diff --git a/roles/web-app-taiga/Development.md b/roles/web-app-taiga/Development.md deleted file mode 100644 index a996e33a..00000000 --- a/roles/web-app-taiga/Development.md +++ /dev/null @@ -1,37 +0,0 @@ -# Development Notes - -## Build front container - -```bash -docker compose up -d --force-recreate taiga-front -``` - -## Debug - -Verify front configuration: - -```bash -docker compose exec -it taiga-front cat /usr/share/nginx/html/conf.json -``` - -Verify the backend configuration: -```bash -docker compose exec -it taiga-back cat /taiga-back/settings/local.py -``` - -## Additional Configuration for plugin -```bash -# ENABLE_OPENID Plugin -ENABLE_OPENID = os.getenv('ENABLE_OPENID', 'False') == 'True' -if ENABLE_OPENID: - INSTALLED_APPS += [ - "taiga_contrib_openid_auth" - ] - OPENID_USER_URL = os.getenv('OPENID_USER_URL') - OPENID_TOKEN_URL = os.getenv('OPENID_TOKEN_URL') - OPENID_CLIENT_ID = os.getenv('OPENID_CLIENT_ID') - OPENID_CLIENT_SECRET = os.getenv('OPENID_CLIENT_SECRET') - OPENID_SCOPE = os.getenv('OPENID_SCOPE') - OPENID_FILTER = os.getenv('OPENID_FILTER') - OPENID_FILTER_FIELD = os.getenv('OPENID_FILTER_FIELD') -``` \ No newline at end of file diff --git a/roles/web-app-taiga/config/main.yml b/roles/web-app-taiga/config/main.yml index 6680bddf..7aff151c 100644 --- a/roles/web-app-taiga/config/main.yml +++ b/roles/web-app-taiga/config/main.yml @@ -19,6 +19,50 @@ docker: enabled: true taiga: version: "latest" + cpus: "1.0" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + async: + cpus: "1.0" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + front: + cpus: "0.3" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + gateway: + cpus: "0.3" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + events: + cpus: "0.3" + mem_reservation: "256m" + mem_limit: "512m" + pids_limit: 256 + async-rabbitmq: + cpus: "1.0" + mem_reservation: "1g" + mem_limit: "1.5g" + pids_limit: 512 + events-rabbitmq: + cpus: "0.5" + mem_reservation: "512m" + mem_limit: "1g" + pids_limit: 512 + manager: + cpus: "0.5" + mem_reservation: "512m" + mem_limit: "1g" + pids_limit: 256 + protected: + cpus: "0.2" + mem_reservation: "128m" + mem_limit: "256m" + pids_limit: 128 server: csp: flags: diff --git a/roles/web-app-taiga/tasks/01_administrator.yml b/roles/web-app-taiga/tasks/01_administrator.yml index d2395478..7202ce1c 100644 --- a/roles/web-app-taiga/tasks/01_administrator.yml +++ b/roles/web-app-taiga/tasks/01_administrator.yml @@ -3,7 +3,7 @@ docker compose -f {{ TAIGA_DOCKER_COMPOSE_PATH }} -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }} - run --rm taiga-manage + run --rm {{ TAIGA_MANAGER_SERVICE }} createsuperuser --noinput --username {{ TAIGA_SUPERUSER_NAME }} --email {{ TAIGA_SUPERUSER_EMAIL }} @@ -25,7 +25,7 @@ -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }} run --rm -e DJANGO_SUPERUSER_PASSWORD={{ TAIGA_SUPERUSER_PASSWORD | quote }} - taiga-manage + {{ TAIGA_MANAGER_SERVICE }} shell -c "from django.contrib.auth import get_user_model; import os; U=get_user_model(); u,created=U.objects.get_or_create(username='{{ TAIGA_SUPERUSER_NAME }}'); changed=bool(created); old=(u.email,u.is_staff,u.is_superuser,u.is_active); u.email='{{ TAIGA_SUPERUSER_EMAIL }}'; u.is_staff=True; u.is_superuser=True; u.is_active=True; changed = changed or old!=(u.email,u.is_staff,u.is_superuser,u.is_active); pwd=os.environ.get('DJANGO_SUPERUSER_PASSWORD'); assert pwd, 'Missing DJANGO_SUPERUSER_PASSWORD'; need_pwd = not u.check_password(pwd); changed = changed or need_pwd; need_pwd and u.set_password(pwd); u.save(); print('CHANGED=1' if changed else 'CHANGED=0')" args: diff --git a/roles/web-app-taiga/templates/docker-compose-inits.yml.j2 b/roles/web-app-taiga/templates/docker-compose-inits.yml.j2 index a5db2c00..725081f6 100644 --- a/roles/web-app-taiga/templates/docker-compose-inits.yml.j2 +++ b/roles/web-app-taiga/templates/docker-compose-inits.yml.j2 @@ -1,5 +1,7 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - taiga-manage: +{% set service_name = TAIGA_MANAGER_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} {% include 'roles/docker-container/templates/base.yml.j2' %} image: taigaio/taiga-back:latest environment: @@ -8,8 +10,8 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} entrypoint: "python manage.py" volumes: - - static-data:/taiga-back/static - - media-data:/taiga-back/media + - static-data:{{ TAIGA_VOLUME_STATIC }} + - media-data:{{ TAIGA_VOLUME_MEDIA }} # - ./config.py:/taiga-back/settings/config.py {% include 'roles/docker-compose/templates/networks.yml.j2' %} taiga: diff --git a/roles/web-app-taiga/templates/docker-compose.yml.j2 b/roles/web-app-taiga/templates/docker-compose.yml.j2 index 40f8b4d3..0fb58825 100644 --- a/roles/web-app-taiga/templates/docker-compose.yml.j2 +++ b/roles/web-app-taiga/templates/docker-compose.yml.j2 @@ -1,81 +1,76 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - taiga-back: +{% set service_name = TAIGA_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }} {% include 'roles/docker-container/templates/base.yml.j2' %} image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}" volumes: # These volumens will be used by taiga-back and taiga-async. - - static-data:/taiga-back/static - - media-data:/taiga-back/media + - static-data:{{ TAIGA_VOLUME_STATIC }} + - media-data:{{ TAIGA_VOLUME_MEDIA }} # - ./config.py:/taiga-back/settings/config.py - -{% if TAIGA_TAIGAIO_ENABLED %} - +{% if TAIGA_TAIGAIO_ENABLED | bool %} - {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro - {% endif %} - {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %} - taiga-events-rabbitmq: + {{ TAIGA_EVENTS_RABBITMQ_SERVICE }}: condition: service_started - taiga-async-rabbitmq: + {{ TAIGA_ASYNC_RABBITMQ_SERVICE }}: condition: service_started -{% if TAIGA_TAIGAIO_ENABLED %} - +{% if TAIGA_TAIGAIO_ENABLED | bool %} command: > /bin/sh -c " pip install taiga-contrib-oidc-auth && /taiga-back/docker/entrypoint.sh" - {% endif %} - - taiga-async: +{% set service_name = TAIGA_ASYNC_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} {% include 'roles/docker-container/templates/base.yml.j2' %} image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}" entrypoint: ["/taiga-back/docker/async_entrypoint.sh"] volumes: - # These volumens will be used by taiga-back and taiga-async. - - static-data:/taiga-back/static - - media-data:/taiga-back/media + # These volumens will be used by backend and async service + - static-data:{{ TAIGA_VOLUME_STATIC }} + - media-data:{{ TAIGA_VOLUME_MEDIA }} # - ./config.py:/taiga-back/settings/config.py - -{% if TAIGA_TAIGAIO_ENABLED %} - +{% if TAIGA_TAIGAIO_ENABLED | bool %} {% for item in TAIGA_SETTING_FILES %} - {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro {% endfor %} - {% endif %} - {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %} - taiga-events-rabbitmq: + {{ TAIGA_EVENTS_RABBITMQ_SERVICE }}: condition: service_started - taiga-async-rabbitmq: + {{ TAIGA_ASYNC_RABBITMQ_SERVICE }}: condition: service_started -{% if TAIGA_TAIGAIO_ENABLED %} - +{% if TAIGA_TAIGAIO_ENABLED | bool %} command: > /bin/sh -c " pip install taiga-contrib-oidc-auth && /taiga-back/docker/entrypoint.sh" - {% endif %} - taiga-async-rabbitmq: +{% set service_name = TAIGA_ASYNC_RABBITMQ_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: rabbitmq:3.8-management-alpine - hostname: "taiga-async-rabbitmq" + hostname: "{{ TAIGA_ASYNC_RABBITMQ_SERVICE }}" volumes: - async-rabbitmq-data:/var/lib/rabbitmq {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: - taiga-front: +{% set service_name = TAIGA_FRONT_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: "{{TAIGA_DOCKER_IMAGE_FRONTEND}}:{{ TAIGA_VERSION }}" {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} @@ -83,18 +78,22 @@ # volumes: # - {{ TAIGA_FRONTEND_CONF_PATH }}:/usr/share/nginx/html/conf.json:ro - taiga-events: +{% set service_name = TAIGA_EVENTS_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: taigaio/taiga-events:latest {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: depends_on: - taiga-events-rabbitmq: + {{ TAIGA_EVENTS_RABBITMQ_SERVICE }}: condition: service_started - taiga-events-rabbitmq: +{% set service_name = TAIGA_EVENTS_RABBITMQ_SERVICE %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: rabbitmq:3.8-management-alpine - hostname: "events-rabbitmq" + hostname: {{ service_name }} volumes: - events-rabbitmq-data:/var/lib/rabbitmq {% include 'roles/docker-container/templates/base.yml.j2' %} @@ -102,14 +101,18 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: - taiga-protected: +{% set service_name = 'protected' %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: taigaio/taiga-protected:latest {% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: - taiga-gateway: +{% set service_name = 'gateway' %} + {{ service_name }}: + container_name: {{ TAIGA_CONTAINER }}-{{ service_name }} image: nginx:alpine ports: - "127.0.0.1:{{ ports.localhost.http[application_id] }}:80" @@ -122,10 +125,9 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} taiga: depends_on: - - taiga-front - - taiga-back - - taiga-events - + - {{ TAIGA_FRONT_SERVICE }} + - {{ TAIGA_SERVICE }} + - {{ TAIGA_EVENTS_SERVICE }} {% include 'roles/docker-compose/templates/volumes.yml.j2' %} static-data: media-data: diff --git a/roles/web-app-taiga/vars/main.yml b/roles/web-app-taiga/vars/main.yml index 4f742087..6f23ed8b 100644 --- a/roles/web-app-taiga/vars/main.yml +++ b/roles/web-app-taiga/vars/main.yml @@ -1,27 +1,51 @@ -# General -application_id: "web-app-taiga" -database_type: "postgres" -js_application_name: "Taiga" +# General +application_id: "web-app-taiga" +database_type: "postgres" +js_application_name: "Taiga" +entity_name: "{{ application_id | get_entity_name }}" # Docker -docker_repository_address: "https://github.com/taigaio/taiga-docker" -docker_pull_git_repository: true +docker_repository_address: "https://github.com/taigaio/taiga-docker" +docker_pull_git_repository: true # Taiga + +## General +TAIGA_EMAIL_BACKEND: "{{ 'smtp' if SYSTEM_EMAIL.SMTP else 'console' }}" ## use an SMTP server or display the emails in the console (either "smtp" or "console") + +## User +TAIGA_SUPERUSER_NAME: "{{ users.administrator.username }}" +TAIGA_SUPERUSER_PASSWORD: "{{ users.administrator.password }}" +TAIGA_SUPERUSER_EMAIL: "{{ users.administrator.email }}" + +## OIDC TAIGA_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" TAIGA_OIDC_FLAVOR: "{{ applications | get_app_conf(application_id, 'oidc.flavor') }}" TAIGA_FLAVOR_ROBROTHERAM: "{{ TAIGA_OIDC_FLAVOR == 'robrotheram' }}" TAIGA_ROBROTHERAM_ENABLED: "{{ TAIGA_OIDC_ENABLED and TAIGA_FLAVOR_ROBROTHERAM }}" TAIGA_FLAVOR_TAIGAIO: "{{ TAIGA_OIDC_FLAVOR == 'taigaio' }}" TAIGA_TAIGAIO_ENABLED: "{{ TAIGA_OIDC_ENABLED and TAIGA_FLAVOR_TAIGAIO }}" -TAIGA_EMAIL_BACKEND: "{{ 'smtp' if SYSTEM_EMAIL.SMTP else 'console' }}" ## use an SMTP server or display the emails in the console (either "smtp" or "console") + +## Docker TAIGA_DOCKER_COMPOSE_INIT_PATH: "{{ [ docker_compose.directories.instance,'docker-compose-inits.yml' ] | path_join }}" TAIGA_DOCKER_COMPOSE_PATH: "{{ [ docker_compose.directories.instance,'docker-compose.yml' ] | path_join }}" TAIGA_DOCKER_IMAGE_BACKEND: "{{ 'robrotheram/taiga-back-openid' if TAIGA_ROBROTHERAM_ENABLED else 'taigaio/taiga-back' }}" TAIGA_DOCKER_IMAGE_FRONTEND: "{{ 'robrotheram/taiga-front-openid' if TAIGA_ROBROTHERAM_ENABLED else 'taigaio/taiga-front' }}" TAIGA_FRONTEND_CONF_PATH: "{{ [ docker_compose.directories.config,'conf.json' ] | path_join }}" TAIGA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.taiga.version') }}" -TAIGA_SUPERUSER_NAME: "{{ users.administrator.username }}" -TAIGA_SUPERUSER_PASSWORD: "{{ users.administrator.password }}" -TAIGA_SUPERUSER_EMAIL: "{{ users.administrator.email }}" + +### Backend +TAIGA_SERVICE: "{{ entity_name }}" +TAIGA_CONTAINER: "{{ entity_name }}" +TAIGA_VOLUME_MEDIA: "/taiga-back/media" +TAIGA_VOLUME_STATIC: "/taiga-back/static" + +## Services +TAIGA_MANAGER_SERVICE: "manager" +TAIGA_ASYNC_SERVICE: "async" +TAIGA_ASYNC_RABBITMQ_SERVICE: "async-rabbitmq" +TAIGA_EVENTS_RABBITMQ_SERVICE: "events-rabbitmq" +TAIGA_FRONT_SERVICE: "front" +TAIGA_EVENTS_SERVICE: "events" + TAIGA_SETTING_FILES: ['urls','local']