Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Update the taiga playbook

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2018-10-23 10:08:24 +00:00
parent e1bea74d0d
commit 13a3854c7a
6 changed files with 184 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/taiga/files/taiga-back.service
View file

@ -4,7 +4,7 @@ After=network.target
Documentation=https://github.com/taigaio/taiga-back
[Service]
ExecStart=/usr/bin/python3-gunicorn -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi
ExecStart=/home/taiga/venv/bin/gunicorn -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi
WorkingDirectory=/home/taiga/taiga-back/
Type=simple
User=taiga

4
roles/taiga/files/urls.py Normal file
View file

@ -0,0 +1,4 @@
from taiga.urls import *
urlpatterns += [
url(r"^api/oidc/", include("mozilla_django_oidc.urls")),
]

202
roles/taiga/tasks/main.yml
View file

@ -16,6 +16,10 @@
- python3-gunicorn
- python3-psycopg2
# So we don't have to rebuild them in the virtualenv
- python3-cairo
- python3-cryptography
- python3-pyOpenSSL
- gettext
- git
@ -29,6 +33,8 @@
- libxslt-devel
- libjpeg-turbo-devel
- postgresql-devel
# To build the frontend
- npm
# need this for letsencrypt cert
- certbot
tags: taiga
@ -92,52 +98,59 @@
tags: taiga
### DONE with db stuff
### NEXT, Install our plugin for the backend first
- command: sudo -u taiga git clone https://github.com/fedora-infra/taiga-contrib-fas-openid-auth.git
chdir=/home/taiga/
creates=/home/taiga/taiga-contrib-fas-openid-auth
- block:
become: yes
become_user: taiga
tags: taiga
- command: python3 setup.py develop
chdir=/home/taiga/taiga-contrib-fas-openid-auth/back
tags: taiga
### DONE with our plugin
# Create the python virtualenv
- name: setup the virtualenv
pip:
name: pip
state: latest
chdir: /home/taiga
virtualenv: /home/taiga/venv
vitualenv_command: pyvenv
virtualenv_site_packages: yes
- name: install Gunicorn
pip:
name: gunicorn
virtualenv: /home/taiga/venv
### THEN, setup taiga-back from git
- name: copy systemd service file in for taiga
copy: src=taiga-back.service dest=/usr/lib/systemd/system/taiga-back.service
notify: reload systemd service files
tags: taiga
- command: sudo -u taiga git clone https://github.com/taigaio/taiga-back.git
chdir=/home/taiga/
creates=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga git checkout {{taiga_back_version}}
chdir=/home/taiga/taiga-back
tags: taiga
# change default admin password
- name: change admin password
command : sudo -u taiga sed -i -e 's/\"pbkdf2_sha256.*\"/\"{{taiga_admin_pw}}\"/' /home/taiga/taiga-back/taiga/users/fixtures/initial_user.json
tags: taiga
# settle for os unicorn
- name: remove gunicorn
command: sudo -u taiga sed -i -e '/^gunicorn.*$/d' requirements.txt
chdir=/home/taiga/taiga-back
tags: taiga
- command: pip3 install -r requirements.txt
chdir=/home/taiga/taiga-back
creates=/usr/lib/python3.4/site-packages/django/
tags: taiga
# make sure this is the working version of html5lib
- command: pip3 install html5lib==0.9999999
tags: taiga
# Install our plugin for the backend first
- name: install the OIDC auth plugin
git:
dest: /home/taiga/taiga-contrib-oidc-auth
repo: https://github.com/fedora-infra/taiga-contrib-oidc-auth.git
tags: taiga
- pip:
name: .
editable: yes
chdir: /home/taiga/taiga-contrib-oidc-auth/back
virtualenv: /home/taiga/venv
tags: taiga
# setup taiga-back from git
- git:
repo: https://github.com/taigaio/taiga-back.git
dest: /home/taiga/taiga-back
version: "{{taiga_back_version}}"
- name: remove some versionned dependencies
lineinfile:
path: /home/taiga/taiga-back/requirements.txt
regexp: '^(CairoSVG|cryptography)==.*$'
line: '\1'
backrefs: yes
- name: install taiga-back dependencies
pip:
requirements: /home/taiga/taiga-back/requirements.txt
virtualenv: /home/taiga/venv
tags: taiga
- name: copy in our taiga backend config
template: src=local.py dest=/home/taiga/taiga-back/settings/local.py
@ -145,44 +158,54 @@
notify: restart taiga-back
tags: taiga
- name: copy in our taiga backend URLs config
copy: src=urls.py dest=/home/taiga/taiga-back/settings/urls.py
mode=0640 owner=taiga group=taiga
notify: restart taiga-back
tags: taiga
- file: dest=/home/taiga/taiga-back/locale state=directory
owner=taiga group=taiga
tags: taiga
## TODO -- make these idempotent with creates=...
- command: sudo -u taiga python3 manage.py migrate --noinput
chdir=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_user
chdir=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_project_templates
chdir=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_role
chdir=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga python3 manage.py compilemessages
chdir=/home/taiga/taiga-back
tags: taiga
- command: sudo -u taiga python3 manage.py collectstatic --noinput
chdir=/home/taiga/taiga-back
# change default admin password
- name: copy in our initial_user fixture
template: src=initial_user.json dest=/home/taiga/initial_user.json
mode=0640 owner=taiga group=taiga
tags: taiga
- name: set taiga-back to start
service: name=taiga-back state=started enabled=yes
- block:
become: yes
become_user: taiga
tags: taiga
### DONE with taiga-back
- django_manage:
app_path: /home/taiga/taiga-back
virtualenv: /home/taiga/venv
command: migrate
### Getting close to the end.. setup taiga-front-dist from git
- command: sudo -u taiga git clone https://github.com/taigaio/taiga-front-dist.git
chdir=/home/taiga/
creates=/home/taiga/taiga-front-dist
tags: taiga
- django_manage:
app_path: /home/taiga/taiga-back
virtualenv: /home/taiga/venv
command: loaddata
fixtures: /home/taiga/initial_user.json initial_project_templates initial_role
- command: sudo -u taiga git checkout {{taiga_front_version}}
chdir=/home/taiga/taiga-front-dist
tags: taiga
- django_manage:
app_path: /home/taiga/taiga-back
virtualenv: /home/taiga/venv
command: compilemessages
- django_manage:
app_path: /home/taiga/taiga-back
virtualenv: /home/taiga/venv
command: collectstatic
### DONE with taiga-back
### Setup taiga-front-dist from git
- git:
repo: https://github.com/taigaio/taiga-front-dist.git
dest: /home/taiga/taiga-front-dist
version: "{{taiga_front_version}}"
- template:
src=conf.json
@ -194,9 +217,31 @@
- file: dest=/home/taiga/taiga-front-dist/dist/plugins state=directory owner=taiga group=taiga
tags: taiga
# Build the frontend
# npm config set strict-ssl false
# npm install
# npm install gulp
# ./node_modules/.bin/gulp build
- block:
become: yes
become_user: taiga
tags: taiga
# Build our plugin
- npm:
path: /home/taiga/taiga-contrib-oidc-auth/front
- npm:
path: /home/taiga/taiga-contrib-oidc-auth/front
name: gulp
- command: ./node_modules/.bin/gulp build
args:
chdir: /home/taiga/taiga-contrib-oidc-auth/front
creates: /home/taiga/taiga-contrib-oidc-auth/front/dist/oidc_auth.js
# Link our plugin pieces in place
- file: src=/home/taiga/taiga-contrib-fas-openid-auth/front/dist
dest=/home/taiga/taiga-front-dist/dist/plugins/fas-openid-auth
- file: src=/home/taiga/taiga-contrib-oidc-auth/front/dist
dest=/home/taiga/taiga-front-dist/dist/plugins/oidc-auth
state=link
owner=taiga
group=taiga
@ -204,6 +249,17 @@
### DONE with taiga-front
## taiga-back service
- name: copy systemd service file in for taiga
copy: src=taiga-back.service dest=/usr/lib/systemd/system/taiga-back.service
notify: reload systemd service files
tags: taiga
- name: set taiga-back to start
service: name=taiga-back state=started enabled=yes
tags: taiga
### letsencrypt
### script to renew certificate

3
roles/taiga/templates/conf.json
View file

@ -7,6 +7,7 @@
"privacyPolicyUrl": null,
"termsOfServiceUrl": null,
"maxUploadFileSize": null,
"contribPlugins": ["/plugins/fas-openid-auth/fas-openid-auth.json"],
"contribPlugins": ["/plugins/oidc-auth/oidc-auth.json"],
"oidcMountPoint": "/api/oidc",
"debugInfo": false
}

22
roles/taiga/templates/initial_user.json Normal file
View file

@ -0,0 +1,22 @@
[
{
"model": "users.user",
"fields": {
"username": "admin",
"full_name": "Administrator",
"bio": "",
"lang": "",
"color": "",
"photo": "",
"is_active": true,
"colorize_tags": false,
"timezone": "",
"is_superuser": true,
"token": "",
"last_login": "2013-04-04T07:36:09.880Z",
"password": "{{ taiga_admin_pw }}",
"email": "admin@fedoraproject.org",
"date_joined": "2013-04-01T13:48:21.711Z"
}
}
]

30
roles/taiga/templates/local.py
View file

@ -15,10 +15,32 @@ PUBLIC_REGISTER_ENABLED = True
DEFAULT_FROM_EMAIL = "nobody@fedoraproject.org"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
INSTALLED_APPS += ["taiga_contrib_fas_openid_auth"]
# We monkey patch the rest_framework exception handler to allow us to do
# the 303 redirects that we need to do for openid to finish.
REST_FRAMEWORK['EXCEPTION_HANDLER'] = "taiga_contrib_fas_openid_auth.services.exception_handler"
INSTALLED_APPS += [
"mozilla_django_oidc",
"taiga_contrib_oidc_auth",
]
AUTHENTICATION_BACKENDS = list(AUTHENTICATION_BACKENDS) + [
"taiga_contrib_oidc_auth.oidc.TaigaOIDCAuthenticationBackend",
]
# OIDC Settings
OIDC_CALLBACK_CLASS = "taiga_contrib_oidc_auth.views.TaigaOIDCAuthenticationCallbackView"
OIDC_RP_SCOPES = "openid profile email"
OIDC_RP_SIGN_ALGO = "RS256"
# Set the OIDC provider here.
OIDC_BASE_URL = "https://id{{ env_suffix }}.fedoraproject.org/openidc"
# Those URL values work for Ipsilon.
OIDC_OP_JWKS_ENDPOINT = OIDC_BASE_URL + "/Jwks"
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_BASE_URL + "/Authorization"
OIDC_OP_TOKEN_ENDPOINT = OIDC_BASE_URL + "/Token"
OIDC_OP_USER_ENDPOINT = OIDC_BASE_URL + "/UserInfo"
# These two are private! Don't commit them to VCS.
OIDC_RP_CLIENT_ID = "{{ taiga_stg_oidc_client_id }}"
OIDC_RP_CLIENT_SECRET = "{{ taiga_stg_oidc_client_secret }}"
# Add the OIDC urls
ROOT_URLCONF = "settings.urls"
## Uncomment all this stuff to get the async celery stuff working.
## It is not necessary.. it just makes everything snappier.