diff --git a/files/watchers-limit.diff b/files/watchers-limit.diff new file mode 100644 index 0000000..b358760 --- /dev/null +++ b/files/watchers-limit.diff @@ -0,0 +1,11 @@ +--- app/controllers/watchers_controller.rb.orig 2023-08-10 13:02:04.000143881 +0200 ++++ app/controllers/watchers_controller.rb 2023-08-10 13:03:51.019685745 +0200 +@@ -136,7 +136,7 @@ + scope = nil + if params[:q].blank? + if @project.present? +- scope = @project.principals.assignable_watchers ++ scope = @project.principals.assignable_watchers.limit(100) + elsif @projects.present? && @projects.size > 1 + scope = Principal.joins(:members).where(:members => { :project_id => @projects }).assignable_watchers.distinct + end diff --git a/tasks/redmine.yml b/tasks/redmine.yml index 1e39fb6..abac1c7 100644 --- a/tasks/redmine.yml +++ b/tasks/redmine.yml @@ -1,218 +1,231 @@ --- -- block: - - name: Fail if the redmine data directory variable is not defined - fail: msg="redmine_glob_root_dir is required for this role" - when: redmine_glob_root_dir is not defined - - - name: ensure that the redmine data directories exist - file: dest={{ item }} state=directory owner=root group=root - with_items: - - '{{ redmine_glob_root_dir }}' - - '{{ redmine_glob_users_home_base }}' - - - name: Create the user that will run the redmine process - user: - name: '{{ redmine_user }}' - createhome: true - home: '{{ redmine_user_home }}' - shell: '/usr/bin/nologin' - system: yes - when: redmine_create_application_user - - - name: Ensure that the redmine user can write its $HOME/.subversion to store the svn site ssl certificate - file: dest={{ redmine_user_home }}/.subversion state=directory owner={{ redmine_user }} group={{ redmine_group }} - - - name: Get the redmine {{ redmine_version }} tarball - get_url: url={{ redmine_download_url }}/redmine-{{ redmine_version }}.tar.gz dest={{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}.tar.gz - when: not redmine_install_from_subversion - - - name: Unarchive the redmine {{ redmine_version }} archive - unarchive: - src: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}.tar.gz' - dest: '{{ redmine_glob_root_dir }}' - copy: no - owner: root - group: root - creates: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}/Rakefile' - register: redmine_install - when: not redmine_install_from_subversion - - - name: Create the right path for the application when installing using the tar file - file: src={{ redmine_glob_root_dir }}/redmine-{{ redmine_version }} dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }} state=link - when: not redmine_install_from_subversion - - - name: Install the subversion packages - become_user: root - apt: - pkg: subversion - state: present - cache_valid_time: 1800 - when: redmine_install_from_subversion - - - name: Download redmine {{ redmine_version }} from subversion - subversion: - repo: '{{ redmine_subversion_url }}/{{ redmine_major_version }}.{{ redmine_minor_version }}-stable' - dest: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_major_version }}.{{ redmine_minor_version }}' - checkout: yes - force: yes - update: yes - when: redmine_install_from_subversion - - - name: Create the right path for the application when installing from subversion - file: - src: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_major_version }}.{{ redmine_minor_version }}' - dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}' - state: link - when: redmine_install_from_subversion - - - name: Create the prefix directory that will store static files - file: - dest: '{{ redmine_storage_path_prefix }}' - state: directory - owner: '{{ redmine_user }}' - group: '{{ redmine_group }}' - recurse: yes - when: redmine_storage_path_prefix is defined - - - name: Create the directory that will store the static files, if not nfs - file: - dest: '{{ redmine_storage_path }}' - state: directory - owner: '{{ redmine_user }}' - group: '{{ redmine_group }}' - recurse: yes - when: - - redmine_storage_path is defined - - autofs_client_mountpoint is defined and not autofs_client_mountpoint - - - name: Link the logs directory under /var/log - file: - src: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log' - dest: /var/log/redmine - state: link - - - name: Install the database configuration - template: - src: redmine-database.yml.j2 - dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/database.yml' - owner: root - group: '{{ redmine_group }}' - mode: '0440' - notify: - - Reload unicorn when needed - - - name: Install the configuration file. Needed to send email - template: - src: redmine-configuration.yml.j2 - dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/configuration.yml' - owner: root - group: '{{ redmine_group }}' - mode: '0440' - notify: - - Reload unicorn when needed - - - name: Install the additional environment file - template: - src: redmine_additional_environment.rb.j2 - dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/additional_environment.rb' - owner: root - group: '{{ redmine_group }}' - mode: 0440 - notify: Bundle install - tags: [ 'redmine', 'redmine_additional_env' ] - - - name: Install the config content security policy file - template: - src: redmine_csp.rb.j2 - dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/csp.rb' - owner: root - group: '{{ redmine_group }}' - mode: 0440 - notify: Reload unicorn - tags: [ 'redmine', 'redmine_additional_env' ] - - - name: Install the gems required by redmine - shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; bundle install --without development test sqlite mysql && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}_gems_installed - args: - creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}_gems_installed' - - - name: Generate the secret token - shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; rake generate_secret_token ; chmod 440 {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb ; chgrp {{ redmine_group }} {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb - args: - creates: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb' - when: redmine_secret_token is not defined - - - name: Install the master key - copy: - content: '{{ redmine_master_key }}' - dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/master.key' - owner: root - group: '{{ redmine_group }}' - mode: '0440' - - - name: Initialize the DB - shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; RAILS_ENV=production rake db:migrate && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_initialized - args: - creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_initialized' - when: redmine_load_balanced_main_instance - tags: [ 'redmine', 'redmine_db_init' ] - - - name: Install the defauld DB data - shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; RAILS_ENV=production REDMINE_LANG=en rake redmine:load_default_data && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_data_loaded - args: - creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_data_loaded' - when: redmine_load_balanced_main_instance - tags: [ 'redmine', 'redmine_db_init' ] - - - name: Install the packages needed by plugins or to build plugins required gems - apt: pkg=libxslt1-dev state=present cache_valid_time=1800 - - - name: Add unicorn to the redmine Gemfile - template: - src: Gemfile.local.j2 - dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local' - owner: '{{ redmine_user }}' - group: '{{ redmine_group }}' - when: ruby_use_unicorn - notify: Bundle install - tags: [ 'redmine', 'unicorn', 'redmine_additional_gems' ] - - - name: Upgrade rake to fix all the gems mess - shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; bundle update rake - - - name: Fix the permission of some files - file: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/{{ item }} owner={{ redmine_user }} group={{ redmine_group }} - with_items: - - Gemfile - - Gemfile.lock - - - name: Ensure that redmine can write into some directories - file: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/{{ item }} state=directory owner={{ redmine_user }} group={{ redmine_group }} recurse=yes - with_items: - - files - - log - - tmp - - public/plugin_assets - - - name: Install a logrotate script to take care of the ever growing production.log file - template: src=redmine-logrotate.j2 dest=/etc/logrotate.d/redmine-{{ redmine_inst_name }} owner=root group=root mode=0444 - tags: [ 'redmine', 'logrotate' ] - +- name: redmine | Installation tags: [redmine] + block: + - name: redmine | Fail if the redmine data directory variable is not defined + fail: msg="redmine_glob_root_dir is required for this role" + when: redmine_glob_root_dir is not defined -- block: - - name: Install a script that syncs the email to redmine reading from a imap account - template: src=redmine-imap-sync.j2 dest=/usr/local/bin/redmine-imap-sync owner=root group={{ redmine_user }} mode=0750 + - name: redmine | Ensure that the redmine data directories exist + file: dest={{ item }} state=directory owner=root group=root + with_items: + - '{{ redmine_glob_root_dir }}' + - '{{ redmine_glob_users_home_base }}' - - name: Install a cron job that configures the task that reads emails via imap - cron: - cron_file: redmine-email-sync - disabled: no - job: '/usr/local/bin/redmine-imap-sync' - user: '{{ redmine_user }}' - minute: '*/10' - name: 'Redmine update tasks by email' - state: present + - name: redmine | Create the user that will run the redmine process + user: + name: '{{ redmine_user }}' + createhome: true + home: '{{ redmine_user_home }}' + shell: '/usr/bin/nologin' + system: yes + when: redmine_create_application_user + - name: redmine | Ensure that the redmine user can write its $HOME/.subversion to store the svn site ssl certificate + file: dest={{ redmine_user_home }}/.subversion state=directory owner={{ redmine_user }} group={{ redmine_group }} + + - name: redmine | Get the redmine {{ redmine_version }} tarball + get_url: url={{ redmine_download_url }}/redmine-{{ redmine_version }}.tar.gz dest={{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}.tar.gz + when: not redmine_install_from_subversion + + - name: redmine | Unarchive the redmine {{ redmine_version }} archive + unarchive: + src: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}.tar.gz' + dest: '{{ redmine_glob_root_dir }}' + copy: no + owner: root + group: root + creates: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_version }}/Rakefile' + register: redmine_install + when: not redmine_install_from_subversion + + - name: redmine | Create the right path for the application when installing using the tar file + file: src={{ redmine_glob_root_dir }}/redmine-{{ redmine_version }} dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }} state=link + when: not redmine_install_from_subversion + + - name: redmine | Install the subversion packages + become_user: root + apt: + pkg: subversion + state: present + cache_valid_time: 1800 + when: redmine_install_from_subversion + + - name: redmine | Download redmine {{ redmine_version }} from subversion + subversion: + repo: '{{ redmine_subversion_url }}/{{ redmine_major_version }}.{{ redmine_minor_version }}-stable' + dest: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_major_version }}.{{ redmine_minor_version }}' + checkout: yes + force: yes + update: yes + when: redmine_install_from_subversion + + - name: redmine | Create the right path for the application when installing from subversion + file: + src: '{{ redmine_glob_root_dir }}/redmine-{{ redmine_major_version }}.{{ redmine_minor_version }}' + dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}' + state: link + when: redmine_install_from_subversion + + - name: redmine | Create the prefix directory that will store static files + file: + dest: '{{ redmine_storage_path_prefix }}' + state: directory + owner: '{{ redmine_user }}' + group: '{{ redmine_group }}' + recurse: yes + when: redmine_storage_path_prefix is defined + + - name: redmine | Create the directory that will store the static files, if not nfs + file: + dest: '{{ redmine_storage_path }}' + state: directory + owner: '{{ redmine_user }}' + group: '{{ redmine_group }}' + recurse: yes + when: + - redmine_storage_path is defined + - autofs_client_mountpoint is defined and not autofs_client_mountpoint + + - name: redmine | Link the logs directory under /var/log + file: + src: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log' + dest: /var/log/redmine + state: link + + - name: redmine | Install the database configuration + template: + src: redmine-database.yml.j2 + dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/database.yml' + owner: root + group: '{{ redmine_group }}' + mode: '0440' + notify: + - Reload unicorn when needed + + - name: redmine | Install the configuration file. Needed to send email + template: + src: redmine-configuration.yml.j2 + dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/configuration.yml' + owner: root + group: '{{ redmine_group }}' + mode: '0440' + notify: + - Reload unicorn when needed + + - name: redmine | Install the additional environment file + template: + src: redmine_additional_environment.rb.j2 + dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/additional_environment.rb' + owner: root + group: '{{ redmine_group }}' + mode: 0440 + notify: Bundle install + tags: [ 'redmine', 'redmine_additional_env' ] + + - name: redmine | Install the config content security policy file + template: + src: redmine_csp.rb.j2 + dest: '/{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/csp.rb' + owner: root + group: '{{ redmine_group }}' + mode: 0440 + notify: Reload unicorn + tags: [ 'redmine', 'redmine_additional_env' ] + + - name: redmine | Install the gems required by redmine + shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; bundle install --without development test sqlite mysql && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}_gems_installed + args: + creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}_gems_installed' + + - name: redmine | Generate the secret token + shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; rake generate_secret_token ; chmod 440 {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb ; chgrp {{ redmine_group }} {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb + args: + creates: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/secret_token.rb' + when: redmine_secret_token is not defined + + - name: redmine | Install the master key + copy: + content: '{{ redmine_master_key }}' + dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/master.key' + owner: root + group: '{{ redmine_group }}' + mode: '0440' + + - name: redmine | Initialize the DB + shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; RAILS_ENV=production rake db:migrate && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_initialized + args: + creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_initialized' + when: redmine_load_balanced_main_instance + tags: [ 'redmine', 'redmine_db_init' ] + + - name: redmine | Install the defauld DB data + shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; RAILS_ENV=production REDMINE_LANG=en rake redmine:load_default_data && touch {{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_data_loaded + args: + creates: '{{ redmine_glob_root_dir }}/.{{ redmine_inst_dir }}.db_data_loaded' + when: redmine_load_balanced_main_instance + tags: [ 'redmine', 'redmine_db_init' ] + + - name: redmine | Install the packages needed by plugins or to build plugins required gems + apt: pkg=libxslt1-dev state=present cache_valid_time=1800 + + - name: redmine | Add unicorn to the redmine Gemfile + template: + src: Gemfile.local.j2 + dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local' + owner: '{{ redmine_user }}' + group: '{{ redmine_group }}' + when: ruby_use_unicorn + notify: Bundle install + tags: [ 'redmine', 'unicorn', 'redmine_additional_gems' ] + + - name: redmine | Upgrade rake to fix all the gems mess + shell: cd {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}; bundle update rake + + - name: redmine | Fix the permission of some files + file: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/{{ item }} owner={{ redmine_user }} group={{ redmine_group }} + with_items: + - Gemfile + - Gemfile.lock + + - name: redmine | Ensure that redmine can write into some directories + file: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/{{ item }} state=directory owner={{ redmine_user }} group={{ redmine_group }} recurse=yes + with_items: + - files + - log + - tmp + - public/plugin_assets + + - name: redmine | Install a logrotate script to take care of the ever growing production.log file + template: src=redmine-logrotate.j2 dest=/etc/logrotate.d/redmine-{{ redmine_inst_name }} owner=root group=root mode=0444 + tags: [ 'redmine', 'logrotate' ] + +- name: redmine | Patches to the code + tags: ['redmine', 'redmine_patches'] + block: + - name: redmine | Patch limit the watchers list + ansible.posix.patch: + src: watchers-limit.diff + basedir: "{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}" + state: present + remote_src: false + strip: 0 + backup: false + binary: false + +- name: redmine | Redmine imap sync when: redmine_imap_sync | bool tags: [ 'redmine', 'redmine_imap' ] + block: + - name: redmine | Install a script that syncs the email to redmine reading from a imap account + template: src=redmine-imap-sync.j2 dest=/usr/local/bin/redmine-imap-sync owner=root group={{ redmine_user }} mode=0750 + + - name: redmine | Install a cron job that configures the task that reads emails via imap + cron: + cron_file: redmine-email-sync + disabled: no + job: '/usr/local/bin/redmine-imap-sync' + user: '{{ redmine_user }}' + minute: '*/10' + name: 'Redmine update tasks by email' + state: present