Role that installs the onlyoffice portal service.

2019-03-21 22:49:58 +01:00 · 2019-03-21 22:49:58 +01:00 · 105fc0bcfc
parent 2399031c92
commit 105fc0bcfc
5 changed files with 85 additions and 0 deletions
--- a/onlyoffice_portal/defaults/main.yml
+++ b/onlyoffice_portal/defaults/main.yml
@ -0,0 +1,6 @@
+---
+onlyoffice_deb_repo_key: CB2DE8E5
+onlyoffice_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_deb_packages: onlyoffice-communityserver
+onlyoffice_letsencrypt_managed: True
--- a/onlyoffice_portal/meta/main.yml
+++ b/onlyoffice_portal/meta/main.yml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+  - { role: '../../library/roles/mono' }
--- a/onlyoffice_portal/tasks/main.yml
+++ b/onlyoffice_portal/tasks/main.yml
@ -0,0 +1,35 @@
+---
+- block:
+  - name: Install the deb OnlyOffice repository key
+    apt_key:
+      keyserver: {{ onlyoffice_deb_repo_key_server }}
+      id: {{ onlyoffice_deb_repo_key }}
+
+  - name: Install the deb Mono repository
+    apt_repository:
+      repo: '{{ onlyoffice_deb_repo }}'
+      state: present
+      update_cache: yes
+
+  - name: Install the Mono packages on Deb based distributions
+    apt: name={{ onlyoffice_deb_packages }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: onlyoffice
+
+- block:
+  - name: Install a letsencrypt acme hook
+    template: src=onlyoffice-letsencrypt.sh dest=/usr/lib/acme/hooks/onlyoffice owner=root group=root mode=4555
+
+  - name: Run the letsencrypt acme hook if the certificates are not in place
+    shell: /usr/lib/acme/hooks/onlyoffice
+    args:
+      creates: /var/www/onlyoffice/Data/certs/onlyoffice.key
+    register: initialize_onlyoffice_https
+
+  - name: Reconfigure the OnlyOffice service for https
+    shell: /var/www/onlyoffice/Tools/default-onlyoffice-ssl.sh
+    when: initialize_onlyoffice_https is changed
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: [ 'onlyoffic', 'letsencrypt' ]
--- a/onlyoffice_portal/templates/onlyoffice-letsencrypt.sh
+++ b/onlyoffice_portal/templates/onlyoffice-letsencrypt.sh
@ -0,0 +1,36 @@
+#!/bin/bash
+
+LE_CERTS_DIR="{{ letsencrypt_acme_certs_dir }}"
+LE_LOG_DIR=/var/log/letsencrypt
+LE_LOG_FILE=$LE_LOG_DIR/onlyoffice.log
+onlyoffice_certdir=/var/www/onlyoffice/Data/certs
+
+DATE=$( date )
+
+[ ! -d "$onlyoffice_certdir" ] && mkdir -p "$onlyoffice_certdir"
+[ ! -d "$LE_LOG_DIR" ] && mkdir "$LE_LOG_DIR"
+echo "$DATE" >> "$LE_LOG_DIR/postgresql.log"
+
+if [ -f /etc/default/letsencrypt ] ; then
+    . /etc/default/letsencrypt
+else
+    echo "No letsencrypt default file" >> $LE_LOG_FILE
+fi
+
+echo "Copy the key file" >> $LE_LOG_FILE
+cp "${LE_CERTS_DIR}/privkey"  $onlyoffice_certdir/onlyoffice.key
+chmod 400 $onlyoffice_certdir/onlyoffice.key
+chown root:root $onlyoffice_certdir/onlyoffice.key
+cp "${LE_CERTS_DIR}/cert"  $onlyoffice_certdir/onlyoffice.crt
+chmod 400 $onlyoffice_certdir/onlyoffice.crt
+chown root:root $onlyoffice_certdir/onlyoffice.crt
+
+echo "Restart the onlyoffice service" >> $LE_LOG_FILE
+if [ -x /bin/systemctl ] ; then
+    systemctl reload nginx >> $LE_LOG_FILE 2>&1
+else
+    service nginx reload >> $LE_LOG_FILE 2>&1
+fi
+echo "Done." >> $LE_LOG_FILE
+
+exit 0
--- a/onlyoffice_portal/vars/main.yml
+++ b/onlyoffice_portal/vars/main.yml
@ -0,0 +1,4 @@
+---
+letsencrypt_acme_install: True
+http_port: 80
+https_port: 443