From d5e5f57f927f8e47562b96407487674a39a4c345 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 11 Aug 2025 23:03:24 +0200 Subject: [PATCH] Optimized openproject for new repository structure --- roles/cmp-rdbms/vars/main.yml | 2 + roles/docker-compose/tasks/02_repository.yml | 1 + roles/srv-web-7-7-inj-compose/vars/main.yml | 2 + roles/svc-prx-openresty/vars/main.yml | 3 +- .../tasks/{ldap.yml => 01_ldap.yml} | 0 roles/web-app-openproject/tasks/main.yml | 14 +- .../templates/docker-compose.yml.j2 | 14 +- roles/web-app-openproject/vars/main.yml | 44 ++++-- tmp | 146 ------------------ 9 files changed, 48 insertions(+), 178 deletions(-) create mode 100644 roles/cmp-rdbms/vars/main.yml create mode 100644 roles/srv-web-7-7-inj-compose/vars/main.yml rename roles/web-app-openproject/tasks/{ldap.yml => 01_ldap.yml} (100%) delete mode 100644 tmp diff --git a/roles/cmp-rdbms/vars/main.yml b/roles/cmp-rdbms/vars/main.yml new file mode 100644 index 00000000..0bde9984 --- /dev/null +++ b/roles/cmp-rdbms/vars/main.yml @@ -0,0 +1,2 @@ +# Docker +docker_pull_git_repository: false # Deactivated here to don't inhire this \ No newline at end of file diff --git a/roles/docker-compose/tasks/02_repository.yml b/roles/docker-compose/tasks/02_repository.yml index f14f9b7c..b6f491d2 100644 --- a/roles/docker-compose/tasks/02_repository.yml +++ b/roles/docker-compose/tasks/02_repository.yml @@ -6,6 +6,7 @@ git: repo: "{{ docker_repository_address }}" dest: "{{ docker_repository_path }}" + version: "{{ docker_repository_branch | default('main') }}" depth: 1 update: yes recursive: yes diff --git a/roles/srv-web-7-7-inj-compose/vars/main.yml b/roles/srv-web-7-7-inj-compose/vars/main.yml new file mode 100644 index 00000000..0bde9984 --- /dev/null +++ b/roles/srv-web-7-7-inj-compose/vars/main.yml @@ -0,0 +1,2 @@ +# Docker +docker_pull_git_repository: false # Deactivated here to don't inhire this \ No newline at end of file diff --git a/roles/svc-prx-openresty/vars/main.yml b/roles/svc-prx-openresty/vars/main.yml index 2387b4df..633b03ca 100644 --- a/roles/svc-prx-openresty/vars/main.yml +++ b/roles/svc-prx-openresty/vars/main.yml @@ -10,4 +10,5 @@ openresty_version: "alpine" openresty_container: "{{ applications | get_app_conf(application_id, 'docker.services.openresty.name', True) }}" # Docker -docker_compose_flush_handlers: true \ No newline at end of file +docker_compose_flush_handlers: true +docker_pull_git_repository: false # Deactivated here to don't inhire this \ No newline at end of file diff --git a/roles/web-app-openproject/tasks/ldap.yml b/roles/web-app-openproject/tasks/01_ldap.yml similarity index 100% rename from roles/web-app-openproject/tasks/ldap.yml rename to roles/web-app-openproject/tasks/01_ldap.yml diff --git a/roles/web-app-openproject/tasks/main.yml b/roles/web-app-openproject/tasks/main.yml index f557715a..9329d4b2 100644 --- a/roles/web-app-openproject/tasks/main.yml +++ b/roles/web-app-openproject/tasks/main.yml @@ -3,23 +3,23 @@ include_role: name: cmp-db-docker-proxy -- name: "Create {{openproject_plugins_folder}}" +- name: "Create {{ openproject_plugins_folder }}" file: - path: "{{openproject_plugins_folder}}" + path: "{{ openproject_plugins_folder }}" state: directory mode: '0755' -- name: "Transfering Gemfile.plugins to {{openproject_plugins_folder}}" +- name: "Transfering Gemfile.plugins to {{ openproject_plugins_folder }}" copy: src: Gemfile.plugins - dest: "{{openproject_plugins_folder}}Gemfile.plugins" + dest: "{{ openproject_plugins_folder }}Gemfile.plugins" notify: - docker compose up - docker compose build -- name: "create {{dummy_volume}}" +- name: "create {{ openproject_dummy_volume }}" file: - path: "{{dummy_volume}}" + path: "{{ openproject_dummy_volume }}" state: directory mode: 0755 @@ -35,5 +35,5 @@ loop: "{{ openproject_rails_settings | dict2items }}" - name: Setup LDAP - include_tasks: ldap.yml + include_tasks: 01_ldap.yml when: applications | get_app_conf(application_id, 'features.ldap', True) | bool \ No newline at end of file diff --git a/roles/web-app-openproject/templates/docker-compose.yml.j2 b/roles/web-app-openproject/templates/docker-compose.yml.j2 index 244a7307..41aaddbb 100644 --- a/roles/web-app-openproject/templates/docker-compose.yml.j2 +++ b/roles/web-app-openproject/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ x-op-app: &app logging: driver: journald - image: {{custom_openproject_image}} + image: {{ openproject_custom_image }} build: context: . dockerfile: Dockerfile @@ -16,7 +16,7 @@ x-op-app: &app proxy: {% include 'roles/docker-container/templates/base.yml.j2' %} - image: {{custom_openproject_image}} + image: {{ openproject_custom_image }} container_name: {{ openproject_proxy_name }} command: "./docker/prod/proxy" ports: @@ -27,7 +27,7 @@ x-op-app: &app - web volumes: - "data:/var/openproject/assets" - - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes + - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes web: <<: *app @@ -45,7 +45,7 @@ x-op-app: &app {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} volumes: - "data:/var/openproject/assets" - - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes + - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes worker: <<: *app @@ -60,7 +60,7 @@ x-op-app: &app condition: service_started volumes: - "data:/var/openproject/assets" - - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes + - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes cron: @@ -76,7 +76,7 @@ x-op-app: &app condition: service_started volumes: - "data:/var/openproject/assets" - - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes + - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes seeder: <<: *app @@ -90,7 +90,7 @@ x-op-app: &app {% include 'roles/docker-container/templates/networks.yml.j2' %} volumes: - "data:/var/openproject/assets" - - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes + - "{{ openproject_dummy_volume }}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: diff --git a/roles/web-app-openproject/vars/main.yml b/roles/web-app-openproject/vars/main.yml index ad148388..a3243973 100644 --- a/roles/web-app-openproject/vars/main.yml +++ b/roles/web-app-openproject/vars/main.yml @@ -1,18 +1,22 @@ -application_id: "web-app-openproject" -docker_repository_address: "https://github.com/opf/openproject-deploy" -database_type: "postgres" -docker_pull_git_repository: true -openproject_version: "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}" -openproject_image: "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}" -openproject_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" -openproject_web_name: "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}" -openproject_seeder_name: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}" -openproject_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}" -openproject_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}" -openproject_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}" +# General +application_id: "web-app-openproject" -openproject_cache_name: "{{ applications | get_app_conf(application_id, 'docker.services.cache.name', True) }}" -openproject_cache_image: "{{ applications +# Database +database_type: "postgres" + +# Open Project Specific +openproject_version: "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}" +openproject_image: "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}" +openproject_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" +openproject_web_name: "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}" +openproject_seeder_name: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}" +openproject_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}" +openproject_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}" +openproject_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}" + +# Open Project Cache +openproject_cache_name: "{{ applications | get_app_conf(application_id, 'docker.services.cache.name', True) }}" +openproject_cache_image: "{{ applications | get_app_conf(application_id, 'docker.services.cache.image') or applications | get_app_conf('svc-db-memcached', 'docker.services.memcached.image') @@ -25,12 +29,12 @@ openproject_cache_version: "{{ applications }}" -openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/" +openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/" -custom_openproject_image: "custom_openproject" +openproject_custom_image: "custom_openproject" # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes -dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume" +openproject_dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume" openproject_rails_settings: email_delivery_method: "smtp" @@ -46,3 +50,9 @@ openproject_filters: users: "{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')' if applications | get_app_conf(application_id, 'ldap.filters.users', True) else '' }}" + +# Docker +docker_repository_branch: "stable/{{ openproject_version }}" +docker_repository_address: "https://github.com/opf/openproject-deploy" +docker_pull_git_repository: true +docker_compose_flush_handlers: false \ No newline at end of file diff --git a/tmp b/tmp deleted file mode 100644 index e7cc315a..00000000 --- a/tmp +++ /dev/null @@ -1,146 +0,0 @@ -diff --git a/roles/docker-container/meta/main.yml b/roles/docker-container/meta/main.yml -index 7b399e6f..37c3365e 100644 ---- a/roles/docker-container/meta/main.yml -+++ b/roles/docker-container/meta/main.yml -@@ -21,4 +21,3 @@ galaxy_info: - versions: [ all ] - dependencies: - - docker-core -- -diff --git a/roles/docker-core/meta/main.yml b/roles/docker-core/meta/main.yml -index 3642480a..9a4ffe9e 100644 ---- a/roles/docker-core/meta/main.yml -+++ b/roles/docker-core/meta/main.yml -@@ -26,10 +26,3 @@ galaxy_info: - issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues" - documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/docker" - --dependencies: -- - sys-bkp-docker-2-loc -- - user-administrator -- - sys-hlth-docker-container -- - sys-hlth-docker-volumes -- - sys-rpr-docker-soft -- - sys-rpr-docker-hard -diff --git a/roles/docker-core/tasks/01_core.yml b/roles/docker-core/tasks/01_core.yml -index 183ccd3b..b0b0c5c5 100644 ---- a/roles/docker-core/tasks/01_core.yml -+++ b/roles/docker-core/tasks/01_core.yml -@@ -1,6 +1,19 @@ -+- name: Include backup, repair, health and user dependencies -+ include_role: -+ name: "{{ item }}" -+ loop: -+ - sys-bkp-docker-2-loc -+ - user-administrator -+ - sys-hlth-docker-container -+ - sys-hlth-docker-volumes -+ - sys-rpr-docker-soft -+ - sys-rpr-docker-hard -+ - - name: docker & docker compose install - community.general.pacman: -- name: ['docker','docker-compose'] -+ name: -+ - 'docker' -+ - 'docker-compose' - state: present - notify: docker restart - -diff --git a/roles/srv-web-7-4-core/meta/main.yml b/roles/srv-web-7-4-core/meta/main.yml -index 340879eb..a7c7a044 100644 ---- a/roles/srv-web-7-4-core/meta/main.yml -+++ b/roles/srv-web-7-4-core/meta/main.yml -@@ -18,7 +18,4 @@ galaxy_info: - - performance - repository: "https://github.com/kevinveenbirkenbach/infinito-nexus" - issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues" -- documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/roles/srv-web-7-4-core" --dependencies: -- - sys-hlth-webserver -- - sys-hlth-csp -\ No newline at end of file -+ documentation: "https://github.com/kevinveenbirkenbach/infinito-nexus/roles/srv-web-7-4-core" -\ No newline at end of file -diff --git a/roles/srv-web-7-4-core/tasks/01_core.yml b/roles/srv-web-7-4-core/tasks/01_core.yml -index 619d972f..ce7f4370 100644 ---- a/roles/srv-web-7-4-core/tasks/01_core.yml -+++ b/roles/srv-web-7-4-core/tasks/01_core.yml -@@ -1,3 +1,10 @@ -+- name: Include health dependencies -+ include_role: -+ name: "{{ item }}" -+ loop: -+ - sys-hlth-webserver -+ - sys-hlth-csp -+ - - name: Include openresty - # Outside of run_once block is necessary for handler loading - # Otherwise the when: condition from the block is added to the handlers -diff --git a/roles/srv-web-7-6-https/meta/main.yml b/roles/srv-web-7-6-https/meta/main.yml -index 9b959ebe..4579d6f1 100644 ---- a/roles/srv-web-7-6-https/meta/main.yml -+++ b/roles/srv-web-7-6-https/meta/main.yml -@@ -22,8 +22,7 @@ galaxy_info: - repository: "https://github.com/kevinveenbirkenbach/infinito-nexus" - documentation: "https://docs.infinito.nexus" - issue_tracker_url: "https://github.com/kevinveenbirkenbach/infinito-nexus/issues" -- - dependencies: - - srv-web-7-4-core - - sys-cln-domains -- - srv-web-7-7-letsencrypt -\ No newline at end of file -+ - srv-web-7-7-letsencrypt -diff --git a/roles/srv-web-7-7-inj-compose/tasks/main.yml b/roles/srv-web-7-7-inj-compose/tasks/main.yml -index 068c25cd..9d56405f 100644 ---- a/roles/srv-web-7-7-inj-compose/tasks/main.yml -+++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml -@@ -38,14 +38,14 @@ - matomo: "{{ applications | get_app_conf(application_id, 'features.matomo', False) }}" - port_ui: "{{ applications | get_app_conf(application_id, 'features.port-ui-desktop', False) }}" - --- name: "Activate Global CSS for {{domain}}" -+- name: "Activate Corporate CSS for {{domain}}" - include_role: - name: srv-web-7-7-inj-css - when: - - inj_enabled.css - - run_once_srv_web_7_7_inj_css is not defined - --- name: "Activate Global Matomo Tracking for {{domain}}" -+- name: "Activate Matomo Tracking for {{domain}}" - include_role: - name: srv-web-7-7-inj-matomo - when: inj_enabled.matomo -diff --git a/roles/sys-svc-sshd/tasks/main.yml b/roles/sys-svc-sshd/tasks/main.yml -index af2ff0d1..010bbb37 100644 ---- a/roles/sys-svc-sshd/tasks/main.yml -+++ b/roles/sys-svc-sshd/tasks/main.yml -@@ -1,14 +1,14 @@ --- name: create sshd_config -- template: -- src: "sshd_config.j2" -- dest: /etc/ssh/sshd_config -- owner: root -- group: root -- mode: '0644' -- notify: sshd restart -- when: run_once_sys_svc_sshd is not defined -+- block: -+ - name: create sshd_config -+ template: -+ src: "sshd_config.j2" -+ dest: /etc/ssh/sshd_config -+ owner: root -+ group: root -+ mode: '0644' -+ notify: sshd restart - --- name: run the sshd tasks once -- set_fact: -- run_once_sys_svc_sshd: true -+ - name: run the sshd tasks once -+ set_fact: -+ run_once_sys_svc_sshd: true - when: run_once_sys_svc_sshd is not defined