diff --git a/roles/web-app-taiga/tasks/01_administrator.yml b/roles/web-app-taiga/tasks/01_administrator.yml new file mode 100644 index 00000000..d2395478 --- /dev/null +++ b/roles/web-app-taiga/tasks/01_administrator.yml @@ -0,0 +1,38 @@ +- name: "Create Taiga admin user (idempotent)" + command: > + docker compose + -f {{ TAIGA_DOCKER_COMPOSE_PATH }} + -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }} + run --rm taiga-manage + createsuperuser --noinput + --username {{ TAIGA_SUPERUSER_NAME }} + --email {{ TAIGA_SUPERUSER_EMAIL }} + args: + chdir: "{{ docker_compose.directories.instance }}" + register: taiga_create_admin + changed_when: taiga_create_admin.rc == 0 + failed_when: > + taiga_create_admin.rc != 0 and + ('already taken' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and + ('already exists' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and + ('integrityerror' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) + no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" + +- name: "Upsert Taiga admin via manage.py shell" + command: > + docker compose + -f {{ TAIGA_DOCKER_COMPOSE_PATH }} + -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }} + run --rm + -e DJANGO_SUPERUSER_PASSWORD={{ TAIGA_SUPERUSER_PASSWORD | quote }} + taiga-manage + shell -c + "from django.contrib.auth import get_user_model; import os; U=get_user_model(); u,created=U.objects.get_or_create(username='{{ TAIGA_SUPERUSER_NAME }}'); changed=bool(created); old=(u.email,u.is_staff,u.is_superuser,u.is_active); u.email='{{ TAIGA_SUPERUSER_EMAIL }}'; u.is_staff=True; u.is_superuser=True; u.is_active=True; changed = changed or old!=(u.email,u.is_staff,u.is_superuser,u.is_active); pwd=os.environ.get('DJANGO_SUPERUSER_PASSWORD'); assert pwd, 'Missing DJANGO_SUPERUSER_PASSWORD'; need_pwd = not u.check_password(pwd); changed = changed or need_pwd; need_pwd and u.set_password(pwd); u.save(); print('CHANGED=1' if changed else 'CHANGED=0')" + args: + chdir: "{{ docker_compose.directories.instance }}" + register: taiga_upsert_admin + when: taiga_create_admin.rc != 0 + changed_when: "'CHANGED=1' in ((taiga_upsert_admin.stdout | default('')) + (taiga_upsert_admin.stderr | default('')))" + no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" + async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" + poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" diff --git a/roles/web-app-taiga/tasks/main.yml b/roles/web-app-taiga/tasks/main.yml index d5958001..c17ca8da 100644 --- a/roles/web-app-taiga/tasks/main.yml +++ b/roles/web-app-taiga/tasks/main.yml @@ -22,26 +22,5 @@ - name: "Flush Taiga handlers" meta: flush_handlers -- name: "Create Taiga admin user (idempotent)" - command: > - docker compose - -f {{ TAIGA_DOCKER_COMPOSE_PATH }} - -f {{ TAIGA_DOCKER_COMPOSE_INIT_PATH }} - run --rm taiga-manage - createsuperuser --noinput - --username {{ TAIGA_SUPERUSER_NAME }} - --email {{ TAIGA_SUPERUSER_EMAIL }} - environment: - DJANGO_SUPERUSER_PASSWORD: "{{ TAIGA_SUPERUSER_PASSWORD }}" - args: - chdir: "{{ docker_compose.directories.instance }}" - register: taiga_create_admin - changed_when: taiga_create_admin.rc == 0 - failed_when: > - taiga_create_admin.rc != 0 and - ('already taken' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and - ('already exists' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) and - ('integrityerror' not in (taiga_create_admin.stdout + taiga_create_admin.stderr) | lower) - no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" - async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" - poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" \ No newline at end of file +- name: "Include Taiga administrator routines" + include_tasks: 01_administrator.yml \ No newline at end of file