kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
roles/web-app-openproject/tasks/ldap.yml Normal file
View File

@@ -0,0 +1,111 @@
- name: Load LDAP configuration variables
include_vars:
file: "ldap.yml"
- name: Check if LDAP source exists
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: "SELECT id FROM ldap_auth_sources WHERE name = '{{ openproject_ldap.name }}' LIMIT 1;"
register: ldap_check
- name: Update existing LDAP auth source
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: >
UPDATE ldap_auth_sources SET
host = '{{ openproject_ldap.host }}',
port = {{ openproject_ldap.port }},
account = '{{ openproject_ldap.account }}',
account_password = '{{ openproject_ldap.account_password }}',
base_dn = '{{ openproject_ldap.base_dn }}',
attr_login = '{{ openproject_ldap.attr_login }}',
attr_firstname = '{{ openproject_ldap.attr_firstname }}',
attr_lastname = '{{ openproject_ldap.attr_lastname }}',
attr_mail = '{{ openproject_ldap.attr_mail }}',
onthefly_register = {{ openproject_ldap.onthefly_register }},
attr_admin = '{{ openproject_ldap.attr_admin }}',
updated_at = NOW(),
tls_mode = {{ openproject_ldap.tls_mode }},
filter_string = '{{ openproject_ldap.filter_string }}',
verify_peer = {{ openproject_ldap.verify_peer }},
tls_certificate_string = '{{ openproject_ldap.tls_certificate_string }}'
WHERE name = '{{ openproject_ldap.name }}';
when: ldap_check.query_result | length > 0
- name: Create new LDAP auth source
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: >
INSERT INTO ldap_auth_sources
(name, host, port, account, account_password, base_dn, attr_login,
attr_firstname, attr_lastname, attr_mail, onthefly_register, attr_admin,
created_at, updated_at, tls_mode, filter_string, verify_peer, tls_certificate_string)
VALUES (
'{{ openproject_ldap.name }}',
'{{ openproject_ldap.host }}',
{{ openproject_ldap.port }},
'{{ openproject_ldap.account }}',
'{{ openproject_ldap.account_password }}',
'{{ openproject_ldap.base_dn }}',
'{{ openproject_ldap.attr_login }}',
'{{ openproject_ldap.attr_firstname }}',
'{{ openproject_ldap.attr_lastname }}',
'{{ openproject_ldap.attr_mail }}',
{{ openproject_ldap.onthefly_register }},
'{{ openproject_ldap.attr_admin }}',
NOW(),
NOW(),
{{ openproject_ldap.tls_mode }},
'{{ openproject_ldap.filter_string }}',
{{ openproject_ldap.verify_peer }},
'{{ openproject_ldap.tls_certificate_string }}'
);
when: ldap_check.query_result | length == 0
- name: Show all LDAP sources (debug)
community.postgresql.postgresql_query:
db: "{{ database_name }}"
login_user: "{{ database_username }}"
login_password: "{{ database_password }}"
login_host: "127.0.0.1"
login_port: "{{ database_port }}"
query: "SELECT id, name FROM ldap_auth_sources"
register: ldap_entries
when: enable_debug | bool
- name: Debug LDAP entries
debug:
var: ldap_entries
when: enable_debug | bool
# This works just after the first admin login
# @todo Remove and replace trough LDAP RBAC group
- name: Set LDAP user as admin via OpenProject Rails runner
shell: >
docker compose exec web bash -c "
cd /app &&
RAILS_ENV={{ CYMAIS_ENVIRONMENT | lower }} bundle exec rails runner \"
user = User.find_by(mail: '{{ users.administrator.email }}');
if user.nil?;
puts 'User with email {{ users.administrator.email }} not found.';
else;
user.admin = true;
user.save!;
puts 'User \#{user.login} is now an admin.';
end
\"
"
args:
chdir: "{{ docker_compose.directories.instance }}"

45
roles/web-app-openproject/tasks/main.yml Normal file
View File

@@ -0,0 +1,45 @@
---
- name: "include service-rdbms-central"
include_role:
name: service-rdbms-central
- name: "include role webserver-proxy-domain for {{application_id}}"
include_role:
name: webserver-proxy-domain
vars:
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Create {{openproject_plugins_folder}}"
file:
path: "{{openproject_plugins_folder}}"
state: directory
mode: '0755'
- name: "Transfering Gemfile.plugins to {{openproject_plugins_folder}}"
copy:
src: Gemfile.plugins
dest: "{{openproject_plugins_folder}}Gemfile.plugins"
notify:
- docker compose up
- name: "create {{dummy_volume}}"
file:
path: "{{dummy_volume}}"
state: directory
mode: 0755
- name: flush docker service
meta: flush_handlers
- name: Set settings in OpenProject
shell: >
docker compose exec web bash -c "cd /app &&
RAILS_ENV={{ CYMAIS_ENVIRONMENT | lower }} bundle exec rails runner \"Setting[:{{ item.key }}] = '{{ item.value }}'\""
args:
chdir: "{{ docker_compose.directories.instance }}"
loop: "{{ openproject_rails_settings | dict2items }}"
- name: Setup LDAP
include_tasks: ldap.yml
when: applications[application_id].features.ldap | bool