Merge pull request #2782 from jvonau/lok_user

Create lokole user

roles/lokole/defaults/main.yml

@@ -22,8 +22,9 @@ lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 # Info needed to run Lokole:
 lokole_user: lokole
 lokole_url: /lokole
+lokole_uid: "2000"
 lokole_run_directory: /home/{{ lokole_user }}/state
-lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
+lokole_domain_socket: "/run/lokole_gunicorn.sock"
 lokole_sim_type: LocalOnly
 
 lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}"    # http://box.lan/lokole

roles/lokole/tasks/install.yml

@@ -71,12 +71,37 @@
   with_items:
     - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
 
+- name: Create system {{ lokole_user }} user
+  ansible.builtin.user:
+    state: present
+    name: "{{ lokole_user }}"
+    system: yes
+    uid: "{{ lokole_uid }}"
+    home: /home/{{ lokole_user }}
+
 - name: mkdir {{ lokole_run_directory }}
   file:
     state: directory
     path: "{{ lokole_run_directory }}"
     #mode: a+x    # Not nec, given above 'state: directory'
 
+# lets try to catch settings.env creation at registration time
+# can't tell if the routine doesn't like settings.env being missing
+- name: mkdir /{{ lokole_user }}/state for registration testing
+  file:
+    state: directory
+    path: /{{ lokole_user }}/state
+
+- name: Install dummy target for registration testing fake
+  template:
+    src: settings.env.j2
+    dest: "/{{ lokole_user }}/state/settings.env"
+
+- name: Install dummy target for registration testing run
+  template:
+    src: settings.env.j2
+    dest: "{{ lokole_run_directory }}/settings.env"
+
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template:
     src: webapp_secrets.sh.j2
@@ -89,7 +114,7 @@
     dest: "{{ lokole_run_directory }}/webapp.sh"
     mode: a+x
 
-- name: Create admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
+- name: Create Lokole admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
   shell: |
     . {{ lokole_run_directory }}/webapp_secrets.sh
     {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'

roles/lokole/templates/celery.service.j2

@@ -6,7 +6,7 @@ Before=celerybeat.service
 
 [Service]
 Type=simple
-ExecStart={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
+ExecStart={{ lokole_venv }}/bin/celery --uid={{ lokole_uid }} --gid={{ lokole_uid }} --app=opwen_email_client.webapp.tasks worker --loglevel=info --concurrency=2
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecStop=/bin/kill TERM $MAINPID
 

roles/lokole/templates/settings.env.j2

@@ -0,0 +1,7 @@
+OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
+OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
+OPWEN_APP_ROOT='{{ lokole_url }}/'
+OPWEN_MAX_UPLOAD_SIZE_MB=10
+OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
+OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
+OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}'

roles/lokole/templates/webapp_secrets.sh.j2

@@ -1,6 +1,6 @@
 export OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
 export OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
-export OPWEN_APP_ROOT='{{ lokole_url }}'
+export OPWEN_APP_ROOT='{{ lokole_url }}/'
 export OPWEN_MAX_UPLOAD_SIZE_MB=10
 export OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
 export OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'