Initial import

Signed-off-by: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>

Initial import
6967a400 · Thomas Schneider · 6967a400 · 6967a400 · 6967a400 · 6967a400
Verified Commit 6967a400 authored 8 years ago by Thomas Schneider
--- a/request-tracker/handlers/main.yml
+++ b/request-tracker/handlers/main.yml
+- name: restart RT
+  service: name=rt4-fcgi state=restarted
+
+- name: restart nginx
+  service: name=nginx state=restarted
--- a/request-tracker/meta/main.yml
+++ b/request-tracker/meta/main.yml
+dependencies:
+  - { role: postgres }
--- a/request-tracker/tasks/main.yml
+++ b/request-tracker/tasks/main.yml
+- name: Have RT packages installed
+  apt: name={{item}} state=present
+  with_items:
+    - request-tracker4
+    - rt4-fcgi
+    - rt4-db-postgresql
+    - cpanminus
+    - debconf-utils
+  tags:
+    - packages
+    - rt
+
+- name: Have RT additional Perl packages installed
+  cpanm: name={{item}} system_lib=yes
+  with_items:
+    - RT::Extension::LDAPImport
+    - RT::Authen::ExternalAuth
+  tags:
+    - rt
+
+- name: Have RT config installed
+  template: src=RT_SiteConfig.pm.j2 dest=/etc/request-tracker4/RT_SiteConfig.pm owner=root group=www-data mode=0660
+  tags:
+    - rt
+
+- name: Debconf RT
+  debconf: name=request-tracker4 question={{item.q}} value={{item.v}} vtype={{item.t}}
+  with_items:
+    - { q: 'request-tracker4/install-cronjobs', v: 'true', t: 'boolean' }
+  notify:
+    - restart RT
+  tags:
+    - rt
+
+- include: postgres.yml
+
+- name: Have nginx config for RT installed
+  template: src=nginx-rt.j2 dest=/etc/nginx/sites-available/rt
+  tags:
+    - rt
+  notify:
+    - restart nginx
+
+- name: Have nginx default config removed
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  tags:
+    - rt
+  notify:
+    - restart nginx
+
+- name: Have nginx config for RT activated
+  file: state=link src=/etc/nginx/sites-available/rt dest=/etc/nginx/sites-enabled/rt
+  tags:
+    - rt
+  notify:
+    - restart nginx
+
+# DEBIAN, FOR FUCK’S SAKE
+- name: Have RT enabled for sysvinit
+  lineinfile: 
+    path: /etc/default/rt4-fcgi
+    regexp: '^enabled='
+    line: 'enabled=1'
+  tags:
+    - rt
+
+- name: Have DB for RT initialized
+  shell: "rt-setup-database --action init --skip-create && touch /etc/request-tracker4/.db_initialized"
+  args:
+    creates: /etc/request-tracker4/.db_initialized
+  become: yes
+  become_user: www-data
+  tags:
+    - rt
+
+- name: Have ldapimport cron installed
+  cron:
+    minute: 9
+    user: www-data
+    job: /usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/bin/rtldapimport --import
+    name: rtldapimport
+  tags:
+    - rt
+
+- name: Have RT up und running
+  service: name={{item}} state=started enabled=yes
+  with_items:
+    - rt4-fcgi
+    - request-tracker4
+    - nginx
+  notify:
+    - restart RT
+    - restart nginx
+  tags:
+    - rt
+    - service
--- a/request-tracker/tasks/postgres.yml
+++ b/request-tracker/tasks/postgres.yml
+- name: Ensure the Postgres user exists
+  postgresql_user: name=www-data state=present
+  become: yes
+  become_user: postgres
+  tags:
+    - postgresql
+    - rt
+
+- name: Ensure the Postgres DB exists
+  postgresql_db: name=rtdb owner=www-data state=present
+  become: yes
+  become_user: postgres
+  tags:
+    - postgresql
+    - rt
+
+- name: Ensure the DB user has privileges
+  postgresql_privs:
+    database: rtdb
+    privs: ALL
+    state: present
+    type: database
+    roles: www-data
+  become: yes
+  become_user: postgres
+  tags:
+    - postgresql
+    - rt
+
+- name: Ensure Postgres is started
+  service: name=postgresql state=started enabled=yes
+  tags:
+    - postgresql
+    - rt
--- a/request-tracker/templates/RT_SiteConfig.pm.j2
+++ b/request-tracker/templates/RT_SiteConfig.pm.j2
+# vim:ft=perl
+
+### General
+Set($OwnerEmail, '{{rt_owner}}');
+Set($MessageBoxRichText, 0);
+Set($PreferRichText, 0);
+Set($PlainTextMono, 1);
+Set($AllowLoginPasswordAutoComplete, 1);
+Set($DisallowExecuteCode, 1);
+Set($Organization, '{{rt_organization}}');
+Set($rtname, '{{rt_name}}');
+
+### Web
+Set($WebDomain, '{{rt_webdomain}}');
+Set($CanonicalizeRedirectURLs, 1);
+Set($WebPort, '443');
+
+### Addresses
+Set($CorrespondAddress, '{{rt_correspondaddress}}');
+Set($CommentAddress, '{{rt_commentaddress}}');
+
+### LDAP
+Set($LDAPHost,'{{rt_ldaphost}}');
+Set($LDAPUser,'{{rt_ldapuser}}');
+Set($LDAPPassword,'{{lookup('passwordstore', rt_ldappass)}}');
+Set($LDAPBase,'{{rt_ldapbase}}');
+Set($LDAPFilter, '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))');
+Set($LDAPMapping, {Name         => 'sAMAccountName', # required
+                   EmailAddress => 'mail',
+                   RealName     => 'displayName',
+                   WorkPhone    => 'telephoneNumber',
+                   Organization => 'departmentName'});
+
+# Add to any existing plugins
+Set(@Plugins, qw(RT::Extension::LDAPImport));
+
+# If you want to sync Groups from LDAP into RT
+
+Set($LDAPGroupBase, '{{rt_ldapbase}}');
+Set($LDAPGroupFilter, '(&(objectclass=group)(|{{rt_ldapgroups}}))');
+Set($LDAPGroupMapping, {Name               => 'cn',
+                        Member_Attr        => 'member',
+                        Member_Attr_Value  => 'dn',
+                        Description        => 'description'});
+
+### Login
+Plugin('RT::Authen::ExternalAuth');
+Set($ExternalAuthPriority, [ 'My_LDAP' ]);
+Set($ExternalInfoPriority, [ 'My_LDAP' ]);
+Set($AutoCreateNonExternalUsers, 1);
+Set($ExternalSettings, {
+	'My_LDAP' => {
+		'type' => 'ldap',
+		'server' => '{{rt_ldaphost}}',
+		'user' => '{{rt_ldapuser}}',
+		'pass' => '{{lookup('passwordstore', rt_ldappass)}}',
+		'base' => '{{rt_ldapbase}}',
+		'filter' => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
+		'attr_match_list' => ['Name', 'EmailAddress'],
+		'attr_map' => {
+			'Name' => 'sAMAccountName',
+			'EmailAddress' => 'mail',
+			'RealName' => 'displayName',
+		},
+	},
+});
+
+
+### Timezone
+my $zone = "UTC";
+$zone=`/bin/cat /etc/timezone`
+    if -f "/etc/timezone";
+chomp $zone;
+Set($Timezone, $zone);
+
+### Logging
+# Logging to file isn't a good default strategy; see #747076
+Set($LogToFile , undef);
+Set($LogDir, '/var/log/request-tracker4');
+Set($LogToFileNamed , "rt.log");    #log to rt.log
+
+# Log to Syslog by default instead
+Set($LogToSyslog, 'debug');
+
+
+### Database
+Set($DatabaseType, 'Pg');
+Set($DatabaseUser , 'www-data');
+Set($DatabaseHost, '');
+Set($DatabasePort, '');
+Set($DatabaseName, 'rtdb');
--- a/request-tracker/templates/nginx-rt.j2
+++ b/request-tracker/templates/nginx-rt.j2
+server {
+	listen 443 ssl;
+	ssl_certificate /etc/ssl/nginx.crt;
+	ssl_certificate_key /etc/ssl/private/nginx.key;
+	server_name {{rt_webdomain}};
+	access_log  /var/log/nginx/access.log;
+
+	location / {
+		fastcgi_param  QUERY_STRING       $query_string;
+		fastcgi_param  REQUEST_METHOD     $request_method;
+		fastcgi_param  CONTENT_TYPE       $content_type;
+		fastcgi_param  CONTENT_LENGTH     $content_length;
+
+		fastcgi_param  SCRIPT_NAME        "";
+		fastcgi_param  PATH_INFO          $uri;
+		fastcgi_param  REQUEST_URI        $request_uri;
+		fastcgi_param  DOCUMENT_URI       $document_uri;
+		fastcgi_param  DOCUMENT_ROOT      $document_root;
+		fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+
+		fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+		fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+		fastcgi_param  REMOTE_ADDR        $remote_addr;
+		fastcgi_param  REMOTE_PORT        $remote_port;
+		fastcgi_param  SERVER_ADDR        $server_addr;
+		fastcgi_param  SERVER_PORT        $server_port;
+		fastcgi_param  SERVER_NAME        $server_name;
+		fastcgi_pass unix:///var/run/rt4-fcgi.sock;
+	}
+}
+
+server {
+	listen 80;
+	server_name {{rt_webdomain}};
+	return 301 https://$server_name$request_uri;
+}