From 719c88a9301a8abd82e8ac746b67733c0c8625ab Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 17 May 2021 08:42:09 -0500 Subject: [PATCH 1/3] lokole - create /lokole/state --- roles/lokole/tasks/install.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index bc97ad982..9d61f628e 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -77,6 +77,19 @@ path: "{{ lokole_run_directory }}" #mode: a+x # Not nec, given above 'state: directory' +# lets try to catch settings.env creation at registration time +# can't tell if the routine doesn't like settings.env being missing +- name: mkdir /lokole + file: + state: directory + path: /lokole + +- name: Link {{ lokole_run_directory }} to /lokole/state + file: + state: link + path: /lokole/state + src: "{{ lokole_run_directory }}" + - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole template: src: webapp_secrets.sh.j2 From a85418df12208d4f2b1a62b45ae06ac7e6c388e5 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 18 May 2021 06:29:05 -0500 Subject: [PATCH 2/3] Lokole system user --- roles/lokole/defaults/main.yml | 3 ++- roles/lokole/tasks/install.yml | 16 ++++++++++++---- roles/lokole/templates/celery.service.j2 | 2 +- roles/lokole/templates/settings.env.j2 | 7 +++++++ roles/lokole/templates/webapp_secrets.sh.j2 | 2 +- 5 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 roles/lokole/templates/settings.env.j2 diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 030f4fbd3..57ebf510e 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -22,8 +22,9 @@ lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv # Info needed to run Lokole: lokole_user: lokole lokole_url: /lokole +lokole_uid: "2000" lokole_run_directory: /home/{{ lokole_user }}/state -lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock" +lokole_domain_socket: "/run/lokole_gunicorn.sock" lokole_sim_type: LocalOnly lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 9d61f628e..40332fa33 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -71,6 +71,14 @@ with_items: - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" +- name: Create system {{ lokole_user }} user + ansible.builtin.user: + state: present + name: "{{ lokole_user }}" + system: yes + uid: "{{ lokole_uid }}" + home: /home/{{ lokole_user }} + - name: mkdir {{ lokole_run_directory }} file: state: directory @@ -79,15 +87,15 @@ # lets try to catch settings.env creation at registration time # can't tell if the routine doesn't like settings.env being missing -- name: mkdir /lokole +- name: mkdir /{{ lokole_user }} file: state: directory - path: /lokole + path: /{{ lokole_user }} - name: Link {{ lokole_run_directory }} to /lokole/state file: state: link - path: /lokole/state + path: "{{ lokole_user }}/state" src: "{{ lokole_run_directory }}" - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole @@ -102,7 +110,7 @@ dest: "{{ lokole_run_directory }}/webapp.sh" mode: a+x -- name: Create admin user with password, for http://box{{ lokole_url }} # http://box/lokole +- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | . {{ lokole_run_directory }}/webapp_secrets.sh {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' diff --git a/roles/lokole/templates/celery.service.j2 b/roles/lokole/templates/celery.service.j2 index e1393892b..49a2dd64b 100644 --- a/roles/lokole/templates/celery.service.j2 +++ b/roles/lokole/templates/celery.service.j2 @@ -6,7 +6,7 @@ Before=celerybeat.service [Service] Type=simple -ExecStart={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2 +ExecStart={{ lokole_venv }}/bin/celery --uid={{ lokole_uid }} --gid={{ lokole_uid }} --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2 ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill TERM $MAINPID diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2 new file mode 100644 index 000000000..81ab2f417 --- /dev/null +++ b/roles/lokole/templates/settings.env.j2 @@ -0,0 +1,7 @@ +OPWEN_SIM_TYPE='{{ lokole_sim_type }}' +OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}' +OPWEN_APP_ROOT='{{ lokole_url }}/' +OPWEN_MAX_UPLOAD_SIZE_MB=10 +OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *' +OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}' +OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}' diff --git a/roles/lokole/templates/webapp_secrets.sh.j2 b/roles/lokole/templates/webapp_secrets.sh.j2 index 18471d95b..fc8a51b7e 100644 --- a/roles/lokole/templates/webapp_secrets.sh.j2 +++ b/roles/lokole/templates/webapp_secrets.sh.j2 @@ -1,6 +1,6 @@ export OPWEN_SIM_TYPE='{{ lokole_sim_type }}' export OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}' -export OPWEN_APP_ROOT='{{ lokole_url }}' +export OPWEN_APP_ROOT='{{ lokole_url }}/' export OPWEN_MAX_UPLOAD_SIZE_MB=10 export OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *' export OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}' From 38c6ce9d7042821e5a16f6b6699cd6091b524e76 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 18 May 2021 10:16:40 -0500 Subject: [PATCH 3/3] don't link for diagnostics --- roles/lokole/tasks/install.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 40332fa33..638be3181 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -87,16 +87,20 @@ # lets try to catch settings.env creation at registration time # can't tell if the routine doesn't like settings.env being missing -- name: mkdir /{{ lokole_user }} +- name: mkdir /{{ lokole_user }}/state for registration testing file: state: directory - path: /{{ lokole_user }} + path: /{{ lokole_user }}/state -- name: Link {{ lokole_run_directory }} to /lokole/state - file: - state: link - path: "{{ lokole_user }}/state" - src: "{{ lokole_run_directory }}" +- name: Install dummy target for registration testing fake + template: + src: settings.env.j2 + dest: "/{{ lokole_user }}/state/settings.env" + +- name: Install dummy target for registration testing run + template: + src: settings.env.j2 + dest: "{{ lokole_run_directory }}/settings.env" - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole template: