ausführen: ansible-playbook odoo-playboook/playbook-prod.yml -i odoo-playboook/hosts +2. Auf den Server verbinden: ssh odoo-prod@[host] +3. Public SSH Key kopieren und in Gitlab beim Projekt unter Settings/Repository eintragen: cat .ssh/id_rsa.pub +4. Playbook nochaml ausführen: ansible-playbook odoo-playboook/playbook-prod.yml -i odoo-playboook/hosts + +[Nginx Server aufsetzen] +1. Variabel server_name anpassen +2. Playbook ausführen: ansible-playbook odoo-playboook/playbook-nginx.yml -i odoo-playboook/hosts + +Hinweis: HTTPS ist derzeit nur für PROD möglich +Probleme: Automatische Erstellung des Certificate und Private Key wird ausgeführt. Manchmal ist jedoch der Hash unterschiedlich. +Ob die Hashwerte gleich sind kann wie folgt überprüft werden: +sudo openssl x509 -in odoo_prod.crt -noout -modulus | openssl sha256 +sudo openssl rsa -in odoo_prod.key -noout -modulus | openssl sha256 + diff --git a/setup/odoo-playboook/hosts b/setup/odoo-playboook/hosts new file mode 100644 index 00000000..a8b00ee4 --- /dev/null +++ b/setup/odoo-playboook/hosts @@ -0,0 +1,5 @@ +[local] +localhost ansible_connection=local + +[tzaustria] +5.9.67.35:3333 ansible_connection=ssh ansible_user=datenpol \ No newline at end of file diff --git a/setup/odoo-playboook/playbook-nginx.yml b/setup/odoo-playboook/playbook-nginx.yml new file mode 100644 index 00000000..5f7f3015 --- /dev/null +++ b/setup/odoo-playboook/playbook-nginx.yml @@ -0,0 +1,34 @@ +--- +# This playbook deploys the nginx as reverse prox. + +- name: Nginx for Odoo + hosts: tzaustria + become: yes + # deactivate gather_facts when python is not installed on server + # gather_facts: false + # pre_tasks: + # - raw: which python || apt-get update + # - raw: (which python && which aptitude) || apt-get install -y python python-apt aptitude + # - setup: # aka gather_facts + vars_prompt: + - name: "activate_https" + prompt: "HTTPS aktivieren (y/n)?" + roles: + - role: nginx + server_name: erp.tzaustria.info + nginx_http_params: + - sendfile on + - access_log /var/log/nginx/access.log + nginx_sites: + odoo_test: + server_name: "{{ server_name }}" + template: odoo_test.conf.j2 + nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + + - role: ssl-cert + ssl_certs_privkey_path: '/etc/nginx/ssl/odoo_test.key' + ssl_certs_cert_path: '/etc/nginx/ssl/odoo_test.crt' + when: activate_https == 'y' \ No newline at end of file diff --git a/setup/odoo-playboook/playbook-prod.yml b/setup/odoo-playboook/playbook-prod.yml new file mode 100644 index 00000000..ccf45aea --- /dev/null +++ b/setup/odoo-playboook/playbook-prod.yml @@ -0,0 +1,36 @@ +--- +# This playbook deploys the whole application stack in this site. + +- name: Odoo Prod + hosts: tzaustria + become: yes + # deactivate gather_facts when python is not installed on server + # gather_facts: false + # pre_tasks: + # - raw: which python || apt-get update + # - raw: (which python && which aptitude) || apt-get install -y python python-apt aptitude + # - setup: # aka gather_facts + roles: + - role: odoo + odoo_repo_rev: master + odoo_user: odoo-prod + odoo_service: odoo-prod + odoo_version: 11.0 + odoo_config_http_port: 8069 + odoo_config_admin_passwd: ainbeyos + odoo_config_db_passwd: aroneyna + odoo_general_user_passwd: elewcaph + odoo_instance: "prod" + odoo_config_dbfilter: "^{{ odoo_instance }}_.*" + # remove the following paramters to install odoo from github + odoo_repo_url: "ssh://git@gitlab.datenpol.at:122/odoo/tz-austria.git" + odoo_config_addons_path: + - "/data/{{ odoo_user }}/odoo/ext/odoo/odoo/addons" + - "/data/{{ odoo_user }}/odoo/ext/odoo/addons" + - "/data/{{ odoo_user }}/odoo/ext/custom-addons" + - "/data/{{ odoo_user }}/odoo/ext/3rd-party-addons" + odoo_workdir: "/data/{{ odoo_user }}/odoo" + odoo_rootdir: "/data/{{ odoo_user }}/odoo" + odoo_coredir: "/data/{{ odoo_user }}/odoo/ext/odoo" + odoo_config_file: "/data/{{ odoo_user }}/{{ odoo_service }}.conf" + odoo_config_data_dir: "/data/{{ odoo_user }}/.local/share/Odoo" \ No newline at end of file diff --git a/setup/odoo-playboook/playbook-test.retry b/setup/odoo-playboook/playbook-test.retry new file mode 100644 index 00000000..968951b8 --- /dev/null +++ b/setup/odoo-playboook/playbook-test.retry @@ -0,0 +1 @@ +5.9.67.35 diff --git a/setup/odoo-playboook/playbook-test.yml b/setup/odoo-playboook/playbook-test.yml new file mode 100644 index 00000000..0bbc3368 --- /dev/null +++ b/setup/odoo-playboook/playbook-test.yml @@ -0,0 +1,39 @@ +--- +# This playbook deploys the whole application stack in this site. + +- name: Odoo Test + hosts: tzaustria + become: yes + # gather_facts: false + # pre_tasks: + # - raw: which python || apt-get update + # - raw: (which python && which aptitude) || apt-get install -y python python-apt aptitude + # - setup: # aka gather_facts + + roles: + # odoo installation + - role: odoo + odoo_repo_rev: develop + odoo_user: odoo-test + odoo_service: odoo-test + odoo_version: 11.0 + odoo_config_http_port: 8070 + odoo_config_longpolling_port: 8073 + odoo_config_admin_passwd: optangat + odoo_config_db_passwd: ightgate + odoo_general_user_passwd: elewcaph + odoo_config_log_level: debug + odoo_instance: "test" + odoo_config_dbfilter: "^{{ odoo_instance }}_.*" + # remove the following paramters to install odoo from github + odoo_repo_url: "ssh://git@gitlab.datenpol.at:122/odoo/tz-austria.git" + odoo_config_addons_path: + - "/data/{{ odoo_user }}/odoo/ext/odoo/odoo/addons" + - "/data/{{ odoo_user }}/odoo/ext/odoo/addons" + - "/data/{{ odoo_user }}/odoo/ext/custom-addons" + - "/data/{{ odoo_user }}/odoo/ext/3rd-party-addons" + odoo_workdir: "/data/{{ odoo_user }}/odoo" + odoo_rootdir: "/data/{{ odoo_user }}/odoo" + odoo_coredir: "/data/{{ odoo_user }}/odoo/ext/odoo" + odoo_config_file: "/data/{{ odoo_user }}/{{ odoo_service }}.conf" + odoo_config_data_dir: "/data/{{ odoo_user }}/.local/share/Odoo" diff --git a/setup/odoo-playboook/roles/nginx/.travis.yml b/setup/odoo-playboook/roles/nginx/.travis.yml new file mode 100644 index 00000000..951c9bc3 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/.travis.yml @@ -0,0 +1,37 @@ +--- +language: python +python: "2.7" +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq python-apt python-pycurl +install: + - pip install ansible ansible-lint + - ansible --version +script: + - ansible-lint tasks/main.yml + - echo localhost > inventory + - ansible-playbook -i inventory --syntax-check --list-tasks test/test.yml -e "role_name=ansible-role-nginx" -e "hosts_group=hosts_group" + - ansible-playbook -i inventory --connection=local --sudo -vvvv test/test.yml -u root -e "role_name=ansible-role-nginx" -e "hosts_group=localhost" + - > + ansible-playbook -i inventory --connection=local --sudo -vvvv test/test.yml -u root -e "role_name=ansible-role-nginx" -e "hosts_group=localhost" + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + - cat /etc/nginx/nginx.conf + - cat /etc/nginx/sites-enabled/default.conf + - cat /etc/nginx/sites-enabled/foo.conf + - cat /etc/nginx/sites-enabled/bar.conf + - cat /etc/nginx/sites-enabled/custom_bar.conf + - grep 'server_name bar.example.com;' /etc/nginx/sites-enabled/custom_bar.conf + - cat /etc/nginx/conf.d/proxy.conf + - cat /etc/nginx/conf.d/upstream.conf + - cat /etc/nginx/conf.d/geo.conf + - cat /etc/nginx/conf.d/gzip.conf + - cat /etc/nginx/snippets/error_pages.conf + - sudo cat /etc/nginx/auth_basic/demo + - sudo nginx -t +after_script: + - ls -l /etc/nginx + - ls -l /etc/nginx/* +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/setup/odoo-playboook/roles/nginx/.yamllint b/setup/odoo-playboook/roles/nginx/.yamllint new file mode 100644 index 00000000..a6cff5d2 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/.yamllint @@ -0,0 +1,49 @@ +--- + +extends: default + +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + level: warning + require-starting-space: false + min-spaces-from-content: 2 + comments-indentation: disable + document-end: disable + document-start: disable + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: true + check-multi-line-strings: false + key-duplicates: enable + line-length: + max: 250 + allow-non-breakable-words: true + allow-non-breakable-inline-mappings: false + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: disable diff --git a/setup/odoo-playboook/roles/nginx/README.md b/setup/odoo-playboook/roles/nginx/README.md new file mode 100644 index 00000000..ebe8b1cb --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/README.md @@ -0,0 +1,367 @@ +nginx +===== + +This role installs and configures the nginx web server. The user can specify +any http configuration parameters they wish to apply their site. Any number of +sites can be added with configurations of your choice. + +[![Build Status](https://travis-ci.org/jdauphant/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/jdauphant/ansible-role-nginx) +[![Ansible Galaxy](https://img.shields.io/ansible/role/466.svg)](https://galaxy.ansible.com/jdauphant/nginx/) + +Requirements +------------ + +This role requires Ansible 2.0 or higher and platform requirements are listed +in the metadata file. (Some older version of the role support Ansible 1.4) +For FreeBSD a working pkgng setup is required (see: https://www.freebsd.org/doc/handbook/pkgng-intro.html ) + +Install +------- + +```sh +ansible-galaxy install jdauphant.nginx +``` + +Role Variables +-------------- + +The variables that can be passed to this role and a brief description about +them are as follows. (For all variables, take a look at [defaults/main.yml](defaults/main.yml)) + +```yaml +# The user to run nginx +nginx_user: "www-data" + +# A list of directives for the events section. +nginx_events_params: + - worker_connections 512 + - debug_connection 127.0.0.1 + - use epoll + - multi_accept on + +# A list of hashes that define the servers for nginx, +# as with http parameters. Any valid server parameters +# can be defined here. +nginx_sites: + default: + - listen 80 + - server_name _ + - root "/usr/share/nginx/html" + - index index.html + foo: + - listen 8080 + - server_name localhost + - root "/tmp/site1" + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + bar: + - listen 9090 + - server_name ansible + - root "/tmp/site2" + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { + try_files $uri $uri/ /index.html; + allow 127.0.0.1; + deny all; + } + +# A list of hashes that define additional configuration +nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + upstream: + - upstream foo { server 127.0.0.1:8080 weight=10; } + geo: + - geo $local { + default 0; + 127.0.0.1 1; + } + gzip: + - gzip on + - gzip_disable msie6 + +# A list of hashes that define configuration snippets +nginx_snippets: + error_pages: + - error_page 500 /http_errors/500.html + - error_page 502 /http_errors/502.html + - error_page 503 /http_errors/503.html + - error_page 504 /http_errors/504.html + +# A list of hashes that define user/password files +nginx_auth_basic_files: + demo: + - foo:$apr1$mEJqnFmy$zioG2q1iDWvRxbHuNepIh0 # foo:demo , generated by : htpasswd -nb foo demo + - bar:$apr1$H2GihkSo$PwBeV8cVWFFQlnAJtvVCQ. # bar:demo , generated by : htpasswd -nb bar demo + +``` + +Examples +======== + +## 1) Install nginx with HTTP directives of choice, but with no sites configured and no additional configuration: + +```yaml +- hosts: all + roles: + - {role: nginx, + nginx_http_params: ["sendfile on", "access_log /var/log/nginx/access.log"] + } +``` + +## 2) Install nginx with different HTTP directives than in the previous example, but no +sites configured and no additional configuration. + +```yaml +- hosts: all + roles: + - {role: nginx, + nginx_http_params: ["tcp_nodelay on", "error_log /var/log/nginx/error.log"]} +``` + +Note: Please make sure the HTTP directives passed are valid, as this role +won't check for the validity of the directives. See the nginx documentation +for details. + +## 3) Install nginx and add a site to the configuration. + +```yaml +- hosts: all + + roles: + - role: nginx + nginx_http_params: + - sendfile "on" + - access_log "/var/log/nginx/access.log" + nginx_sites: + bar: + - listen 8080 + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for +``` + +## 4) Install nginx and add extra variables to default config + +```yaml +-hosts: all + vars: + - my_extra_params: + - client_max_body_size 200M +# retain defaults and add additional `client_max_body_size` param + roles: + - role: jdauphant.nginx + nginx_http_params: "{{ nginx_http_default_params + my_extra_params }}" +``` + +Note: Each site added is represented by a list of hashes, and the configurations +generated are populated in /etc/nginx/site-available/ and linked from /etc/nginx/site-enable/ to /etc/nginx/site-available. + +The file name for the specific site configuration is specified in the hash +with the key "file_name", any valid server directives can be added to the hash. +Additional configurations are created in /etc/nginx/conf.d/ + +## 5) Install Nginx, add 2 sites (different method) and add additional configuration + +```yaml +--- +- hosts: all + roles: + - role: nginx + nginx_http_params: + - sendfile on + - access_log /var/log/nginx/access.log + nginx_sites: + foo: + - listen 8080 + - server_name localhost + - root /tmp/site1 + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + bar: + - listen 9090 + - server_name ansible + - root /tmp/site2 + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for +``` + +## 6) Install Nginx, add 2 sites, add additional configuration and an upstream configuration block + +```yaml +--- +- hosts: all + roles: + - role: nginx + nginx_error_log_level: info + nginx_http_params: + - sendfile on + - access_log /var/log/nginx/access.log + nginx_sites: + foo: + - listen 8080 + - server_name localhost + - root /tmp/site1 + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + bar: + - listen 9090 + - server_name ansible + - root /tmp/site2 + - if ( $host = example.com ) { rewrite ^(.*)$ http://www.example.com$1 permanent; } + - location / { + try_files $uri $uri/ /index.html; + auth_basic "Restricted"; + auth_basic_user_file auth_basic/demo; + } + - location /images/ { try_files $uri $uri/ /index.html; } + nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + upstream: + # Results in: + # upstream foo_backend { + # server 127.0.0.1:8080 weight=10; + # } + - upstream foo_backend { server 127.0.0.1:8080 weight=10; } + nginx_auth_basic_files: + demo: + - foo:$apr1$mEJqnFmy$zioG2q1iDWvRxbHuNepIh0 # foo:demo , generated by : htpasswd -nb foo demo + - bar:$apr1$H2GihkSo$PwBeV8cVWFFQlnAJtvVCQ. # bar:demo , generated by : htpasswd -nb bar demo +``` + +## 7) Install Nginx, add a site and use special yaml syntax to make the location blocks multiline for clarity + +```yaml +--- +- hosts: all + roles: + - role: nginx + nginx_http_params: + - sendfile on + - access_log /var/log/nginx/access.log + nginx_sites: + foo: + - listen 443 ssl + - server_name foo.example.com + - set $myhost foo.example.com + - | + location / { + proxy_set_header Host foo.example.com; + } + - | + location ~ /v2/users/.+?/organizations { + if ($request_method = PUT) { + set $myhost bar.example.com; + } + if ($request_method = DELETE) { + set $myhost bar.example.com; + } + proxy_set_header Host $myhost; + } +``` +## 8) Example to use this role with my ssl-certs role to generate or copie ssl certificate ( https://galaxy.ansible.com/list#/roles/3115 ) +```yaml + - hosts: all + roles: + - jdauphant.ssl-certs + - role: jdauphant.nginx + nginx_configs: + ssl: + - ssl_certificate_key {{ssl_certs_privkey_path}} + - ssl_certificate {{ssl_certs_cert_path}} + nginx_sites: + default: + - listen 443 ssl + - server_name _ + - root "/usr/share/nginx/html" + - index index.html +``` +## 9) Site configuration using a custom template. +Instead of defining a site config file using a list of attributes, +you may use a hash/dictionary that includes the filename of an alternate template. +Additional values are accessible within the template via the `item.value` variable. +```yaml +- hosts: all + + roles: + - role: nginx + nginx_sites: + custom_bar: + template: custom_bar.conf.j2 + server_name: custom_bar.example.com +``` +Custom template: custom_bar.conf.j2: +```handlebars +# {{ ansible_managed }} +upstream backend { + server 10.0.0.101; +} +server { + server_name {{ item.value.server_name }}; + location / { + proxy_pass http://backend; + } +} +``` +Using a custom template allows for unlimited flexibility in configuring the site config file. +This example demonstrates the common practice of configuring a site server block +in the same file as its complementary upstream block. +If you use this option: +* _The hash **must** include a `template:` value, or the configuration task will fail._ +* _This role cannot check tha validity of your custom template. +If you use this method, the conf file formatting provided by this role is unavailable, +and it is up to you to provide a template with valid content and formatting for NGINX._ + +## 10) Install Nginx, add 2 sites, use snippets to configure access controls +```yaml +--- +- hosts: all + roles: + - role: nginx + nginx_http_params: + - sendfile on + - access_log /var/log/nginx/access.log + nginx_snippets: + accesslist_devel: + - allow 192.168.0.0/24 + - deny all + nginx_sites: + foo: + - listen 8080 + - server_name localhost + - root /tmp/site1 + - include snippets/accesslist_devel.conf + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + bar: + - listen 9090 + - server_name ansible + - root /tmp/site2 + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } +``` + +Dependencies +------------ + +None + +License +------- +BSD + +Author Information +------------------ + +- Original : Benno Joy +- Modified by : DAUPHANT Julien diff --git a/setup/odoo-playboook/roles/nginx/Vagrantfile b/setup/odoo-playboook/roles/nginx/Vagrantfile new file mode 100644 index 00000000..35562e21 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/Vagrantfile @@ -0,0 +1,19 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + # Every Vagrant virtual environment requires a box to build off of. + config.vm.box = "ubuntu/trusty64" + + config.vm.provision :ansible do |ansible| + ansible.playbook = "test.yml" + ansible.sudo = true + end +end diff --git a/setup/odoo-playboook/roles/nginx/ansible.cfg b/setup/odoo-playboook/roles/nginx/ansible.cfg new file mode 100644 index 00000000..613d83b1 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ../ diff --git a/setup/odoo-playboook/roles/nginx/defaults/main.yml b/setup/odoo-playboook/roles/nginx/defaults/main.yml new file mode 100644 index 00000000..835dbe79 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/defaults/main.yml @@ -0,0 +1,61 @@ +--- +nginx_pkgs: + - nginx + +nginx_install_epel_repo: True + +nginx_official_repo: False +nginx_official_repo_mainline: False + +keep_only_specified: False + +nginx_installation_type: "packages" +nginx_binary_name: "nginx" +nginx_service_name: "{{nginx_binary_name}}" +nginx_conf_dir: /etc/nginx # For this variable, a specific value for the OS can be apply in vars/{{ ansible_os_family }}.yml +nginx_ssl_dir: /etc/nginx/ssl +nginx_default_site_template: "site.conf.j2" + +nginx_user: nginx # For this variable, a specific value for the OS can be apply in vars/{{ ansible_os_family }}. +nginx_group: "{{nginx_user}}" + +nginx_pid_file: '/var/run/{{nginx_service_name}}.pid' + +nginx_worker_processes: "{% if ansible_processor_vcpus is defined %}{{ ansible_processor_vcpus }}{% else %}auto{% endif %}" +nginx_worker_rlimit_nofile: 1024 +nginx_log_dir: "/var/log/nginx" +nginx_log_user: "{% if ansible_os_family == 'Debian' %}root{% else %}{{nginx_user}}{% endif %}" +nginx_log_group: "{% if ansible_os_family == 'Debian' %}adm{% else %}{{nginx_group}}{% endif %}" +nginx_error_log_level: "error" + +nginx_conf_user: root +nginx_conf_group: root + +nginx_extra_root_params: [] +nginx_events_params: + - worker_connections {% if nginx_max_clients is defined %}{{nginx_max_clients}}{% else %}512{% endif %} + +nginx_http_params: "{{ nginx_http_default_params }}" + +nginx_stream_params: [] + +nginx_sites_default_root: /usr/share/nginx/html # For this variable, a specific value for the OS can be apply in vars/{{ ansible_os_family }}. + +nginx_sites: + default: + - listen 80 default_server + - server_name _ + - root "{{ nginx_sites_default_root }}" + - index index.html +nginx_remove_sites: [] + +nginx_configs: {} +nginx_snippets: {} +nginx_stream_configs: {} +nginx_remove_configs: [] +nginx_remove_snippets: [] + +nginx_auth_basic_files: {} +nginx_remove_auth_basic_files: [] + +nginx_daemon_mode: "on" diff --git a/setup/odoo-playboook/roles/nginx/handlers/main.yml b/setup/odoo-playboook/roles/nginx/handlers/main.yml new file mode 100644 index 00000000..af8aa2be --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/handlers/main.yml @@ -0,0 +1,30 @@ +--- + +- name: restart nginx + debug: msg="checking config first" + changed_when: True + notify: + - check nginx configuration + - restart nginx - after config check + +- name: reload nginx + debug: msg="checking config first" + changed_when: True + notify: + - check nginx configuration + - reload nginx - after config check + +- name: check nginx configuration + command: "{{ nginx_binary_name }} -t" + register: result + changed_when: "result.rc != 0" + check_mode: no + when: nginx_installation_type in nginx_installation_types_using_service + +- name: restart nginx - after config check + service: name={{ nginx_service_name }} state=restarted + when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on" + +- name: reload nginx - after config check + service: name={{ nginx_service_name }} state=reloaded + when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on" diff --git a/setup/odoo-playboook/roles/nginx/meta/main.yml b/setup/odoo-playboook/roles/nginx/meta/main.yml new file mode 100644 index 00000000..8718e8db --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/meta/main.yml @@ -0,0 +1,34 @@ +--- +galaxy_info: + author: "DAUPHANT Julien" + license: BSD + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all + - name: FreeBSD + versions: + - 10.0 + - 10.1 + - 10.2 + - 10.3 + - 11.0 + - 11.1 + - name: SmartOS + galaxy_tags: + - web +allow_duplicates: yes +dependencies: [] diff --git a/setup/odoo-playboook/roles/nginx/tasks/configuration.yml b/setup/odoo-playboook/roles/nginx/tasks/configuration.yml new file mode 100644 index 00000000..f31c5076 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/configuration.yml @@ -0,0 +1,58 @@ +--- +- name: Copy the nginx configuration file + template: + src: nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/nginx.conf" + notify: + - restart nginx + +- name: Ensure auth_basic files created + template: + src: auth_basic.j2 + dest: "{{ nginx_conf_dir }}/auth_basic/{{ item.key }}" + mode: 0750 + with_dict: "{{ nginx_auth_basic_files }}" + +- name: Create the configurations for sites + template: + src: "{{ item.value.template | default(nginx_default_site_template) }}" + dest: "{{ nginx_conf_dir }}/sites-available/{{ item.key }}.conf" + with_dict: "{{ nginx_sites }}" + when: item.key not in nginx_remove_sites + notify: + - reload nginx + +- name: Create links for sites-enabled + file: + state: link + src: "{{ nginx_conf_dir }}/sites-available/{{ item.key }}.conf" + dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.key }}.conf" + with_dict: "{{ nginx_sites }}" + when: item.key not in nginx_remove_sites + notify: + - reload nginx + +- name: Create the configurations for independent config file + template: + src: config.conf.j2 + dest: "{{ nginx_conf_dir }}/conf.d/{{ item.key }}.conf" + with_dict: "{{ nginx_configs }}" + notify: + - reload nginx + +- name: Create configuration snippets + template: + src: config.conf.j2 + dest: "{{ nginx_conf_dir }}/snippets/{{ item.key }}.conf" + with_dict: "{{ nginx_snippets }}" + notify: + - reload nginx + +- name: Create the configurations for independent config file for streams + template: + src: "{{ item.value.template | default('config_stream.conf.j2') }}" + dest: "{{ nginx_conf_dir }}/conf.d/stream/{{ item.key }}.conf" + with_dict: "{{ nginx_stream_configs }}" + notify: + - reload nginx + when: nginx_stream_params or nginx_stream_configs diff --git a/setup/odoo-playboook/roles/nginx/tasks/ensure-dirs.yml b/setup/odoo-playboook/roles/nginx/tasks/ensure-dirs.yml new file mode 100644 index 00000000..fac65cd8 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/ensure-dirs.yml @@ -0,0 +1,33 @@ +--- +- name: Create the directories for site specific configurations + file: + path: "{{nginx_conf_dir}}/{{ item }}" + state: directory + owner: "{{ nginx_conf_user }}" + group: "{{ nginx_conf_group }}" + mode: 0755 + with_items: + - "sites-available" + - "sites-enabled" + - "auth_basic" + - "conf.d" + - "conf.d/stream" + - "snippets" + - "modules-available" + - "modules-enabled" + +- name: Ensure log directory exist + file: + path: "{{ nginx_log_dir }}" + state: directory + owner: "{{nginx_log_user}}" + group: "{{nginx_log_group}}" + mode: 0755 + +- name: Ensure ssh directory exist + file: + path: "{{ nginx_ssl_dir }}" + state: directory + owner: "www-data" + group: "www-data" + mode: 0755 diff --git a/setup/odoo-playboook/roles/nginx/tasks/installation.packages.yml b/setup/odoo-playboook/roles/nginx/tasks/installation.packages.yml new file mode 100644 index 00000000..73367388 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/installation.packages.yml @@ -0,0 +1,15 @@ +--- +- name: Install the epel packages for EL distributions + package: name=epel-release state=present + when: nginx_is_el|bool and nginx_install_epel_repo|bool + +- name: Install the nginx packages from official repo for EL distributions + yum: name={{ item }} state=present enablerepo="nginx" + with_items: "{{ nginx_pkgs }}" + when: nginx_is_el|bool and nginx_official_repo + +- name: Install the nginx packages for all other distributions + package: name={{ item }} state=present + with_items: "{{ nginx_pkgs }}" + environment: "{{ nginx_env }}" + when: not nginx_is_el|bool or not nginx_official_repo diff --git a/setup/odoo-playboook/roles/nginx/tasks/main.yml b/setup/odoo-playboook/roles/nginx/tasks/main.yml new file mode 100644 index 00000000..849c911d --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/main.yml @@ -0,0 +1,41 @@ +--- + +- include_vars: "{{ item }}" + with_first_found: + - "../vars/{{ ansible_os_family }}.yml" + - "../vars/empty.yml" + tags: [always] + +- include: selinux.yml + when: ansible_selinux and ansible_selinux.status == "enabled" + tags: [packages, selinux, nginx] + +- include: nginx-official-repo.yml + when: nginx_official_repo == True + tags: [packages, nginx] + +- include: installation.packages.yml + when: nginx_installation_type == "packages" + tags: [packages, nginx] + +- include: ensure-dirs.yml + tags: [configuration, nginx] + +- include: remove-defaults.yml + when: not keep_only_specified + tags: [configuration, nginx] + +- include: remove-extras.yml + when: keep_only_specified + tags: [configuration, nginx] + +- include: remove-unwanted.yml + tags: [configuration, nginx] + +- include: configuration.yml + tags: [configuration, nginx, test] + +- name: Start the nginx service + service: name={{ nginx_service_name }} state=started enabled=yes + when: nginx_installation_type in nginx_installation_types_using_service and nginx_daemon_mode == "on" + tags: [service, nginx] diff --git a/setup/odoo-playboook/roles/nginx/tasks/nginx-official-repo.yml b/setup/odoo-playboook/roles/nginx/tasks/nginx-official-repo.yml new file mode 100644 index 00000000..8876c77b --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/nginx-official-repo.yml @@ -0,0 +1,34 @@ +--- +- name: Ensure APT official nginx key + apt_key: url=http://nginx.org/keys/nginx_signing.key + environment: "{{ nginx_env }}" + when: ansible_os_family == 'Debian' + +- name: Ensure APT official nginx repository + apt_repository: repo="deb http://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx" + environment: "{{ nginx_env }}" + when: ansible_os_family == 'Debian' and not nginx_official_repo_mainline + +- name: Ensure APT official nginx repository (mainline) + apt_repository: repo="deb http://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx" + environment: "{{ nginx_env }}" + when: ansible_os_family == 'Debian' and nginx_official_repo_mainline + +- name: Ensure RPM official nginx key + rpm_key: key=http://nginx.org/keys/nginx_signing.key + environment: "{{ nginx_env }}" + when: ansible_os_family == 'RedHat' + +- name: Ensure YUM official nginx repository + template: src=nginx.repo.j2 dest=/etc/yum.repos.d/nginx.repo + when: ansible_os_family == 'RedHat' + +- name: Ensure zypper official nginx repository + zypper_repository: repo="http://nginx.org/packages/sles/12" name="nginx" disable_gpg_check=yes + environment: "{{ nginx_env }}" + when: ansible_distribution == 'SLES' and ansible_distribution_version == '12' and not nginx_official_repo_mainline + +- name: Ensure zypper official nginx repository (mainline) + zypper_repository: repo="http://nginx.org/packages/mainline/sles/12" name="nginx" disable_gpg_check=yes + environment: "{{ nginx_env }}" + when: ansible_distribution == 'SLES' and ansible_distribution_version == '12' and nginx_official_repo_mainline diff --git a/setup/odoo-playboook/roles/nginx/tasks/remove-defaults.yml b/setup/odoo-playboook/roles/nginx/tasks/remove-defaults.yml new file mode 100644 index 00000000..860e2c4a --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/remove-defaults.yml @@ -0,0 +1,16 @@ +--- +- name: Disable the default site + file: + path: "{{nginx_conf_dir}}/sites-enabled/default" + state: absent + notify: + - reload nginx + +- name: Remove the default configuration + file: + path: "{{nginx_conf_dir}}/conf.d/default.conf" + state: absent + when: > + 'default' not in nginx_configs.keys() + notify: + - reload nginx diff --git a/setup/odoo-playboook/roles/nginx/tasks/remove-extras.yml b/setup/odoo-playboook/roles/nginx/tasks/remove-extras.yml new file mode 100644 index 00000000..f971111d --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/remove-extras.yml @@ -0,0 +1,30 @@ +--- +- name: Find enabled sites + shell: ls -1 {{nginx_conf_dir}}/sites-enabled || true + register: enabled_sites + changed_when: False + +- name: Disable unmanaged sites + file: + path: "{{nginx_conf_dir}}/sites-enabled/{{ item }}" + state: absent + with_items: "{{ enabled_sites.stdout_lines | default([]) }}" + # 'item.conf' => 'item' + when: item[:-5] not in nginx_sites.keys() + notify: + - reload nginx + +- name: Find config files + shell: find {{nginx_conf_dir}}/conf.d -maxdepth 1 -type f -name '*.conf' -exec basename {} \; + register: config_files + changed_when: False + +- name: Remove unmanaged config files + file: + name: "{{nginx_conf_dir}}/conf.d/{{ item }}" + state: absent + with_items: "{{ config_files.stdout_lines | default([]) }}" + # 'item.conf' => 'item' + when: item[:-5] not in nginx_configs.keys() + notify: + - reload nginx diff --git a/setup/odoo-playboook/roles/nginx/tasks/remove-unwanted.yml b/setup/odoo-playboook/roles/nginx/tasks/remove-unwanted.yml new file mode 100644 index 00000000..75003a02 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/remove-unwanted.yml @@ -0,0 +1,34 @@ +--- +- name: Remove unwanted sites + file: + path: "{{nginx_conf_dir}}/{{ item[0] }}/{{ item[1] }}.conf" + state: absent + with_nested: + - ['sites-enabled', 'sites-available'] + - "{{ nginx_remove_sites }}" + notify: + - reload nginx + +- name: Remove unwanted conf + file: + path: "{{nginx_conf_dir}}/conf.d/{{ item[1] }}.conf" + state: absent + with_items: "{{ nginx_remove_configs }}" + notify: + - reload nginx + +- name: Remove unwanted snippets + file: + path: "{{ nginx_conf_dir }}/snippets/{{ item[1] }}.conf" + state: absent + with_items: "{{ nginx_remove_snippets }}" + notify: + - reload nginx + +- name: Remove unwanted auth_basic_files + file: + path: "{{nginx_conf_dir}}/auth_basic/{{ item }}" + state: absent + with_items: "{{ nginx_remove_auth_basic_files }}" + notify: + - reload nginx diff --git a/setup/odoo-playboook/roles/nginx/tasks/selinux.yml b/setup/odoo-playboook/roles/nginx/tasks/selinux.yml new file mode 100644 index 00000000..7f385d7b --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/tasks/selinux.yml @@ -0,0 +1,17 @@ +--- +- name: Install the selinux python module + package: name={{ item }} state=present + with_items: + - libselinux-python + - libsemanage-python + when: ansible_os_family == "RedHat" + +- name: Install the selinux python module + package: name={{ item }} state=present + with_items: + - python-selinux + - python-semanage + when: ansible_os_family == "Debian" + +- name: Set SELinux boolean to allow nginx to set rlimit + seboolean: name=httpd_setrlimit state=yes persistent=yes diff --git a/setup/odoo-playboook/roles/nginx/templates/auth_basic.j2 b/setup/odoo-playboook/roles/nginx/templates/auth_basic.j2 new file mode 100644 index 00000000..91211746 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/auth_basic.j2 @@ -0,0 +1,5 @@ +#{{ ansible_managed }} + +{% for v in item.value %} +{{ v }} +{% endfor %} diff --git a/setup/odoo-playboook/roles/nginx/templates/config.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/config.conf.j2 new file mode 100644 index 00000000..bcf36419 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/config.conf.j2 @@ -0,0 +1,9 @@ +#{{ ansible_managed }} + +{% for v in item.value %} +{% if v.find('\n') != -1 %} +{{v}} +{% else %} +{% if v != "" %}{{ v.replace(";",";\n ").replace(" {"," {\n ").replace(" }"," \n}\n") }}{% if v.find('{') == -1%}; +{% endif %}{% endif %}{% endif %} +{% endfor %} diff --git a/setup/odoo-playboook/roles/nginx/templates/config_stream.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/config_stream.conf.j2 new file mode 100644 index 00000000..bcf36419 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/config_stream.conf.j2 @@ -0,0 +1,9 @@ +#{{ ansible_managed }} + +{% for v in item.value %} +{% if v.find('\n') != -1 %} +{{v}} +{% else %} +{% if v != "" %}{{ v.replace(";",";\n ").replace(" {"," {\n ").replace(" }"," \n}\n") }}{% if v.find('{') == -1%}; +{% endif %}{% endif %}{% endif %} +{% endfor %} diff --git a/setup/odoo-playboook/roles/nginx/templates/nginx.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/nginx.conf.j2 new file mode 100644 index 00000000..368f8404 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/nginx.conf.j2 @@ -0,0 +1,52 @@ +#{{ ansible_managed }} +user {{ nginx_user }} {{ nginx_group }}; + +worker_processes {{ nginx_worker_processes }}; + +{% if nginx_pid_file %} +pid {{ nginx_pid_file }}; +{% endif %} + +worker_rlimit_nofile {{ nginx_worker_rlimit_nofile }}; + +include {{ nginx_conf_dir }}/modules-enabled/*.conf; + +{% if nginx_extra_root_params is defined and nginx_extra_root_params is iterable %} +{% for line in nginx_extra_root_params %} +{{ line }}; +{% endfor %} +{% endif %} + +events { +{% for v in nginx_events_params %} + {{ v }}; +{% endfor %} +} + + +http { + + include {{ nginx_conf_dir }}/mime.types; + default_type application/octet-stream; +{% for v in nginx_http_params %} + {{ v }}; +{% endfor %} + + include {{ nginx_conf_dir }}/conf.d/*.conf; + include {{ nginx_conf_dir }}/sites-enabled/*; +} + +{% if nginx_stream_params or nginx_stream_configs %} +stream { + +{% for v in nginx_stream_params %} + {{ v }}; +{% endfor %} + + include {{ nginx_conf_dir }}/conf.d/stream/*.conf; +} +{% endif %} + +{% if nginx_daemon_mode == "off" %} +daemon off; +{% endif %} diff --git a/setup/odoo-playboook/roles/nginx/templates/nginx.repo.j2 b/setup/odoo-playboook/roles/nginx/templates/nginx.repo.j2 new file mode 100644 index 00000000..ff02a4be --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/nginx.repo.j2 @@ -0,0 +1,8 @@ +[nginx] +name=nginx repo +{% if nginx_official_repo_mainline %} +baseurl=http://nginx.org/packages/mainline/{{"rhel" if ansible_distribution == "RedHat" else "centos"}}/{{ansible_distribution_version.split('.')[0]}}/{{ansible_architecture}}/ +{% else %} +baseurl=http://nginx.org/packages/{{"rhel" if ansible_distribution == "RedHat" else "centos"}}/{{ansible_distribution_version.split('.')[0]}}/{{ansible_architecture}}/ +{% endif %} +enabled=1 diff --git a/setup/odoo-playboook/roles/nginx/templates/odoo_prod.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/odoo_prod.conf.j2 new file mode 100644 index 00000000..3e16e2ec --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/odoo_prod.conf.j2 @@ -0,0 +1,68 @@ +#Ansible managed + +{% if activate_https == 'y' %} +server { + listen 80; + server_name {{ server_name }}; + # force https + return 301 https://$host$request_uri; +} +{% endif %} + +server { + listen {{ '443 ssl' if activate_https == 'y' else '80' }}; + server_name {{ server_name }}; + + # Specifies the maximum accepted body size of a client request, + # as indicated by the request header Content-Length. + client_max_body_size 200m; + + # log files + access_log /var/log/nginx/odoo-access-prod.log; + error_log /var/log/nginx/odoo-error-prod.log; + + # increase proxy buffer to handle some OpenERP web requests + proxy_buffers 16 64k; + proxy_buffer_size 128k; + + {% if activate_https == 'y' %} + # SSL config + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + ssl_certificate /etc/nginx/ssl/odoo_prod.crt; + ssl_certificate_key /etc/nginx/ssl/odoo_prod.key; + {% endif %} + + location / { + proxy_pass http://127.0.0.1:8069; + # force timeouts if the backend dies + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_read_timeout 300s; + + # set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; + + # Let the Oddoo web service know that we're using HTTPS, otherwise + # it will generate URL using http:// and not https:// + # proxy_set_header X-Forwarded-Proto https; + + # by default, do not forward anything + proxy_redirect off; + } + + # cache some static data in memory for 60mins. + # under heavy load this should relieve stress on the OpenERP web interface a bit. + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling/ { + proxy_pass http://127.0.0.1:8072; + } +} diff --git a/setup/odoo-playboook/roles/nginx/templates/odoo_test.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/odoo_test.conf.j2 new file mode 100644 index 00000000..b8e701c6 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/odoo_test.conf.j2 @@ -0,0 +1,68 @@ +#Ansible managed + +{% if activate_https == 'y' %} +server { + listen 80; + server_name {{ server_name }}; + # force https + return 301 https://$host$request_uri; +} +{% endif %} + +server { + listen {{ '443 ssl' if activate_https == 'y' else '80' }}; + server_name {{ server_name }}; + + # Specifies the maximum accepted body size of a client request, + # as indicated by the request header Content-Length. + client_max_body_size 200m; + + # log files + access_log /var/log/nginx/odoo-access-test.log; + error_log /var/log/nginx/odoo-error-test.log; + + # increase proxy buffer to handle some OpenERP web requests + proxy_buffers 16 64k; + proxy_buffer_size 128k; + + {% if activate_https == 'y' %} + # SSL config + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + ssl_certificate /etc/nginx/ssl/odoo_test.crt; + ssl_certificate_key /etc/nginx/ssl/odoo_test.key; + {% endif %} + + location / { + proxy_pass http://127.0.0.1:8070; + # force timeouts if the backend dies + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_read_timeout 300s; + + # set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; + + # Let the Oddoo web service know that we're using HTTPS, otherwise + # it will generate URL using http:// and not https:// + # proxy_set_header X-Forwarded-Proto https; + + # by default, do not forward anything + proxy_redirect off; + } + + # cache some static data in memory for 60mins. + # under heavy load this should relieve stress on the OpenERP web interface a bit. + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8070; + } + + location /longpolling/ { + proxy_pass http://127.0.0.1:8073; + } +} diff --git a/setup/odoo-playboook/roles/nginx/templates/site.conf.j2 b/setup/odoo-playboook/roles/nginx/templates/site.conf.j2 new file mode 100644 index 00000000..74611d03 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/templates/site.conf.j2 @@ -0,0 +1,11 @@ +#{{ ansible_managed }} + +server { +{% for v in item.value %} +{% if v.find('\n') != -1 %} + {{v.replace("\n","\n ")}} +{% else %} + {% if v != "" %}{{ v.replace(";",";\n ").replace(" {"," {\n ").replace(" }"," \n }\n") }}{% if v.find('{') == -1%}; +{% endif %}{% endif %}{% endif %} +{% endfor %} +} diff --git a/setup/odoo-playboook/roles/nginx/test/custom_bar.conf.j2 b/setup/odoo-playboook/roles/nginx/test/custom_bar.conf.j2 new file mode 100644 index 00000000..d6b05ff7 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/test/custom_bar.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +upstream backend { + server 10.0.0.101; +} +server { + server_name {{ item.value.server_name }}; + location / { + proxy_pass http://backend; + } +} diff --git a/setup/odoo-playboook/roles/nginx/test/example-vars.yml b/setup/odoo-playboook/roles/nginx/test/example-vars.yml new file mode 100644 index 00000000..640a6519 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/test/example-vars.yml @@ -0,0 +1,86 @@ +--- +# The user to run nginx +nginx_user: "www-data" + +nginx_hhvm: | + add_header X-backend hhvm; + try_files $uri $uri/ /index.php?$args; + location ~ \.(hh|php)$ { + try_files $uri =404; + fastcgi_pass unix:/var/run/hhvm/sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# A list of directives for the events section. +nginx_events_params: + - worker_connections 512 + +# A list of hashs that define the servers for nginx, +# as with http parameters. Any valid server parameters +# can be defined here. + +nginx_sites: + default: + - listen 80 + - server_name _ + - root "/usr/share/nginx/html" + - index index.html + foo: + - listen 8080 + - server_name localhost + - root "/tmp/site1" + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { try_files $uri $uri/ /index.html; } + bar: + - listen 9090 + - server_name ansible + - root "/tmp/site2" + - location / { try_files $uri $uri/ /index.html; } + - location /images/ { + try_files $uri $uri/ /index.html; + allow 127.0.0.1; + deny all; + } + - auth_basic "Restricted" + - auth_basic_user_file auth_basic/demo + hhvm_test: + - | + listen 80; + server_name test_hhvm; + root "/tmp/hhvm"; + {{nginx_hhvm}} + custom_bar: + template: custom_bar.conf.j2 + server_name: bar.example.com + +# A list of hashs that define additional configuration +nginx_configs: + proxy: + - proxy_set_header X-Real-IP $remote_addr + - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for + upstream: + - upstream foo { server 127.0.0.1:8080 weight=10; } + geo: + - geo $local { + default 0; + 127.0.0.1 1; + } + gzip: + - gzip on + - gzip_disable msie6 + +# A list of hashes that define configuration snippets +nginx_snippets: + error_pages: + - error_page 500 /http_errors/500.html + - error_page 502 /http_errors/502.html + - error_page 503 /http_errors/503.html + - error_page 504 /http_errors/504.html + +# A list of hashs that define uer/password files +nginx_auth_basic_files: + demo: + - foo:$apr1$mEJqnFmy$zioG2q1iDWvRxbHuNepIh0 # foo:demo , generated by : htpasswd -nb foo demo + - bar:$apr1$H2GihkSo$PwBeV8cVWFFQlnAJtvVCQ. # bar:demo , generated by : htpasswd -nb bar demo diff --git a/setup/odoo-playboook/roles/nginx/test/test.yml b/setup/odoo-playboook/roles/nginx/test/test.yml new file mode 100644 index 00000000..47b15ee7 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/test/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: "{{hosts_group|default('all')}}" + vars_files: + - 'example-vars.yml' + roles: + - "{{role_name|default('nginx')}}" diff --git a/setup/odoo-playboook/roles/nginx/vars/Debian.yml b/setup/odoo-playboook/roles/nginx/vars/Debian.yml new file mode 100644 index 00000000..77369aaf --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/vars/Debian.yml @@ -0,0 +1,2 @@ +--- +nginx_user: www-data diff --git a/setup/odoo-playboook/roles/nginx/vars/FreeBSD.yml b/setup/odoo-playboook/roles/nginx/vars/FreeBSD.yml new file mode 100644 index 00000000..99043eb0 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/vars/FreeBSD.yml @@ -0,0 +1,5 @@ +--- +nginx_conf_dir: /usr/local/etc/nginx +nginx_user: www +nginx_sites_default_root: /usr/local/www/nginx-dist +nginx_conf_group: wheel diff --git a/setup/odoo-playboook/roles/nginx/vars/Solaris.yml b/setup/odoo-playboook/roles/nginx/vars/Solaris.yml new file mode 100644 index 00000000..661f2e96 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/vars/Solaris.yml @@ -0,0 +1,4 @@ +--- +nginx_conf_dir: /opt/local/etc/nginx +nginx_user: www +nginx_sites_default_root: /opt/local/www diff --git a/setup/odoo-playboook/roles/nginx/vars/empty.yml b/setup/odoo-playboook/roles/nginx/vars/empty.yml new file mode 100644 index 00000000..f1aa7b6b --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/vars/empty.yml @@ -0,0 +1,2 @@ +--- +# This file intentionally does not define any variables. diff --git a/setup/odoo-playboook/roles/nginx/vars/main.yml b/setup/odoo-playboook/roles/nginx/vars/main.yml new file mode 100644 index 00000000..ee088a62 --- /dev/null +++ b/setup/odoo-playboook/roles/nginx/vars/main.yml @@ -0,0 +1,16 @@ +--- +nginx_env: + RUNLEVEL: 1 + +nginx_installation_types_using_service: ["packages", "configuration-only"] + +nginx_is_el: "{{ ansible_distribution in ['RedHat', 'CentOS'] }}" + +nginx_http_default_params: + - sendfile on + - tcp_nopush on + - tcp_nodelay on + - server_tokens off + - access_log "{{nginx_log_dir}}/access.log" + - error_log "{{nginx_log_dir}}/error.log" {{nginx_error_log_level}} + diff --git a/setup/odoo-playboook/roles/odoo/.travis.yml b/setup/odoo-playboook/roles/odoo/.travis.yml new file mode 100644 index 00000000..dc91fd48 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/.travis.yml @@ -0,0 +1,60 @@ +--- +sudo: required +dist: trusty + +env: + # Debian 8 (jessie) + # Odoo 8.0 + - IMAGE="images:debian/jessie" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/jessie" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 9.0 + - IMAGE="images:debian/jessie" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/jessie" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 10.0 + - IMAGE="images:debian/jessie" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/jessie" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Debian 9 (stretch) + # Odoo 8.0 + - IMAGE="images:debian/stretch" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/stretch" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 9.0 + - IMAGE="images:debian/stretch" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/stretch" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 10.0 + - IMAGE="images:debian/stretch" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/stretch" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 11.0 + - IMAGE="images:debian/stretch" ODOO_VERSION=11.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="images:debian/stretch" ODOO_VERSION=11.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Ubuntu 14.04 (trusty) + # Odoo 8.0 + - IMAGE="ubuntu:trusty" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:trusty" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 9.0 + - IMAGE="ubuntu:trusty" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:trusty" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 10.0 + - IMAGE="ubuntu:trusty" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:trusty" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Ubuntu 16.04 (xenial) + # Odoo 8.0 + - IMAGE="ubuntu:xenial" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:xenial" ODOO_VERSION=8.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 9.0 + - IMAGE="ubuntu:xenial" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:xenial" ODOO_VERSION=9.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 10.0 + - IMAGE="ubuntu:xenial" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:xenial" ODOO_VERSION=10.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + # Odoo 11.0 + - IMAGE="ubuntu:xenial" ODOO_VERSION=11.0 ODOO_INSTALL_TYPE=standard ANSIBLE_VERSION="2.4,<2.5" + - IMAGE="ubuntu:xenial" ODOO_VERSION=11.0 ODOO_INSTALL_TYPE=buildout ANSIBLE_VERSION="2.4,<2.5" + +install: + # Spawn a LXD container + - sudo ./tests/travis_lxd/install.sh + - sudo ./tests/travis_lxd/create_container.sh odoo-test + +script: + # Test the project into the container + - sudo lxc exec odoo-test -- sh -c "/opt/ansible-odoo/tests/run.sh" diff --git a/setup/odoo-playboook/roles/odoo/README.md b/setup/odoo-playboook/roles/odoo/README.md new file mode 100644 index 00000000..e538296a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/README.md @@ -0,0 +1,161 @@ +# Odoo [![Build Status](https://travis-ci.org/osiell/ansible-odoo.png)](https://travis-ci.org/osiell/ansible-odoo) + +Ansible role to install Odoo from a Git or Mercurial repository, +and configure it. + +This role supports two types of installation: + +* **standard**: install the Odoo dependencies from APT repositories and the +Odoo project from a Git/Hg repository. Odoo is configured with Ansible options +(`odoo_config_*` ones). + +* **buildout**: build the Odoo project from a Git/Hg repository containing a +Buildout configuration file based on the +[anybox.recipe.odoo](https://pypi.python.org/pypi/anybox.recipe.odoo/) recipe. +Odoo and its dependencies are then installed and executed inside a Python +virtual environment. The configuration part is also managed by Buildout +(`odoo_config_*` options are not used excepting the `odoo_config_db_*` ones +for PostgreSQL related tasks). + +Minimum Ansible Version: 2.4 + +## Supported versions and systems + +| System / Odoo | 8.0 | 9.0 | 10.0 | 11.0 | +|---------------|-----|-----|------|------| +| Debian 8 | yes | yes | yes | - | +| Debian 9 | yes | yes | yes | yes | +| Ubuntu 14.04 | yes | yes | yes | - | +| Ubuntu 16.04 | yes | yes | yes | yes | + +## Example (Playbook) + +### odoo_install_type: standard (default) + +Standard installation (assuming that PostgreSQL is installed and running on +the same host): + +```yaml +- name: Odoo + hosts: odoo_server + become: yes + roles: + - role: odoo + odoo_version: 11.0 + odoo_config_admin_passwd: SuPerPassWorD +``` + +With the standard installation type you configure Odoo with the available +`odoo_config_*` options. + +Standard installation but with PostgreSQL installed on a remote host (and +available from your Ansible inventory): + +```yaml +- name: Odoo + hosts: odoo_server + become: yes + roles: + - role: odoo + odoo_version: 11.0 + odoo_config_admin_passwd: SuPerPassWorD + odoo_config_db_host: pg_server + odoo_config_db_user: odoo + odoo_config_db_passwd: PaSsWoRd +``` + +Standard installation from a personnal Git repository such as your repository +looks like this: + +```sh +REPO/ +├── server # could be a sub-repository of https://github.com/odoo/odoo +├── addons_oca_web # another sub-repository (https://github.com/OCA/web here) +├── addons_oca_connector # yet another sub-repository (https://github.com/OCA/connector) +└── addons # custom modules +``` + +Here we set some options required by the ``connector`` framework: + +```yaml +- name: Odoo + hosts: odoo_server + become: yes + roles: + - role: odoo + odoo_version: 11.0 + odoo_repo_type: git + odoo_repo_url: https://SERVER/REPO + odoo_repo_rev: master + odoo_repo_dest: "/home/{{ odoo_user }}/odoo" + odoo_init_env: + ODOO_CONNECTOR_CHANNELS: root:2 + odoo_config_admin_passwd: SuPerPassWorD + odoo_config_addons_path: + - "/home/{{ odoo_user }}/odoo/server/openerp/addons" + - "/home/{{ odoo_user }}/odoo/server/addons" + - "/home/{{ odoo_user }}/odoo/addons_oca_web" + - "/home/{{ odoo_user }}/odoo/addons_oca_connector" + - "/home/{{ odoo_user }}/odoo/addons" + odoo_config_server_wide_modules: web,web_kanban,connector + odoo_config_workers: 8 +``` + + +The same but with PostgreSQL installed on a remote host (and available from +your Ansible inventory): + +```yaml +- name: Odoo + hosts: odoo_server + become: yes + roles: + - role: odoo + odoo_install_type: buildout + odoo_version: 11.0 + odoo_repo_type: git + odoo_repo_url: https://github.com/osiell/odoo-buildout-example.git + odoo_repo_rev: "{{ odoo_version }}" + odoo_repo_dest: "/home/{{ odoo_user }}/odoo" + odoo_config_db_host: pg_server + odoo_config_db_user: odoo + odoo_config_db_passwd: PaSsWoRd +``` + +By default Ansible is looking for a `bootstrap.py` script and a `buildout.cfg` +file at the root of the cloned repository to call Buildout, but you can change +that to point to your own files. Assuming your repository looks like this: + +```sh +REPO/ +├── addons # custom modules +├── bin +│   └── bootstrap.py +├── builtout.cfg +├── builtout.dev.cfg +├── builtout.prod.cfg +└── builtout.test.cfg +``` + +We just set the relevant options to tell Ansible the files to use with the +`odoo_buildout_*` options: + +```yaml +- name: Odoo + hosts: odoo_server + become: yes + roles: + - role: odoo + odoo_install_type: buildout + odoo_version: 11.0 + odoo_repo_type: git + odoo_repo_url: https://SERVER/REPO + odoo_repo_rev: master + odoo_repo_dest: "/home/{{ odoo_user }}/odoo" + odoo_buildout_bootstrap_path: "/home/{{ odoo_user }}/odoo/bin/bootstrap.py" + odoo_buildout_config_path: "/home/{{ odoo_user }}/odoo/buildout.prod.cfg" +``` + +## Variables + +See the [defaults/main.yml](defaults/main.yml) file. diff --git a/setup/odoo-playboook/roles/odoo/defaults/main.yml b/setup/odoo-playboook/roles/odoo/defaults/main.yml new file mode 100644 index 00000000..24d34b86 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/defaults/main.yml @@ -0,0 +1,110 @@ +ansible_ssh_pipelining: true + +odoo_install_type: standard +odoo_version: 11.0 +odoo_service: odoo +odoo_user: odoo +odoo_user_passwd: x +odoo_user_system: False +odoo_init: True +odoo_init_env: {} + #VAR1: value1 + #VAR2: value2 +odoo_logdir: "/var/log/{{ odoo_user }}" +odoo_workdir: "/home/{{ odoo_user }}/odoo" +odoo_rootdir: "/home/{{ odoo_user }}/odoo/server" +odoo_coredir: "/home/{{ odoo_user }}/odoo/server" + +# Project repository to deploy +odoo_repo_type: git # git or hg +odoo_repo_url: "https://github.com/odoo/odoo.git" +odoo_repo_dest: "{{ odoo_rootdir }}" +odoo_repo_rev: "{{ odoo_version }}" +odoo_repo_update: True # Update the working copy or not. This option is + # ignored on the first run (a checkout of the working + # copy is always processed on the given revision) + # WARNING: uncommited changes will be discarded! +odoo_repo_depth: 1 # Set to 0 to clone the full history (slower) + # (this option is not supported with hg) + +# Third party programs options +odoo_wkhtmltox_version: 0.12.1 # Download URLs available in the + # 'odoo_wkhtmltox_urls' variable + # (see 'vars/main.yml') +odoo_reportlab_font_url: http://www.reportlab.com/ftp/pfbfer.zip + +# Tasks related to PostgreSQL +odoo_postgresql_set_user: True +odoo_postgresql_user_role_attr: CREATEDB,NOSUPERUSER +odoo_postgresql_extensions: + - unaccent + +# Standard installation/configuration options (odoo_install_type == 'standard') +odoo_config_file: "/home/{{ odoo_user }}/{{ odoo_service }}.conf" +odoo_force_config: True +odoo_config_addons_path: + - "/home/{{ odoo_user }}/odoo/server/{{ (odoo_version | int) < 9 and 'openerp' or 'odoo' }}/addons" + - "/home/{{ odoo_user }}/odoo/server/addons" +odoo_config_admin_passwd: SuPerPassWorD +odoo_config_auto_reload: False +odoo_config_csv_internal_sep: ',' +odoo_config_data_dir: "/home/{{ odoo_user }}/.local/share/Odoo" +odoo_config_db_host: localhost +odoo_config_db_host_user: "{{ ansible_user }}" +odoo_config_db_maxconn: 64 +odoo_config_db_name: odoo +odoo_config_db_passwd: odoo +odoo_config_db_port: 5432 +odoo_config_db_sslmode: prefer # >= 11.0 +odoo_config_db_template: template1 +odoo_config_db_user: "{{ odoo_user }}" +odoo_config_dbfilter: '.*' +odoo_config_debug_mode: False # <= 9.0 +odoo_config_pidfile: None +odoo_config_proxy_mode: False +odoo_config_email_from: False +odoo_config_geoip_database: /usr/share/GeoIP/GeoLiteCity.dat +odoo_config_http_enable: True # >= 11.0 +odoo_config_http_interface: '' # >= 11.0 +odoo_config_http_port: 8069 # >= 11.0 +odoo_config_limit_memory_hard: 805306368 +odoo_config_limit_memory_soft: 671088640 +odoo_config_limit_time_cpu: 60 +odoo_config_limit_time_real: 120 +odoo_config_limit_time_real_cron: -1 # >= 10.0 +odoo_config_list_db: True +odoo_config_log_db: False +odoo_config_log_level: info +odoo_config_logfile: None +odoo_config_logrotate: True +odoo_config_longpolling_port: 8072 +odoo_config_osv_memory_age_limit: 1.0 +odoo_config_osv_memory_count_limit: False +odoo_config_max_cron_threads: 2 +odoo_config_secure_cert_file: server.cert +odoo_config_secure_pkey_file: server.pkey +odoo_config_server_wide_modules: None +odoo_config_smtp_password: False +odoo_config_smtp_port: 25 +odoo_config_smtp_server: localhost +odoo_config_smtp_ssl: False +odoo_config_smtp_user: False +odoo_config_syslog: False +odoo_config_timezone: False +odoo_config_translate_modules: "['all']" +odoo_config_unaccent: False +odoo_config_without_demo: False +odoo_config_workers: 0 +odoo_config_xmlrpc: True # <= 10.0 +odoo_config_xmlrpc_interface: '' # <= 10.0 +odoo_config_xmlrpc_port: 8069 # <= 10.0 +odoo_config_xmlrpcs: True # <= 8.0 +odoo_config_xmlrpcs_interface: '' # <= 8.0 +odoo_config_xmlrpcs_port: 8071 # <= 8.0 +# Custom configuration options +odoo_config_custom: {} + #your_option1: value1 + #your_option2: value2 + +# Extra options +odoo_user_sshkeys: "../../ssh_keys/*" # ../../path/to/public_keys/* diff --git a/setup/odoo-playboook/roles/odoo/handlers/main.yml b/setup/odoo-playboook/roles/odoo/handlers/main.yml new file mode 100644 index 00000000..208ada51 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: Restart Odoo + service: + name: "{{ odoo_service }}" + state: restarted + when: odoo_init == True diff --git a/setup/odoo-playboook/roles/odoo/meta/main.yml b/setup/odoo-playboook/roles/odoo/meta/main.yml new file mode 100644 index 00000000..785c63e4 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/meta/main.yml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: Sébastien Alix + description: Ansible role to install Odoo from a Git or Mercurial repository, and configure it. + company: OSIELL + license: GPLv3 + min_ansible_version: 2.4 + platforms: + - name: Debian + versions: + - jessie + - stretch + - name: Ubuntu + versions: + - trusty + - xenial + categories: + - web +dependencies: [] diff --git a/setup/odoo-playboook/roles/odoo/tasks/config.yml b/setup/odoo-playboook/roles/odoo/tasks/config.yml new file mode 100644 index 00000000..95b2e860 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/config.yml @@ -0,0 +1,8 @@ +--- + +- name: Generate Odoo configuration file + template: src=odoo-{{ odoo_version }}.conf dest={{ odoo_config_file }} + owner={{ odoo_user }} group={{ odoo_user }} mode=0600 + force={{ odoo_force_config and 'yes' or 'no' }} + backup=yes + notify: Restart Odoo diff --git a/setup/odoo-playboook/roles/odoo/tasks/install.yml b/setup/odoo-playboook/roles/odoo/tasks/install.yml new file mode 100644 index 00000000..1e0c4f19 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install.yml @@ -0,0 +1,109 @@ +--- + +- name: Install required tools + apt: pkg={{ item }} + state=installed + update_cache={{ odoo_apt_update_cache }} + cache_valid_time={{ odoo_apt_cache_valid_time }} + with_items: "{{ odoo_required_tools }}" + tags: + - odoo_required_tools + +- name: Add Odoo instance user + user: name={{ odoo_user }} shell=/bin/bash + password={{ odoo_user_passwd }} update_password=on_create + system={{ odoo_user_system }} + generate_ssh_key=yes ssh_key_bits=2048 + move_home=yes + home=/data/{{ odoo_user }} + tags: + - odoo_user + +- name: Add general odoo user + user: name=odoo shell=/bin/bash + password={{ odoo_general_user_passwd }} update_password=on_create + move_home=yes + home=/data/odoo + + become: yes + become_method: "sudo" + tags: + - odoo_user + +- name: Allow general odoo user to have passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^odoo$' + line: 'odoo ALL=(ALL:ALL) NOPASSWD: ALL' + validate: visudo -cf %s + +- name: Create log directory + file: path={{ odoo_logdir }} state=directory + owner={{ odoo_user }} group={{ odoo_user }} force=no + tags: + - odoo_log + +- name: Create log file + file: + path: "{{ odoo_logdir }}/{{ odoo_service }}.log" + state: touch + mode: "u=rw,g=rw,o=r" + owner: "{{ odoo_user }}" + group: "{{ odoo_user }}" + +- name: Create sym link to logfile + file: + src: "{{ odoo_logdir }}/{{ odoo_service }}.log" + dest: "/data/{{ odoo_user }}/log" + owner: "{{ odoo_user }}" + group: "{{ odoo_user }}" + state: link + tags: + - odoo_log + +- import_tasks: install_extra.yml + when: odoo_user_sshkeys is defined and odoo_user_sshkeys + tags: + - odoo_install_extra + +- name: Project repository already cloned? + stat: path={{ odoo_repo_dest }} + register: project_path + tags: + - odoo_project + +- name: Clone project repository (Git) + become: yes + become_user: "{{ odoo_user }}" + git: repo={{ odoo_repo_url }} + dest={{ odoo_repo_dest }} + version={{ odoo_repo_rev | string }} + update={{ project_path.stat.exists == False and 'yes' + or (odoo_repo_update and 'yes' or 'no') }} + depth={{ odoo_repo_depth }} + accept_hostkey=yes + key_file="/data/{{ odoo_user }}/.ssh/id_rsa" + when: odoo_repo_type == 'git' and odoo_repo_url + notify: Restart Odoo + tags: + - odoo_project + +- name: Standard installation + import_tasks: install_standard.yml + when: odoo_install_type == 'standard' + tags: + - odoo_install_type_standard + +- name: Install datenpol scripts + import_tasks: install_datenpol_scripts.yml + when: odoo_install_type == 'standard' + tags: + - odoo_install_dp_scripts + +- name: Install NPM packages + import_tasks: install_npm.yml + when: (odoo_version | int) >= 9 + tags: + - odoo + - odoo_packages diff --git a/setup/odoo-playboook/roles/odoo/tasks/install_datenpol_scripts.yml b/setup/odoo-playboook/roles/odoo/tasks/install_datenpol_scripts.yml new file mode 100644 index 00000000..d0dbf10a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install_datenpol_scripts.yml @@ -0,0 +1,44 @@ +--- + +- name: Generate restart.sh + template: src=restart.sh dest="/data/{{ odoo_user }}" + owner={{ odoo_user }} group={{ odoo_user }} mode=0755 + +- name: Generate update-source.sh + template: src=update-source.sh dest="/data/{{ odoo_user }}/odoo" + owner={{ odoo_user }} group={{ odoo_user }} mode=0755 + +- name: Ensure main pgdump directory exist + file: + path: "/var/pgdump" + state: directory + owner: "root" + group: "root" + mode: "u=rwx,g=rwx,o=rwx" + +- name: Ensure pgdump directory for instance exist + file: + path: "/var/pgdump/{{ odoo_instance }}" + state: directory + owner: "{{odoo_user}}" + group: "{{odoo_user}}" + mode: "u=rwx,g=,o=" + +- name: Generate odoo-backup.sh + template: src=odoo-backup.sh dest="/data/{{ odoo_user }}" + owner={{ odoo_user }} group={{ odoo_user }} mode=0755 + +- cron: + name: "Cron Job for backupscript" + hour: "1" + minute: "30" + job: "/data/{{ odoo_user }}/odoo-backup.sh" + user: "{{odoo_user}}" + +- name: Create deployment-history.txt + file: + path: "/data/{{ odoo_user }}/deployment-history.txt" + state: touch + mode: "u=rw,g=rw,o=r" + owner: "{{ odoo_user }}" + group: "{{ odoo_user }}" diff --git a/setup/odoo-playboook/roles/odoo/tasks/install_extra.yml b/setup/odoo-playboook/roles/odoo/tasks/install_extra.yml new file mode 100644 index 00000000..f17b7df6 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install_extra.yml @@ -0,0 +1,17 @@ +--- + +- name: Set SSH public keys for the Odoo instance user + authorized_key: user={{ odoo_user }} + key="{{ lookup('file', item) }}" + with_fileglob: + - "{{ odoo_user_sshkeys }}" + tags: + - odoo_ssh + +- name: Set SSH public keys for the Odoo general user + authorized_key: user=odoo + key="{{ lookup('file', item) }}" + with_fileglob: + - "{{ odoo_user_sshkeys }}" + tags: + - odoo_ssh diff --git a/setup/odoo-playboook/roles/odoo/tasks/install_npm.yml b/setup/odoo-playboook/roles/odoo/tasks/install_npm.yml new file mode 100644 index 00000000..40becdf6 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install_npm.yml @@ -0,0 +1,24 @@ +--- + +- name: Configure NodeJS APT repository signing key + apt_key: + url: "{{ item.url }}" + state: "{{ item.state }}" + with_items: "{{ odoo_nodejs_apt_keys | default([]) }}" + +- name: Configure NodeJS APT repository + apt_repository: + repo: "{{ item.repo }}" + state: "{{ item.state }}" + with_items: "{{ odoo_nodejs_apt_repositories | default([]) }}" + +- name: Install NodeJS + apt: pkg="{{ odoo_nodejs_apt_package }}" + state=installed + update_cache=yes + +- name: Install Odoo dependencies (npm) + npm: name={{ item.name }} + version={{ item.version }} + global=yes + with_items: "{{ odoo_npm_packages | default([]) }}" diff --git a/setup/odoo-playboook/roles/odoo/tasks/install_postgresql.yml b/setup/odoo-playboook/roles/odoo/tasks/install_postgresql.yml new file mode 100644 index 00000000..6ca14564 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install_postgresql.yml @@ -0,0 +1,13 @@ +--- + +- name: Install PostgreSQL + apt: name={{ item }} update_cache=true state=installed + with_items: + - postgresql + - postgresql-contrib + - libpq-dev + - python-psycopg2 + tags: packages + +- name: Ensure the PostgreSQL service is running + service: name=postgresql state=started enabled=yes diff --git a/setup/odoo-playboook/roles/odoo/tasks/install_standard.yml b/setup/odoo-playboook/roles/odoo/tasks/install_standard.yml new file mode 100644 index 00000000..bd58ca4a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/install_standard.yml @@ -0,0 +1,27 @@ +--- + +- name: Install Odoo dependencies + apt: pkg={{ item }} + state=installed + update_cache={{ odoo_apt_update_cache }} + cache_valid_time={{ odoo_apt_cache_valid_time }} + with_items: "{{ odoo_debian_packages }}" + tags: + - odoo_packages + +- name: Install Odoo dependencies (PyPi) + pip: name={{ item }} + with_items: "{{ odoo_pypi_packages }}" + tags: + - odoo_packages + +- import_tasks: config.yml + tags: + - odoo_config + +- name: Generate Odoo init script + template: src=odoo-{{ odoo_version }}.init dest=/etc/init.d/{{ odoo_service }} + owner=root group=root mode=0755 + force={{ odoo_force_config and 'yes' or 'no' }} + backup=yes + notify: Restart Odoo diff --git a/setup/odoo-playboook/roles/odoo/tasks/main.yml b/setup/odoo-playboook/roles/odoo/tasks/main.yml new file mode 100644 index 00000000..e529a2bd --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/main.yml @@ -0,0 +1,33 @@ +--- + +- name: Set variables depending on the platform and the version of Odoo + include_vars: "{{ item }}" + with_first_found: + - "../vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version | int}}_Odoo-{{ odoo_version | int }}.yml" + tags: + - always + +- import_tasks: install.yml + tags: + - odoo + - odoo_install + +- import_tasks: reportlab.yml + tags: + - odoo + - odoo_reportlab + +- import_tasks: install_postgresql.yml + tags: + - odoo + - odoo_postgresql + +- import_tasks: postgresql.yml + tags: + - odoo + - odoo_postgresql + +- import_tasks: service.yml + tags: + - odoo + - odoo_service diff --git a/setup/odoo-playboook/roles/odoo/tasks/postgresql.yml b/setup/odoo-playboook/roles/odoo/tasks/postgresql.yml new file mode 100644 index 00000000..250c72da --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/postgresql.yml @@ -0,0 +1,30 @@ +--- + +- name: Delegate PostgreSQL tasks to the relevant host + set_fact: + odoo_postgresql_delegate_to: "{{ odoo_config_db_host if ((odoo_config_db_host|bool) != False) else inventory_hostname }}" + odoo_postgresql_remote_user: "{{ odoo_config_db_host_user if ((odoo_config_db_host|bool) != False) else ansible_user }}" + +- block: + + - name: PostgreSQL - Add the Odoo user + postgresql_user: name={{ odoo_config_db_user }} + role_attr_flags={{ odoo_postgresql_user_role_attr }} + when: odoo_postgresql_set_user + + - name: PostgreSQL - Set the Odoo user password + postgresql_user: name={{ odoo_config_db_user }} + password={{ odoo_config_db_passwd }} + when: odoo_config_db_passwd is defined and odoo_config_db_passwd + and odoo_postgresql_set_user + + - name: PostgreSQL - Activate some extensions on the 'template1' database + postgresql_ext: + name: "{{ item }}" + db: template1 + with_items: "{{ odoo_postgresql_extensions }}" + + delegate_to: "{{ odoo_postgresql_delegate_to }}" + remote_user: "{{ odoo_postgresql_remote_user }}" + become: yes + become_user: postgres diff --git a/setup/odoo-playboook/roles/odoo/tasks/reportlab.yml b/setup/odoo-playboook/roles/odoo/tasks/reportlab.yml new file mode 100644 index 00000000..3537fbd5 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/reportlab.yml @@ -0,0 +1,20 @@ +--- +# Download and install the barcode fonts from ReportLab +- name: Download the ReportLab barcode fonts + get_url: url="{{ odoo_reportlab_font_url }}" + dest="/root/pfbfer.zip" + +- name: Create the font directory + file: path="/home/{{ odoo_user }}/fonts" state=directory + +- name: Install unzip + apt: name=unzip state=installed + +- name: Unzip the ReportLab fonts + unarchive: src="/root/pfbfer.zip" + dest="/home/{{ odoo_user }}/fonts" + owner={{ odoo_user }} + group={{ odoo_user }} + mode="u=rwX,go=rX" + copy=No + creates="/home/{{ odoo_user }}/fonts/_abi____.pfb" diff --git a/setup/odoo-playboook/roles/odoo/tasks/service.yml b/setup/odoo-playboook/roles/odoo/tasks/service.yml new file mode 100644 index 00000000..0bcab1ff --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/service.yml @@ -0,0 +1,9 @@ +--- + +- name: Enable Odoo service + service: name={{ odoo_service }} enabled=yes state=started + when: odoo_init == True + +- name: Disable Odoo service + service: name={{ odoo_service }} enabled=no state=stopped + when: odoo_init == False diff --git a/setup/odoo-playboook/roles/odoo/tasks/wkhtmltox.yml b/setup/odoo-playboook/roles/odoo/tasks/wkhtmltox.yml new file mode 100644 index 00000000..4fa88a95 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tasks/wkhtmltox.yml @@ -0,0 +1,29 @@ +--- + +- name: Detect Debian architecture (i386 or amd64) + set_fact: odoo_debian_arch={{ '64' in ansible_architecture and 'amd64' or 'i386' }} + +- name: Download wkhtmltox + get_url: url={{ item }} + dest={{ odoo_wkhtmltox_dest }} + with_items: "{{ odoo_wkhtmltox_urls }}" + ignore_errors: True + when: odoo_wkhtmltox_version is defined and odoo_wkhtmltox_version != False + +# Use to detect that the package was downloaded. +# We can not register the result of the previous task to check this as Ansible +# will flag it as failed as soon as one URL fails (even if the download has +# worked on a further URL) +- name: Check wkhtmltox package + stat: path={{ odoo_wkhtmltox_dest }} + register: odoo_wkhtmltox_pkg + +- name: Install wkhtmltox dependencies + apt: pkg={{ item }} + with_items: "{{ odoo_wkhtmltox_depends }}" + when: odoo_wkhtmltox_version is defined and odoo_wkhtmltox_version != False and odoo_wkhtmltox_pkg.stat.exists + +- name: Install wkhtmltox + apt: deb="/root/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb" + force=yes + when: odoo_wkhtmltox_version is defined and odoo_wkhtmltox_version != False and odoo_wkhtmltox_pkg.stat.exists diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf new file mode 100644 index 00000000..2af2e5de --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf @@ -0,0 +1,60 @@ +[options] +addons_path = {{ odoo_config_addons_path.__class__.__name__ == 'list' and odoo_config_addons_path | join(',') or odoo_config_addons_path }} +admin_passwd = {{ odoo_config_admin_passwd }} +csv_internal_sep = {{ odoo_config_csv_internal_sep }} +data_dir = {{ odoo_config_data_dir }} +db_host = {{ odoo_config_db_host not in [False, 'localhost', '127.0.0.1'] and odoo_config_db_host in hostvars and hostvars[odoo_config_db_host].get('ansible_host') or odoo_config_db_host }} +db_maxconn = {{ odoo_config_db_maxconn }} +db_name = {{ odoo_config_db_name }} +db_password = {{ odoo_config_db_passwd }} +db_port = {{ odoo_config_db_port }} +db_template = {{ odoo_config_db_template }} +db_user = {{ odoo_config_db_user }} +dbfilter = {{ odoo_config_dbfilter }} +demo = {} +email_from = {{ odoo_config_email_from }} +geoip_database = {{ odoo_config_geoip_database }} +import_partial = +limit_memory_hard = {{ odoo_config_limit_memory_hard }} +limit_memory_soft = {{ odoo_config_limit_memory_soft }} +limit_request = 8192 +limit_time_cpu = {{ odoo_config_limit_time_cpu }} +limit_time_real = {{ odoo_config_limit_time_real }} +limit_time_real_cron = {{ odoo_config_limit_time_real_cron }} +list_db = {{ odoo_config_list_db }} +log_db = {{ odoo_config_log_db }} +log_db_level = warning +log_handler = :INFO +log_level = {{ odoo_config_log_level }} +logfile = {{ odoo_config_logfile }} +logrotate = {{ odoo_config_logrotate }} +longpolling_port = {{ odoo_config_longpolling_port }} +max_cron_threads = {{ odoo_config_max_cron_threads }} +osv_memory_age_limit = {{ odoo_config_osv_memory_age_limit }} +osv_memory_count_limit = {{ odoo_config_osv_memory_count_limit }} +pg_path = None +pidfile = {{ odoo_config_pidfile }} +proxy_mode = {{ odoo_config_proxy_mode }} +reportgz = False +server_wide_modules = {{ odoo_config_server_wide_modules }} +smtp_password = {{ odoo_config_smtp_password }} +smtp_port = {{ odoo_config_smtp_port }} +smtp_server = {{ odoo_config_smtp_server }} +smtp_ssl = {{ odoo_config_smtp_ssl }} +smtp_user = {{ odoo_config_smtp_user }} +syslog = {{ odoo_config_syslog }} +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = {{ odoo_config_translate_modules }} +unaccent = {{ odoo_config_unaccent }} +without_demo = {{ odoo_config_without_demo }} +workers = {{ odoo_config_workers }} +xmlrpc = {{ odoo_config_xmlrpc }} +xmlrpc_interface = {{ odoo_config_xmlrpc_interface }} +xmlrpc_port = {{ odoo_config_xmlrpc_port }} +{% for name in odoo_config_custom | sort %} +{{ name }} = {{ odoo_config_custom[name] }} +{% endfor %} + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf.orig b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf.orig new file mode 100644 index 00000000..471f9fc1 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.conf.orig @@ -0,0 +1,57 @@ +[options] +addons_path = /home/odoo/odoo/parts/odoo/odoo/addons,/home/odoo/odoo/parts/odoo/addons +admin_passwd = admin +csv_internal_sep = , +data_dir = /home/odoo/.local/share/Odoo +db_host = False +db_maxconn = 64 +db_name = False +db_password = False +db_port = False +db_template = template1 +db_user = False +dbfilter = .* +demo = {} +email_from = False +geoip_database = /usr/share/GeoIP/GeoLiteCity.dat +import_partial = +limit_memory_hard = 2684354560 +limit_memory_soft = 2147483648 +limit_request = 8192 +limit_time_cpu = 60 +limit_time_real = 120 +limit_time_real_cron = -1 +list_db = True +log_db = False +log_db_level = warning +log_handler = :INFO +log_level = info +logfile = None +logrotate = False +longpolling_port = 8072 +max_cron_threads = 2 +osv_memory_age_limit = 1.0 +osv_memory_count_limit = False +pg_path = None +pidfile = None +proxy_mode = False +reportgz = False +server_wide_modules = web,web_kanban +smtp_password = False +smtp_port = 25 +smtp_server = localhost +smtp_ssl = False +smtp_user = False +syslog = False +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = ['all'] +unaccent = False +without_demo = False +workers = 0 +xmlrpc = True +xmlrpc_interface = +xmlrpc_port = 8069 + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.init b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.init new file mode 100644 index 00000000..c500ca54 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-10.0.init @@ -0,0 +1,81 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: {{ odoo_service }} +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start odoo daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO +## more info: http://wiki.debian.org/LSBInitScripts + +. /lib/lsb/init-functions + +PATH=/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin +WORKDIR={{ odoo_workdir }} +DAEMON={{ odoo_coredir }}/odoo-bin +NAME={{ odoo_service }} +DESC={{ odoo_service }} +CONFIG={{ odoo_config_file }} +LOGFILE={{ odoo_logdir }}/{{ odoo_service }}.log +PIDFILE=/var/run/${NAME}.pid +USER={{ odoo_user }} +export LOGNAME=$USER +{% if odoo_init_env %} +# Custom environment variables +{% for name, value in odoo_init_env.iteritems() %} +export {{ name }}={{ value }} +{% endfor %} +{% endif %} + +test -x $DAEMON || exit 0 +set -e + +function _start() { + start-stop-daemon --chdir=${WORKDIR} --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --config $CONFIG --logfile $LOGFILE +} + +function _stop() { + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3 + rm -f $PIDFILE +} + +function _status() { + start-stop-daemon --status --quiet --pidfile $PIDFILE + return $? +} + + +case "$1" in + start) + echo -n "Starting $DESC: " + _start + echo "ok" + ;; + stop) + echo -n "Stopping $DESC: " + _stop + echo "ok" + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + _stop + sleep 1 + _start + echo "ok" + ;; + status) + echo -n "Status of $DESC: " + _status && echo "running" || echo "stopped" + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf new file mode 100644 index 00000000..6eecb6d5 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf @@ -0,0 +1,60 @@ +[options] +addons_path = {{ odoo_config_addons_path.__class__.__name__ == 'list' and odoo_config_addons_path | join(',') or odoo_config_addons_path }} +admin_passwd = {{ odoo_config_admin_passwd }} +csv_internal_sep = {{ odoo_config_csv_internal_sep }} +data_dir = {{ odoo_config_data_dir }} +db_host = {{ odoo_config_db_host not in [False, 'localhost', '127.0.0.1'] and odoo_config_db_host in hostvars and hostvars[odoo_config_db_host].get('ansible_host') or odoo_config_db_host }} +db_maxconn = {{ odoo_config_db_maxconn }} +db_password = {{ odoo_config_db_passwd }} +db_port = {{ odoo_config_db_port }} +db_sslmode = {{ odoo_config_db_sslmode }} +db_template = {{ odoo_config_db_template }} +db_user = {{ odoo_config_db_user }} +dbfilter = {{ odoo_config_dbfilter }} +demo = {} +email_from = {{ odoo_config_email_from }} +geoip_database = {{ odoo_config_geoip_database }} +http_enable = {{ odoo_config_http_enable or odoo_config_xmlrpc }} +http_interface = {{ odoo_config_http_interface or odoo_config_xmlrpc_interface }} +http_port = {{ odoo_config_http_port or odoo_config_xmlrpc_port }} +import_partial = +limit_memory_hard = {{ odoo_config_limit_memory_hard }} +limit_memory_soft = {{ odoo_config_limit_memory_soft }} +limit_request = 8192 +limit_time_cpu = {{ odoo_config_limit_time_cpu }} +limit_time_real = {{ odoo_config_limit_time_real }} +limit_time_real_cron = {{ odoo_config_limit_time_real_cron }} +list_db = {{ odoo_config_list_db }} +log_db = {{ odoo_config_log_db }} +log_db_level = warning +log_handler = :INFO +log_level = {{ odoo_config_log_level }} +logfile = {{ odoo_config_logfile }} +logrotate = {{ odoo_config_logrotate }} +longpolling_port = {{ odoo_config_longpolling_port }} +max_cron_threads = {{ odoo_config_max_cron_threads }} +osv_memory_age_limit = {{ odoo_config_osv_memory_age_limit }} +osv_memory_count_limit = {{ odoo_config_osv_memory_count_limit }} +pg_path = None +pidfile = {{ odoo_config_pidfile }} +proxy_mode = {{ odoo_config_proxy_mode }} +reportgz = False +server_wide_modules = {{ odoo_config_server_wide_modules }} +smtp_password = {{ odoo_config_smtp_password }} +smtp_port = {{ odoo_config_smtp_port }} +smtp_server = {{ odoo_config_smtp_server }} +smtp_ssl = {{ odoo_config_smtp_ssl }} +smtp_user = {{ odoo_config_smtp_user }} +syslog = {{ odoo_config_syslog }} +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = {{ odoo_config_translate_modules }} +unaccent = {{ odoo_config_unaccent }} +without_demo = {{ odoo_config_without_demo }} +workers = {{ odoo_config_workers }} +{% for name in odoo_config_custom | sort %} +{{ name }} = {{ odoo_config_custom[name] }} +{% endfor %} + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf.orig b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf.orig new file mode 100644 index 00000000..5315e086 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.conf.orig @@ -0,0 +1,58 @@ +[options] +addons_path = /home/odoo/odoo/parts/odoo/odoo/addons,/home/odoo/odoo/parts/odoo/addons +admin_passwd = admin +csv_internal_sep = , +data_dir = /home/odoo/.local/share/Odoo +db_host = False +db_maxconn = 64 +db_name = False +db_password = False +db_port = False +db_sslmode = prefer +db_template = template1 +db_user = False +dbfilter = .* +demo = {} +email_from = False +geoip_database = /usr/share/GeoIP/GeoLiteCity.dat +http_enable = True +http_interface = +http_port = 8069 +import_partial = +limit_memory_hard = 2684354560 +limit_memory_soft = 2147483648 +limit_request = 8192 +limit_time_cpu = 60 +limit_time_real = 120 +limit_time_real_cron = -1 +list_db = True +log_db = False +log_db_level = warning +log_handler = :INFO +log_level = info +logfile = None +logrotate = True +longpolling_port = 8072 +max_cron_threads = 2 +osv_memory_age_limit = 1.0 +osv_memory_count_limit = False +pg_path = None +pidfile = None +proxy_mode = False +reportgz = False +server_wide_modules = web +smtp_password = False +smtp_port = 25 +smtp_server = localhost +smtp_ssl = False +smtp_user = False +syslog = False +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = ['all'] +unaccent = False +without_demo = False +workers = 0 + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.init b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.init new file mode 120000 index 00000000..5cb17129 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-11.0.init @@ -0,0 +1 @@ +odoo-10.0.init \ No newline at end of file diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.conf b/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.conf new file mode 100644 index 00000000..9850dc6e --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.conf @@ -0,0 +1,66 @@ +[options] +addons_path = {{ odoo_config_addons_path.__class__.__name__ == 'list' and odoo_config_addons_path | join(',') or odoo_config_addons_path }} +admin_passwd = {{ odoo_config_admin_passwd }} +auto_reload = {{ odoo_config_auto_reload }} +csv_internal_sep = {{ odoo_config_csv_internal_sep }} +data_dir = {{ odoo_config_data_dir }} +db_host = {{ odoo_config_db_host not in [False, 'localhost', '127.0.0.1'] and odoo_config_db_host in hostvars and hostvars[odoo_config_db_host].get('ansible_host') or odoo_config_db_host }} +db_maxconn = {{ odoo_config_db_maxconn }} +db_name = {{ odoo_config_db_name }} +db_password = {{ odoo_config_db_passwd }} +db_port = {{ odoo_config_db_port }} +db_template = {{ odoo_config_db_template }} +db_user = {{ odoo_config_db_user }} +dbfilter = {{ odoo_config_dbfilter }} +debug_mode = {{ odoo_config_debug_mode }} +demo = {} +email_from = {{ odoo_config_email_from }} +geoip_database = {{ odoo_config_geoip_database }} +import_partial = +limit_memory_hard = {{ odoo_config_limit_memory_hard }} +limit_memory_soft = {{ odoo_config_limit_memory_soft }} +limit_request = 8192 +limit_time_cpu = {{ odoo_config_limit_time_cpu }} +limit_time_real = {{ odoo_config_limit_time_real }} +list_db = {{ odoo_config_list_db }} +log_db = {{ odoo_config_log_db }} +log_handler = [':INFO'] +log_level = {{ odoo_config_log_level }} +logfile = {{ odoo_config_logfile }} +logrotate = {{ odoo_config_logrotate }} +longpolling_port = {{ odoo_config_longpolling_port }} +max_cron_threads = {{ odoo_config_max_cron_threads }} +osv_memory_age_limit = {{ odoo_config_osv_memory_age_limit }} +osv_memory_count_limit = {{ odoo_config_osv_memory_count_limit }} +pg_path = None +pidfile = {{ odoo_config_pidfile }} +proxy_mode = {{ odoo_config_proxy_mode }} +reportgz = False +secure_cert_file = {{ odoo_config_secure_cert_file }} +secure_pkey_file = {{ odoo_config_secure_pkey_file }} +server_wide_modules = {{ odoo_config_server_wide_modules }} +smtp_password = {{ odoo_config_smtp_password }} +smtp_port = {{ odoo_config_smtp_port }} +smtp_server = {{ odoo_config_smtp_server }} +smtp_ssl = {{ odoo_config_smtp_ssl }} +smtp_user = {{ odoo_config_smtp_user }} +syslog = {{ odoo_config_syslog }} +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +timezone = {{ odoo_config_timezone }} +translate_modules = {{ odoo_config_translate_modules }} +unaccent = {{ odoo_config_unaccent }} +without_demo = {{ odoo_config_without_demo }} +workers = {{ odoo_config_workers }} +xmlrpc = {{ odoo_config_xmlrpc }} +xmlrpc_interface = {{ odoo_config_xmlrpc_interface }} +xmlrpc_port = {{ odoo_config_xmlrpc_port }} +xmlrpcs = {{ odoo_config_xmlrpcs }} +xmlrpcs_interface = {{ odoo_config_xmlrpcs_interface }} +xmlrpcs_port = {{ odoo_config_xmlrpcs_port }} +{% for name in odoo_config_custom | sort %} +{{ name }} = {{ odoo_config_custom[name] }} +{% endfor %} + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.init b/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.init new file mode 100644 index 00000000..88fa622a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-8.0.init @@ -0,0 +1,81 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: {{ odoo_service }} +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start odoo daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO +## more info: http://wiki.debian.org/LSBInitScripts + +. /lib/lsb/init-functions + +PATH=/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin +WORKDIR={{ odoo_workdir }} +DAEMON={{ odoo_rootdir }}/odoo.py +NAME={{ odoo_service }} +DESC={{ odoo_service }} +CONFIG={{ odoo_config_file }} +LOGFILE={{ odoo_logdir }}/{{ odoo_service }}.log +PIDFILE=/var/run/${NAME}.pid +USER={{ odoo_user }} +export LOGNAME=$USER +{% if odoo_init_env %} +# Custom environment variables +{% for name, value in odoo_init_env.iteritems() %} +export {{ name }}={{ value }} +{% endfor %} +{% endif %} + +test -x $DAEMON || exit 0 +set -e + +function _start() { + start-stop-daemon --chdir=${WORKDIR} --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --config $CONFIG --logfile $LOGFILE{{ odoo_config_server_wide_modules not in [False, 'None', ''] and ' --load=%s' % odoo_config_server_wide_modules or '' }} +} + +function _stop() { + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3 + rm -f $PIDFILE +} + +function _status() { + start-stop-daemon --status --quiet --pidfile $PIDFILE + return $? +} + + +case "$1" in + start) + echo -n "Starting $DESC: " + _start + echo "ok" + ;; + stop) + echo -n "Stopping $DESC: " + _stop + echo "ok" + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + _stop + sleep 1 + _start + echo "ok" + ;; + status) + echo -n "Status of $DESC: " + _status && echo "running" || echo "stopped" + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf new file mode 100644 index 00000000..2eba5f87 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf @@ -0,0 +1,61 @@ +[options] +addons_path = {{ odoo_config_addons_path.__class__.__name__ == 'list' and odoo_config_addons_path | join(',') or odoo_config_addons_path }} +admin_passwd = {{ odoo_config_admin_passwd }} +csv_internal_sep = {{ odoo_config_csv_internal_sep }} +data_dir = {{ odoo_config_data_dir }} +db_host = {{ odoo_config_db_host not in [False, 'localhost', '127.0.0.1'] and odoo_config_db_host in hostvars and hostvars[odoo_config_db_host].get('ansible_host') or odoo_config_db_host }} +db_maxconn = {{ odoo_config_db_maxconn }} +db_name = {{ odoo_config_db_name }} +db_password = {{ odoo_config_db_passwd }} +db_port = {{ odoo_config_db_port }} +db_template = {{ odoo_config_db_template }} +db_user = {{ odoo_config_db_user }} +dbfilter = {{ odoo_config_dbfilter }} +debug_mode = {{ odoo_config_debug_mode }} +demo = {} +dev_mode = False +email_from = {{ odoo_config_email_from }} +geoip_database = {{ odoo_config_geoip_database }} +import_partial = +limit_memory_hard = {{ odoo_config_limit_memory_hard }} +limit_memory_soft = {{ odoo_config_limit_memory_soft }} +limit_request = 8192 +limit_time_cpu = {{ odoo_config_limit_time_cpu }} +limit_time_real = {{ odoo_config_limit_time_real }} +list_db = {{ odoo_config_list_db }} +log_db = {{ odoo_config_log_db }} +log_db_level = warning +log_handler = :INFO +log_level = {{ odoo_config_log_level }} +logfile = {{ odoo_config_logfile }} +logrotate = {{ odoo_config_logrotate }} +longpolling_port = {{ odoo_config_longpolling_port }} +max_cron_threads = {{ odoo_config_max_cron_threads }} +osv_memory_age_limit = {{ odoo_config_osv_memory_age_limit }} +osv_memory_count_limit = {{ odoo_config_osv_memory_count_limit }} +pg_path = None +pidfile = {{ odoo_config_pidfile }} +proxy_mode = {{ odoo_config_proxy_mode }} +reportgz = False +server_wide_modules = {{ odoo_config_server_wide_modules }} +smtp_password = {{ odoo_config_smtp_password }} +smtp_port = {{ odoo_config_smtp_port }} +smtp_server = {{ odoo_config_smtp_server }} +smtp_ssl = {{ odoo_config_smtp_ssl }} +smtp_user = {{ odoo_config_smtp_user }} +syslog = {{ odoo_config_syslog }} +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = {{ odoo_config_translate_modules }} +unaccent = {{ odoo_config_unaccent }} +without_demo = {{ odoo_config_without_demo }} +workers = {{ odoo_config_workers }} +xmlrpc = {{ odoo_config_xmlrpc }} +xmlrpc_interface = {{ odoo_config_xmlrpc_interface }} +xmlrpc_port = {{ odoo_config_xmlrpc_port }} +{% for name in odoo_config_custom | sort %} +{{ name }} = {{ odoo_config_custom[name] }} +{% endfor %} + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf.orig b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf.orig new file mode 100644 index 00000000..11b871cb --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.conf.orig @@ -0,0 +1,58 @@ +[options] +addons_path = /home/odoo/odoo-9.0/openerp/addons,/home/odoo/odoo-9.0/addons +admin_passwd = admin +csv_internal_sep = , +data_dir = /home/odoo/.local/share/Odoo +db_host = False +db_maxconn = 64 +db_name = False +db_password = False +db_port = False +db_template = template1 +db_user = False +dbfilter = .* +debug_mode = False +demo = {} +dev_mode = False +email_from = False +geoip_database = /usr/share/GeoIP/GeoLiteCity.dat +import_partial = +limit_memory_hard = 2684354560 +limit_memory_soft = 2147483648 +limit_request = 8192 +limit_time_cpu = 60 +limit_time_real = 120 +list_db = True +log_db = False +log_db_level = warning +log_handler = :INFO +log_level = info +logfile = None +logrotate = False +longpolling_port = 8072 +max_cron_threads = 2 +osv_memory_age_limit = 1.0 +osv_memory_count_limit = False +pg_path = None +pidfile = None +proxy_mode = False +reportgz = False +server_wide_modules = None +smtp_password = False +smtp_port = 25 +smtp_server = localhost +smtp_ssl = False +smtp_user = False +syslog = False +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +translate_modules = ['all'] +unaccent = False +without_demo = False +workers = 0 +xmlrpc = True +xmlrpc_interface = +xmlrpc_port = 8069 + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.init b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.init new file mode 100644 index 00000000..88fa622a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-9.0.init @@ -0,0 +1,81 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: {{ odoo_service }} +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start odoo daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO +## more info: http://wiki.debian.org/LSBInitScripts + +. /lib/lsb/init-functions + +PATH=/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin +WORKDIR={{ odoo_workdir }} +DAEMON={{ odoo_rootdir }}/odoo.py +NAME={{ odoo_service }} +DESC={{ odoo_service }} +CONFIG={{ odoo_config_file }} +LOGFILE={{ odoo_logdir }}/{{ odoo_service }}.log +PIDFILE=/var/run/${NAME}.pid +USER={{ odoo_user }} +export LOGNAME=$USER +{% if odoo_init_env %} +# Custom environment variables +{% for name, value in odoo_init_env.iteritems() %} +export {{ name }}={{ value }} +{% endfor %} +{% endif %} + +test -x $DAEMON || exit 0 +set -e + +function _start() { + start-stop-daemon --chdir=${WORKDIR} --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --config $CONFIG --logfile $LOGFILE{{ odoo_config_server_wide_modules not in [False, 'None', ''] and ' --load=%s' % odoo_config_server_wide_modules or '' }} +} + +function _stop() { + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3 + rm -f $PIDFILE +} + +function _status() { + start-stop-daemon --status --quiet --pidfile $PIDFILE + return $? +} + + +case "$1" in + start) + echo -n "Starting $DESC: " + _start + echo "ok" + ;; + stop) + echo -n "Stopping $DESC: " + _stop + echo "ok" + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + _stop + sleep 1 + _start + echo "ok" + ;; + status) + echo -n "Status of $DESC: " + _status && echo "running" || echo "stopped" + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-backup.sh b/setup/odoo-playboook/roles/odoo/templates/odoo-backup.sh new file mode 100755 index 00000000..855f6b19 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-backup.sh @@ -0,0 +1,33 @@ +#!/bin/sh +#dump the Odoo DB (postgreSQL) +#author: datenpol GmbH + +hostname=`/bin/hostname` + + +dbnames=`psql -d postgres -c "SELECT datname FROM pg_database WHERE NOT datistemplate AND datname <> 'postgres' AND datname like '{{odoo_instance}}%'" --tuples-only` + +# Dump DBs +for db in $dbnames +do + echo "creating backup for db: " $db + date=`date +"%Y%m%d_%H%M%N"` + filename="/var/pgdump/{{odoo_instance}}/${hostname}_${db}_${date}.sql" + pg_dump -E UTF-8 -F p -b -f $filename $db + chmod 600 $filename + gzip $filename +done + + +########################################## +## Housekeeping +########################################## +for file in `find /var/pgdump/{{odoo_instance}} -mtime +30 -type f -name '*.sql.gz'` +do + echo "deleting: " $file + rm $file +done + + +exit 0 + diff --git a/setup/odoo-playboook/roles/odoo/templates/odoo-buildout.init b/setup/odoo-playboook/roles/odoo/templates/odoo-buildout.init new file mode 100644 index 00000000..4ef2299b --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/odoo-buildout.init @@ -0,0 +1,85 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: {{ odoo_service }} +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start odoo daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO +## more info: http://wiki.debian.org/LSBInitScripts + +. /lib/lsb/init-functions + +PATH=/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin +WORKDIR={{ odoo_workdir }} +DAEMON={{ odoo_buildout_odoo_bin_path }} +NAME={{ odoo_service }} +DESC={{ odoo_service }} +LOGFILE={{ odoo_logdir }}/{{ odoo_service }}.log +PIDFILE=/var/run/${NAME}.pid +USER={{ odoo_user }} +export LOGNAME=$USER +{% if odoo_init_env %} +# Custom environment variables +{% for name, value in odoo_init_env.iteritems() %} +export {{ name }}={{ value }} +{% endfor %} +{% endif %} + +test -x $DAEMON || exit 0 +set -e + +function _start() { + # '--load' is used here as Odoo ignores the 'server_wide_modules' option + # from the configuration file + # Odoo: https://github.com/odoo/odoo/pull/13685 + # OCB: https://github.com/OCA/OCB/pull/553 + start-stop-daemon --chdir=${WORKDIR} --start --quiet --pidfile $PIDFILE --chuid $USER:$USER --background --make-pidfile --exec $DAEMON -- --logfile $LOGFILE{{ odoo_config_server_wide_modules not in [False, 'None', ''] and ' --load=%s' % odoo_config_server_wide_modules or '' }} +} + +function _stop() { + start-stop-daemon --stop --quiet --pidfile $PIDFILE --oknodo --retry 3 + rm -f $PIDFILE +} + +function _status() { + start-stop-daemon --status --quiet --pidfile $PIDFILE + return $? +} + + +case "$1" in + start) + echo -n "Starting $DESC: " + _start + echo "ok" + ;; + stop) + echo -n "Stopping $DESC: " + _stop + echo "ok" + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + _stop + sleep 1 + _start + echo "ok" + ;; + status) + echo -n "Status of $DESC: " + _status && echo "running" || echo "stopped" + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/setup/odoo-playboook/roles/odoo/templates/restart.sh b/setup/odoo-playboook/roles/odoo/templates/restart.sh new file mode 100755 index 00000000..90b1d31a --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/restart.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# info: restart Odoo server +# author: datenpol gmbh + + +LOGFILE=deployment-history.txt +sudo /etc/init.d/{{ odoo_service }} restart +echo "Restart `date`" >> $LOGFILE diff --git a/setup/odoo-playboook/roles/odoo/templates/update-source.sh b/setup/odoo-playboook/roles/odoo/templates/update-source.sh new file mode 100755 index 00000000..acb393cd --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/templates/update-source.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# author: datenpol gmbh + +LOGFILE=../deployment-history.txt + +cd ext +git pull +git log --pretty=format:"%h - %an, %ad : %s" -1 >> $LOGFILE +echo "" >> $LOGFILE \ No newline at end of file diff --git a/setup/odoo-playboook/roles/odoo/tests/install_test_env.sh b/setup/odoo-playboook/roles/odoo/tests/install_test_env.sh new file mode 100755 index 00000000..43a389b2 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/install_test_env.sh @@ -0,0 +1,14 @@ +#!/bin/bash +HERE=$(dirname $(readlink -m $0)) +VENV=/opt/ansible-venv +GET_PIP_URL="https://bootstrap.pypa.io/get-pip.py" +# Install system dependencies +apt-get update -qq +apt-get install -qq python-virtualenv python-apt python-pip python-dev lsb-release wget ca-certificates +# Install Ansible in a virtual Python environment +virtualenv $VENV +wget $GET_PIP_URL -O $VENV/get-pip.py +$VENV/bin/python $VENV/get-pip.py +$VENV/bin/pip install "ansible>=$ANSIBLE_VERSION" +# Install PostgreSQL +apt-get install -qq postgresql postgresql-contrib diff --git a/setup/odoo-playboook/roles/odoo/tests/inventory b/setup/odoo-playboook/roles/odoo/tests/inventory new file mode 100644 index 00000000..2fbb50c4 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/setup/odoo-playboook/roles/odoo/tests/run.sh b/setup/odoo-playboook/roles/odoo/tests/run.sh new file mode 100755 index 00000000..558a0ea8 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/run.sh @@ -0,0 +1,41 @@ +#!/bin/sh +HERE=$(dirname $(readlink -m $0)) +VENV=/opt/ansible-venv +CMD="$VENV/bin/ansible-playbook -i tests/inventory" +cd $HERE/.. +# Configure environment +export PAGER=cat +# Configure Ansible +cat < ansible.cfg +[defaults] +roles_path = ../ +[ssh_connection] +pipelining=True +EOF +echo "== CHECK THE ROLE/PLAYBOOK'S SYNTAX ==" +$CMD tests/test_$ODOO_INSTALL_TYPE.yml --syntax-check || exit 1 + +echo "== RUN THE ROLE/PLAYBOOK WITH ANSIBLE-PLAYBOOK ==" +$CMD tests/test_$ODOO_INSTALL_TYPE.yml --connection=local --become -e "odoo_version=$ODOO_VERSION" || exit 1 +echo "== CHECK THE SERVICE STATUS ==" +sudo -E service odoo-$ODOO_INSTALL_TYPE status || exit 1 + +echo "== RUN THE ROLE/PLAYBOOK AGAIN, CHECKING TO MAKE SURE IT'S IDEMPOTENT ==" +output_log=$ODOO_VERSION_$ODOO_INSTALL_TYPE.log +$CMD tests/test_${ODOO_INSTALL_TYPE}.yml --connection=local --become -e "odoo_version=$ODOO_VERSION" -v > $output_log || exit 1 +grep -q 'changed=0.*failed=0' $output_log \ + && (echo 'IDEMPOTENCE TEST: OK' && exit 0) \ + || (echo 'IDEMPOTENCE TEST: FAILED' && cat $output_log && exit 1) || exit 1 +echo "== CHECK THE SERVICE STATUS ==" +sudo -E service odoo-$ODOO_INSTALL_TYPE status || exit 1 + +echo "== RUN THE ROLE/PLAYBOOK AGAIN BUT CHANGE THE CONFIGURATION AND CHECK IF THE SERVICE RESTART ==" +$CMD tests/test_${ODOO_INSTALL_TYPE}_changed.yml --connection=local --become -e "odoo_version=$ODOO_VERSION" -v > $output_log || exit 1 +grep -q 'changed=2.*failed=0' $output_log \ + && (echo 'RESTART TEST: OK' && exit 0) \ + || (echo 'RESTART TEST: FAILED' && cat $output_log && exit 1) || exit 1 + +echo "== CHECK THE SERVICE STATUS ==" +sudo -E service odoo-$ODOO_INSTALL_TYPE status || exit 1 +sleep 3 && wget http://localhost:8069 | exit 1 +sudo -E service odoo-$ODOO_INSTALL_TYPE stop || exit 1 diff --git a/setup/odoo-playboook/roles/odoo/tests/test_standard.yml b/setup/odoo-playboook/roles/odoo/tests/test_standard.yml new file mode 100644 index 00000000..dc09f178 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/test_standard.yml @@ -0,0 +1,9 @@ +--- + +- hosts: localhost + become: yes + roles: + - ansible-odoo + vars: + odoo_install_type: standard + odoo_service: odoo-standard diff --git a/setup/odoo-playboook/roles/odoo/tests/test_standard_changed.yml b/setup/odoo-playboook/roles/odoo/tests/test_standard_changed.yml new file mode 100644 index 00000000..cdfbfc8e --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/test_standard_changed.yml @@ -0,0 +1,11 @@ +--- + +- hosts: localhost + become: yes + roles: + - ansible-odoo + vars: + odoo_install_type: standard + odoo_service: odoo-standard + odoo_init_env: + CHANGED_TEST: 1 diff --git a/setup/odoo-playboook/roles/odoo/tests/travis_lxd/create_container.sh b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/create_container.sh new file mode 100755 index 00000000..a2653add --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/create_container.sh @@ -0,0 +1,17 @@ +#!/bin/bash +HERE=$(dirname $(readlink -m $0)) +# Spawn a LXD container +lxc init ${IMAGE} $1 +lxc config set $1 raw.lxc "lxc.aa_allow_incomplete=1" +if [[ "$IMAGE" == 'images:debian/jessie' ]]; then + $HERE/fix_debian_jessie.sh $1; +fi +lxc start $1 && sleep 4 && lxc list +# Configure the container +lxc config set $1 environment.ODOO_VERSION $ODOO_VERSION +lxc config set $1 environment.ODOO_INSTALL_TYPE $ODOO_INSTALL_TYPE +lxc config set $1 environment.ANSIBLE_VERSION $ANSIBLE_VERSION +# Copy the project files into the container +lxc file push -r -p $HERE/../.. $1/opt/ +# Install the test environment +lxc exec $1 -- sh -c "/opt/ansible-odoo/tests/install_test_env.sh" diff --git a/setup/odoo-playboook/roles/odoo/tests/travis_lxd/fix_debian_jessie.sh b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/fix_debian_jessie.sh new file mode 100755 index 00000000..c0a660b4 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/fix_debian_jessie.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# This script fix the Debian Jessie container by replacing systemd by SysV +# +CT_DIR="/var/lib/lxd/storage-pools/default/containers/$1" +ROOTFS="$CT_DIR/rootfs" +UID_GID=$(ls -n $CT_DIR | grep rootfs | cut -d ' ' -f "3-4") +CT_UID=$(echo $UID_GID | cut -d ' ' -f1) +CT_GID=$(echo $UID_GID | cut -d ' ' -f2) +CT_UID_GID="$CT_UID:$CT_GID" +BRIDGE_IP=$(lxc network show testbr0 | grep ipv4.address | cut -d' ' -f4 | cut -d'/' -f1) +# Configure the network of the container +echo -e "nameserver $BRIDGE_IP\nsearch lxd" > $ROOTFS/etc/resolv.conf +cat $ROOTFS/etc/resolv.conf +chroot --userspec=$CT_UID_GID $ROOTFS apt-get update +chroot --userspec=$CT_UID_GID $ROOTFS apt-get install -y sysvinit-core -d +chroot $ROOTFS apt-get install -y sysvinit-core +chroot --userspec=$CT_UID_GID $ROOTFS apt-get update +chown $CT_UID_GID $ROOTFS/var/log/apt/term.log +chown $CT_UID_GID $ROOTFS/var/lib/dpkg/status +# Purge the network configuration from the container +rm $ROOTFS/etc/resolv.conf diff --git a/setup/odoo-playboook/roles/odoo/tests/travis_lxd/install.sh b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/install.sh new file mode 100755 index 00000000..0954543d --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/tests/travis_lxd/install.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Install and configure LXD on Travis-CI +add-apt-repository -y ppa:ubuntu-lxc/lxd-stable; +apt-get -qq update; +apt-get -y install lxd; +lxd init --auto +usermod -a -G lxd travis +lxc network create testbr0 +lxc network attach-profile testbr0 default eth0 +lxc network show testbr0 diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-10.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-10.yml new file mode 100644 index 00000000..9618a9a0 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-10.yml @@ -0,0 +1,83 @@ +--- + +odoo_debian_packages: + - python-dev + - python-openssl + - python-markupsafe + - python-serial + - python-usb + - python-qrcode + # Dependencies taken from the deb package + - python-babel + - python-dateutil + - python-decorator + - python-docutils + - python-feedparser + - python-gevent + - python-greenlet + - python-imaging + - python-jinja2 + - python-ldap + - python-libxslt1 + - python-lxml + - python-mako + - python-mock + - python-openid + - python-passlib + - python-psutil + - python-psycopg2 + - python-pychart + - python-pydot + - python-pyparsing + - python-pypdf + - python-reportlab + - python-requests + - python-six + - python-suds + - python-tz + - python-vatnumber + - python-vobject + - python-werkzeug + - python-xlsxwriter + - python-xlwt + - python-yaml + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-8.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-8.yml new file mode 100644 index 00000000..c6870eeb --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-8.yml @@ -0,0 +1,70 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_npm_packages: [] + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-9.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-9.yml new file mode 100644 index 00000000..37a03015 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-8_Odoo-9.yml @@ -0,0 +1,78 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_nodejs_apt_package: "nodejs=0.10*" +odoo_nodejs_apt_repo: "node_0.10" +odoo_npm_packages: + - name: less + version: 2.5.3 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-10.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-10.yml new file mode 100644 index 00000000..a51592a7 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-10.yml @@ -0,0 +1,83 @@ +--- + +odoo_debian_packages: + - python-dev + - python-openssl + - python-markupsafe + - python-serial + - python-usb + - python-qrcode + # Dependencies taken from the deb package + - python-babel + - python-dateutil + - python-decorator + - python-docutils + - python-feedparser + - python-gevent + - python-greenlet + - python-imaging + - python-jinja2 + - python-ldap + - python-libxslt1 + - python-lxml + - python-mako + - python-mock + - python-openid + - python-passlib + - python-psutil + - python-psycopg2 + - python-pychart + - python-pydot + - python-pyparsing + - python-pypdf2 + - python-reportlab + - python-requests + - python-six + - python-suds + - python-tz + - python-vatnumber + - python-vobject + - python-werkzeug + - python-xlsxwriter + - python-xlwt + - python-yaml + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-11.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-11.yml new file mode 100644 index 00000000..c0a99137 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-11.yml @@ -0,0 +1,82 @@ +--- + +odoo_debian_packages: + - python3-dev + - python3-openssl + - python3-markupsafe + # Dependencies taken from the deb package + - python3-babel + - python3-dateutil + - python3-decorator + - python3-docutils + - python3-feedparser + - python3-gevent + - python3-html2text + - python3-jinja2 + - python3-lxml + - python3-mako + - python3-mock + - python3-ofxparse + - python3-openid + - python3-passlib + - python3-pil + - python3-psutil + - python3-psycopg2 + - python3-pydot + - python3-pyldap + - python3-pyparsing + - python3-pypdf2 + - python3-qrcode + - python3-reportlab + - python3-requests + - python3-serial + - python3-suds + - python3-tz + - python3-usb + - python3-vatnumber + - python3-vobject + - python3-werkzeug + - python3-xlsxwriter + - python3-yaml + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python3-virtualenv + - build-essential + - python3-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_buildout_venv_cmd: "virtualenv --no-setuptools --python=python3 {{ odoo_buildout_venv_path }}" + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-8.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-8.yml new file mode 100644 index 00000000..1b2aa11d --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-8.yml @@ -0,0 +1,70 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf2 + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_npm_packages: [] + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-9.yml b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-9.yml new file mode 100644 index 00000000..0080f651 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Debian-9_Odoo-9.yml @@ -0,0 +1,79 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf2 + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_nodejs_apt_package: "nodejs=0.10*" +odoo_nodejs_apt_repo: "node_0.10" +odoo_nodejs_apt_dist: "jessie" +odoo_npm_packages: + - name: less + version: 2.5.3 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg62-turbo-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg62-turbo diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-10.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-10.yml new file mode 100644 index 00000000..89efcd49 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-10.yml @@ -0,0 +1,83 @@ +--- + +odoo_debian_packages: + - python-dev + - python-openssl + - python-markupsafe + - python-serial + - python-usb + - python-qrcode + # Dependencies taken from the deb package + - python-babel + - python-dateutil + - python-decorator + - python-docutils + - python-feedparser + - python-gevent + - python-greenlet + - python-imaging + - python-jinja2 + - python-ldap + - python-libxslt1 + - python-lxml + - python-mako + - python-mock + - python-openid + - python-passlib + - python-psutil + - python-psycopg2 + - python-pychart + - python-pydot + - python-pyparsing + - python-pypdf + - python-reportlab + - python-requests + - python-six + - python-suds + - python-tz + - python-vatnumber + - python-vobject + - python-werkzeug + - python-xlsxwriter + - python-xlwt + - python-yaml + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjpeg-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-8.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-8.yml new file mode 100644 index 00000000..1958b7af --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-8.yml @@ -0,0 +1,68 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjpeg-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-9.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-9.yml new file mode 100644 index 00000000..2717a339 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-14_Odoo-9.yml @@ -0,0 +1,78 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_nodejs_apt_package: "nodejs=0.10*" +odoo_nodejs_apt_repo: "node_0.10" +odoo_npm_packages: + - name: less + version: 2.5.3 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjpeg-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-10.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-10.yml new file mode 100644 index 00000000..b4e83f51 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-10.yml @@ -0,0 +1,89 @@ +--- + +odoo_debian_packages: + - python-dev + - python-openssl + - python-markupsafe + - python-serial + - python-usb + - python-qrcode + # Dependencies taken from the deb package + - python-babel + - python-dateutil + - python-decorator + - python-docutils + - python-feedparser + - python-gevent + - python-greenlet + - python-imaging + - python-jinja2 + - python-ldap + - python-libxslt1 + - python-lxml + - python-mako + - python-mock + - python-openid + - python-passlib + - python-psutil + - python-psycopg2 + - python-pychart + - python-pydot + - python-pyparsing + - python-pypdf + - python-reportlab + - python-requests + - python-six + - python-suds + - python-tz + - python-vatnumber + - python-vobject + - python-werkzeug + - python-xlsxwriter + - python-xlwt + - python-yaml + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 + +# Try Trusty's package if Xenial one is not found +odoo_wkhtmltox_urls: + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-trusty-{{ odoo_debian_arch }}.deb + - http://nightly.odoo.com/extra/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-11.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-11.yml new file mode 100644 index 00000000..2c5f1f69 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-11.yml @@ -0,0 +1,95 @@ +--- + +odoo_debian_packages: + - python3-dev + - python3-openssl + - python3-markupsafe + # Required by pyldap + - libldap2-dev + - libsasl2-dev + # Dependencies taken from the deb package + - python3-babel + - python3-dateutil + - python3-decorator + - python3-docutils + - python3-feedparser + - python3-gevent + - python3-html2text + - python3-jinja2 + - python3-lxml + - python3-mako + - python3-mock + - python3-ofxparse + - python3-openid + - python3-passlib + - python3-pil + - python3-psutil + - python3-psycopg2 + - python3-pydot + - python3-pyparsing + - python3-pypdf2 + # python3-qrcode # Not available in Ubuntu 16.04 + - python3-reportlab + - python3-requests + - python3-serial + - python3-suds + - python3-tz + - python3-usb + - python3-vatnumber + - python3-werkzeug + - python3-xlsxwriter + - python3-yaml + +odoo_pypi_packages: + - psycogreen + - qrcode + - pyldap + - vobject + +odoo_nodejs_apt_package: "nodejs=6.*" +odoo_nodejs_apt_repo: "node_6.x" +odoo_npm_packages: + - name: less + version: 2.7.2 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python3-virtualenv + - build-essential + - python3-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 + +odoo_buildout_venv_cmd: "virtualenv --no-setuptools --python=python3 {{ odoo_buildout_venv_path }}" + +# Try Trusty's package if Xenial one is not found +odoo_wkhtmltox_urls: + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-trusty-{{ odoo_debian_arch }}.deb + - http://nightly.odoo.com/extra/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-8.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-8.yml new file mode 100644 index 00000000..09860e37 --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-8.yml @@ -0,0 +1,74 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 + +# Try Trusty's package if Xenial one is not found +odoo_wkhtmltox_urls: + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-trusty-{{ odoo_debian_arch }}.deb + - http://nightly.odoo.com/extra/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb diff --git a/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-9.yml b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-9.yml new file mode 100644 index 00000000..911601ec --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/Ubuntu-16_Odoo-9.yml @@ -0,0 +1,84 @@ +--- + +odoo_debian_packages: + - python-dev + - python-psycopg2 + - python-simplejson + - python-lxml + - python-tz + - python-imaging + - python-yaml + - python-reportlab + - python-mako + - python-pychart + - python-werkzeug + - python-dateutil + - python-unittest2 + - python-mock + - python-openid + - python-docutils + - python-feedparser + - python-gdata + - python-jinja2 + - python-psutil + - python-pydot + - python-webdav + - python-vatnumber + - python-vobject + - python-xlwt + - python-ldap + - python-openssl + - python-egenix-mxdatetime + - python-zsi + - python-requests + - python-pypdf + - python-decorator + - python-passlib + - python-babel + - python-gevent + +odoo_nodejs_apt_package: "nodejs=0.10*" +odoo_nodejs_apt_repo: "node_0.10" +odoo_npm_packages: + - name: less + version: 2.5.3 + - name: less-plugin-clean-css + version: 1.5.1 + - name: phantomjs-prebuilt + version: 2.1.15 + +odoo_buildout_build_dependencies: + - python-virtualenv + - build-essential + - python-dev + - libxml2-dev + - libxslt1-dev + - libpq-dev + - libldap2-dev + - libsasl2-dev + - libopenjp2-7-dev + - libjpeg-turbo8-dev + - libtiff5-dev + - libfreetype6-dev + - liblcms2-dev + - libwebp-dev + +odoo_wkhtmltox_depends: + - fontconfig + - libfontconfig1 + - libfreetype6 + - libpng12-0 + - zlib1g + - libssl1.0.0 + - libx11-6 + - libxext6 + - libxrender1 + - libstdc++6 + - libc6 + - libjpeg-turbo8 + +# Try Trusty's package if Xenial one is not found +odoo_wkhtmltox_urls: + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-trusty-{{ odoo_debian_arch }}.deb + - http://nightly.odoo.com/extra/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb diff --git a/setup/odoo-playboook/roles/odoo/vars/main.yml b/setup/odoo-playboook/roles/odoo/vars/main.yml new file mode 100644 index 00000000..78dfe1ce --- /dev/null +++ b/setup/odoo-playboook/roles/odoo/vars/main.yml @@ -0,0 +1,32 @@ +--- + +odoo_apt_update_cache: yes +odoo_apt_cache_valid_time: 86400 + +odoo_required_tools: + - sudo + - git + - python-pip + - python-psycopg2 + +odoo_pypi_packages: + - psycogreen + +odoo_buildout_venv_cmd: "virtualenv --no-setuptools {{ odoo_buildout_venv_path }}" + +odoo_wkhtmltox_urls: + - https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/{{ odoo_wkhtmltox_version }}/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + - http://nightly.odoo.com/extra/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb + +odoo_wkhtmltox_dest: "/root/wkhtmltox-{{ odoo_wkhtmltox_version }}_linux-{{ ansible_distribution_release }}-{{ odoo_debian_arch }}.deb" + +# == NodeJS + npm == +odoo_nodejs_apt_package: "nodejs=0.10*" +odoo_nodejs_apt_repo: "node_0.10" +odoo_nodejs_apt_dist: "{{ ansible_distribution_release }}" +odoo_nodejs_apt_repositories: + - repo: "deb http://deb.nodesource.com/{{ odoo_nodejs_apt_repo }} {{ odoo_nodejs_apt_dist }} main" + state: present +odoo_nodejs_apt_keys: + - url: http://deb.nodesource.com/gpgkey/nodesource.gpg.key + state: present diff --git a/setup/odoo-playboook/roles/ssl-cert/.travis.yml b/setup/odoo-playboook/roles/ssl-cert/.travis.yml new file mode 100644 index 00000000..20fc3820 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/.travis.yml @@ -0,0 +1,17 @@ +--- +language: python +python: "2.7" +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq python-apt python-pycurl +install: + - pip install ansible +script: + - echo travis.dev > inventory + - ansible-playbook -i inventory --syntax-check --list-tasks test.yml + - ansible-playbook -i inventory --extra-vars "ssl_certs_common_name=travis.dev" --connection=local --sudo -vvvv test.yml +addons: + hosts: + - travis.dev +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/setup/odoo-playboook/roles/ssl-cert/LICENSE b/setup/odoo-playboook/roles/ssl-cert/LICENSE new file mode 100644 index 00000000..41ee2b06 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2014, DAUPHANT Julien +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, this + list of conditions and the following disclaimer in the documentation and/or + other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/setup/odoo-playboook/roles/ssl-cert/README.md b/setup/odoo-playboook/roles/ssl-cert/README.md new file mode 100644 index 00000000..189e6929 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/README.md @@ -0,0 +1,91 @@ +ansible-role-ssl-certs +====================== + +Generate and/or deploy SSL certificate + +Available on Ansible Galaxy: [jdauphant.ssl-certs](https://galaxy.ansible.com/list#/roles/3115) + +# Examples + +## Example to generate a self-signed SSL certificate + +```YAML + - hosts: all + roles: + - jdauphant.ssl-certs +``` + +This will create certificate and private key in: + +- `/etc/ssl/myserver.mydomain.com.key` +- `/etc/ssl/myserver.mydomain.com.pem` + +## Example to deploy a SSL certificate + +```YAML + - hosts: all + roles: + - role: jdauphant.ssl-certs + ssl_certs_common_name: "example.com" +``` + +The certificate has to be placed in `files/ssl/example.com.key` and `files/ssl/example.com.pem`. If +they don't exist, the key and a **self-signed** certificate will be generated at +`/etc/ssl/example.com/example.com.key` and `/etc/ssl/example.com/example.com.pem` using the provided common name. + + +## Example to deploy a SSL certificate using local key/pem files + +```YAML + - hosts: all + roles: + - role: jdauphant.ssl-certs + ssl_certs_local_privkey_path: '/path/to/example.com.key' + ssl_certs_local_cert_path: '/path/to/example.com.pem' +``` + +## Example to deploy a SSL certificate stored in variables + +An SSL certificate and key are just text that can be stored as a variable, which is useful when +using ansible vault. + +Example variable data, note how the text blob is indented. This is needed to correctly insert the +text via the template module. + +```YAML +ssl_certs_local_privkey_data: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw + Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4 + gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8= + -----END RSA PRIVATE KEY----- +ssl_certs_local_cert_data: | + -----BEGIN CERTIFICATE----- + MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV + QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2 + SEfYSaGPvfIlSuHIshno + -----END CERTIFICATE----- +``` + +Then simply include the role as in the first example. + +## Example to use this role with my Nginx role: [jdauphant.nginx](https://github.com/jdauphant/ansible-role-nginx) + +```YAML + - hosts: all + roles: + - jdauphant.ssl-certs + ssl_certs_generate_dh_param: true + - role: jdauphant.nginx + nginx_configs: + ssl: + - ssl_certificate_key {{ssl_certs_privkey_path}} + - ssl_certificate {{ssl_certs_cert_path}} + - ssl_dhparam {{ssl_certs_dhparam_path}} + nginx_sites: + default: + - listen 443 ssl + - server_name _ + - root "/usr/share/nginx/html" + - index index.html +``` diff --git a/setup/odoo-playboook/roles/ssl-cert/ansible.cfg b/setup/odoo-playboook/roles/ssl-cert/ansible.cfg new file mode 100644 index 00000000..613d83b1 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +roles_path = ../ diff --git a/setup/odoo-playboook/roles/ssl-cert/defaults/main.yml b/setup/odoo-playboook/roles/ssl-cert/defaults/main.yml new file mode 100644 index 00000000..69f46dda --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/defaults/main.yml @@ -0,0 +1,28 @@ +--- +ssl_certs_country: "AT" +ssl_certs_locality: "Linz" +ssl_certs_organization: "datenpol Gmbh" +ssl_certs_state: "Linz" +ssl_certs_common_name: "{{ansible_fqdn}}" +ssl_certs_days: "365" +ssl_certs_fields: "/C={{ssl_certs_country}}/ST={{ssl_certs_state}}/L={{ssl_certs_locality}}/O={{ssl_certs_organization}}/CN={{ssl_certs_common_name}}" + +ssl_certs_path: "/etc/ssl/{{ssl_certs_common_name}}" +ssl_certs_path_owner: "www-data" +ssl_certs_path_group: "www-data" +ssl_certs_privkey_path: "{{ssl_certs_path}}/{{ssl_certs_common_name}}.key" +ssl_certs_cert_path: "{{ssl_certs_path}}/{{ssl_certs_common_name}}.pem" +ssl_certs_csr_path: "{{ssl_certs_path}}/{{ssl_certs_common_name}}.csr" +ssl_certs_dhparam_path: "{{ssl_certs_path}}/dhparam.pem" +ssl_certs_mode: "0700" +ssl_certs_force_replace: yes + +ssl_certs_local_privkey_path: "{{ssl_certs_path}}/{{ssl_certs_common_name}}.key" +ssl_certs_local_cert_path: "{{ssl_certs_path}}/{{ssl_certs_common_name}}.pem" +ssl_certs_local_privkey_data: "" +ssl_certs_local_cert_data: "" + +ssl_certs_generate_self_signed: true +ssl_certs_key_size: "2048" +ssl_certs_generate_dh_param: false +ssl_certs_dhparam_size: "2048" diff --git a/setup/odoo-playboook/roles/ssl-cert/meta/main.yml b/setup/odoo-playboook/roles/ssl-cert/meta/main.yml new file mode 100644 index 00000000..5af4b170 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/meta/main.yml @@ -0,0 +1,103 @@ +--- +galaxy_info: + author: "Julien DAUPHANT" + license: BSD + min_ansible_version: 1.9 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + platforms: + #- name: EL + # versions: + # - all + # - 5 + # - 6 + #- name: GenericUNIX + # versions: + # - all + # - any + #- name: Fedora + # versions: + # - all + # - 16 + # - 17 + # - 18 + # - 19 + # - 20 + #- name: opensuse + # versions: + # - all + # - 12.1 + # - 12.2 + # - 12.3 + # - 13.1 + # - 13.2 + - name: GenericBSD + versions: + - all + # - any + #- name: FreeBSD + # versions: + # - all + # - 8.0 + # - 8.1 + # - 8.2 + # - 8.3 + # - 8.4 + # - 9.0 + # - 9.1 + # - 9.1 + # - 9.2 + #- name: Ubuntu + # versions: + # - all + # - lucid + # - maverick + # - natty + # - oneiric + # - precise + # - quantal + # - raring + # - saucy + # - trusty + #- name: SLES + # versions: + # - all + # - 10SP3 + # - 10SP4 + # - 11 + # - 11SP1 + # - 11SP2 + # - 11SP3 + - name: GenericLinux + versions: + - all + # - any + #- name: Debian + # versions: + # - all + # - etch + # - lenny + # - squeeze + # - wheezy + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + categories: + #- cloud + #- cloud:ec2 + #- cloud:gce + #- cloud:rax + #- database + #- database:nosql + #- database:sql + #- development + #- monitoring + #- networking + #- packaging + #- system + - web +dependencies: [] diff --git a/setup/odoo-playboook/roles/ssl-cert/tasks/generate.yml b/setup/odoo-playboook/roles/ssl-cert/tasks/generate.yml new file mode 100644 index 00000000..802c64f5 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/tasks/generate.yml @@ -0,0 +1,20 @@ +--- + - name: Generate RSA key + command: openssl genrsa -out {{ ssl_certs_privkey_path }} {{ ssl_certs_key_size }} creates={{ ssl_certs_privkey_path }} + + - name: RSA key file ownership + file: path={{ ssl_certs_privkey_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }} + + - name: Generate CSR + command: openssl req -new -sha256 -subj "{{ ssl_certs_fields }}" -key {{ ssl_certs_privkey_path }} -out {{ ssl_certs_csr_path }} creates={{ ssl_certs_csr_path }} + + - name: CSR file ownership + file: path={{ ssl_certs_csr_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }} + + - name: Generate self-signed SSL certificate + command: openssl req -nodes -x509 -sha256 -days {{ ssl_certs_days }} -in {{ ssl_certs_csr_path }} -key {{ ssl_certs_privkey_path }} -out {{ ssl_certs_cert_path }} -extensions v3_ca creates={{ ssl_certs_cert_path }} + when: ssl_certs_generate_self_signed + + - name: Self-signed SSL certificate file ownership + file: path={{ ssl_certs_cert_path }} owner={{ ssl_certs_path_owner }} group={{ ssl_certs_path_group }} mode={{ ssl_certs_mode }} + when: ssl_certs_generate_self_signed diff --git a/setup/odoo-playboook/roles/ssl-cert/tasks/main.yml b/setup/odoo-playboook/roles/ssl-cert/tasks/main.yml new file mode 100644 index 00000000..ae6da570 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/tasks/main.yml @@ -0,0 +1,45 @@ +--- + - name: Ensure OpenSSL is installed + package: name=openssl state=present + tags: [ssl-certs,packages] + + - name: Ensure ssl folder exist + file: + path: "{{ ssl_certs_path }}" + state: directory + owner: "{{ ssl_certs_path_owner }}" + group: "{{ ssl_certs_path_group }}" + mode: "{{ ssl_certs_mode }}" + tags: [ssl-certs,configuration] + + - local_action: stat path={{ ssl_certs_local_privkey_path }} + register: stat_privkey + become: no + tags: [ssl-certs,configuration] + + - local_action: stat path={{ ssl_certs_local_cert_path }} + register: stat_cert + become: no + tags: [ssl-certs,configuration] + + - name: Test if privkey file is needed + fail: msg="Privkey file {{ ssl_certs_local_privkey_path }} is missing" + when: not stat_privkey.stat.exists and stat_cert.stat.exists + tags: [ssl-certs,configuration] + + - name: Test if cert file is needed + fail: msg="Cert file {{ ssl_certs_local_cert_path }} is missing" + when: stat_privkey.stat.exists and not stat_cert.stat.exists + tags: [ssl-certs,configuration] + + - include: generate.yml + when: > + ( not stat_privkey.stat.exists and not stat_cert.stat.exists ) + and ( ssl_certs_local_privkey_data == '' and ssl_certs_local_cert_data == '' ) + tags: [ssl-certs,configuration] + + - name: Generate strong DHE parameter - https://weakdh.org/ + command: openssl dhparam -out {{ssl_certs_dhparam_path}} {{ssl_certs_dhparam_size}} creates={{ssl_certs_dhparam_path}} + when: ssl_certs_generate_dh_param + tags: [ssl-certs,configuration] + diff --git a/setup/odoo-playboook/roles/ssl-cert/test.yml b/setup/odoo-playboook/roles/ssl-cert/test.yml new file mode 100644 index 00000000..eb2cb2a2 --- /dev/null +++ b/setup/odoo-playboook/roles/ssl-cert/test.yml @@ -0,0 +1,4 @@ +- hosts: travis.dev + remote_user: root + roles: + - ansible-role-ssl-certs diff --git a/setup/odoo-playboook/ssh_keys/id_rsa_brueckl.pub b/setup/odoo-playboook/ssh_keys/id_rsa_brueckl.pub new file mode 100644 index 00000000..03febe32 --- /dev/null +++ b/setup/odoo-playboook/ssh_keys/id_rsa_brueckl.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBIg6NZV4tTs+J5qUP4/zQAn+Xi3muKqbaSDV8yYm50mH77PcLwbkZVlxdF0/OFCl5f5FCNp4Ag4Px97M35Nv+BweOTCZNMKOHmvtXY1fCRUQnk6ca3NlipImppL0U47SUzt9KkNIsz0FWxLu74LANgxKwrf8Hgim8Nkq8WrlvuoJCqf+542N15cGrf/9eD6yRm7AmdFi7VIYrP4m7TPbXJBGX+cXOo0bKTyaq8mtinbUN5UCi/eJ08wYkm/CGVxL+9cm6HOABw332A8OadAliCZBWqhFT0rBKdoWLxBbTsILALskrddpKLwBLOUIU79YeT0OfNpLCnVi8u67X9inl andreas@andreas-ThinkPad-T440s \ No newline at end of file diff --git a/setup/odoo-playboook/ssh_keys/id_rsa_wabro.pub b/setup/odoo-playboook/ssh_keys/id_rsa_wabro.pub new file mode 100644 index 00000000..47340f46 --- /dev/null +++ b/setup/odoo-playboook/ssh_keys/id_rsa_wabro.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXDiJbNVvcZARKYgRIT9xilSyPuoOh6cH9081OGQ/7dzcdqYbWDkT5hs592MeWFhMqQdL8lIZMUtFXf6nL/yKjc7HaeqCfdr/eA0CGCj0sPctrE2P5up9EUHR7Mx++XCs824eF54LoIBrPAYMf91o6JEkPA6Q4JIT9cqJM0sREVhcsnc2CE+KFTpm3DeoJCPddqWLmWcMs8qJxiC9LDxRVhqvKE2MHwwXLppJwOfxpJAShd01VzfHlaHpG13MAFDMRfJsKcMh9SbLZTag8rRAa6whlL2CEKUqp1aIRIRdeRhBnmkEtwc+bOtezGTHhZ+L6XmxQlyvwKCx3INn+IRZ dp_wabro@ThinkPad-T450s