kitoy
/
iloth_ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Serivce mattermost

master
kitoy 2020-04-22 22:54:07 +02:00
parent 5e5e4a0ef6
commit 43afec97ae
12 changed files with 180 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
host*
*.retry

8
bim!chat.yml
View File

@ -1,12 +1,14 @@
---
- hosts: test
- hosts: mattermost
roles:
- common
- postgresql
- nginx
- mattermost
# déclaration de la variables globales
vars:
email: contact@iloth.net
http_port: 80
domain: chat.bim.land
hostname: chat
cthostname: chat

1
roles/common/defaults/main.yml
View File

@ -1,6 +1,5 @@
---
commonRequirePackages:
- htop
- vim
- man
- bash-completion

2
roles/common/tasks/main.yml
View File

@ -7,7 +7,7 @@
- name: Install common required packages
apt:
name: "{{ commonRequirePackages }}"
state: present
- name: Remove useless stuff
apt:

4
roles/mattermost/defaults/main.yml
View File

@ -8,3 +8,7 @@ requredPackages:
mattermost_version: 5.21.0
mattermost_user: mmuser
db_name: mattermostdb
db_user: mmuser
db_pass: MatterMost_default_Password

13
roles/mattermost/files/pg_hba.conf Normal file
View File

@ -0,0 +1,13 @@
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 password
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident

76
roles/mattermost/tasks/main.yml
View File

@ -6,7 +6,7 @@
- name: unpack mattermost archive
unarchive:
src: /tmp/mattermost-team-{{ mattermost_version }}-linux-amd64.tar.gz
src: /tmp/mattermost-{{ mattermost_version }}-linux-amd64.tar.gz
dest: /opt/
copy: no
args:
@ -23,14 +23,14 @@
lineinfile:
dest: /opt/mattermost/config/config.json
regexp: '"DataSource":'
line: ' "DataSource": "postgres://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?sslmode=disable&connect_timeout=10",'
line: '"DataSource": "postgres://{{ db_user }}:{{ db_pass }}@127.0.0.1:5432/{{ db_name }}?sslmode=disable&connect_timeout=10",'
backrefs: yes
- name: Create mattermost user
user:
name: "{{ mattermost_user }}"
system: yes
createhome: no
createhome: yes
- name: Change mattermost directory permissions
file:
@ -39,3 +39,73 @@
owner: "{{ mattermost_user }}"
group: "{{ mattermost_user }}"
recurse: yes
- name: Create data directory for Mattermost
file:
path: /opt/mattermost/data
state: directory
mode: '0755'
- name: Edit /
lineinfile:
dest: /etc/postgresql/11/main/pg_hba.conf
regexp: 'local all postgres peer'
line: 'local all postgres trust'
backrefs: yes
- name: ensure postgresql is running
service:
name: postgresql
state: restarted
- name: ensure database is created
become: yes
become_user: "{{ mattermost_user }}"
postgresql_db:
name: "{{ db_name }}"
- name: ensure user has access to database
become: yes
become_user: "{{ mattermost_user }}"
postgresql_user:
db: "{{ db_name }}"
name: "{{ db_user }}"
password: "{{ db_pass }}"
priv: ALL
- name: ensure user does not have unnecessary privilege
become: yes
become_user: "{{ mattermost_user }}"
postgresql_user:
name: "{{ db_user }}"
role_attr_flags: NOSUPERUSER,NOCREATEDB
- name: Create nginx configuration
template:
src: mattermost.conf.j2
dest: /etc/nginx/sites-available/mattermost.conf
owner: root
group: root
mode: 0664
- name: Create a symbolic link
file:
src: /etc/nginx/sites-available/mattermost.conf
dest: /etc/nginx/sites-enabled/mattermost.conf
owner: root
group: root
state: link
- name: Create mattermost systemd service
template:
src: mattermost.service.j2
dest: /etc/systemd/system/mattermost.service
owner: root
group: root
mode: 0664
- name: Enable Mattermost service
service:
name: mattermost
enabled: yes
state: started

51
roles/mattermost/templates/mattermost.conf.j2 Normal file
View File

@ -0,0 +1,51 @@
upstream backend {
server {{ ansible_default_ipv4.address }}:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name {{ domain }};
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend;
}
}

19
roles/mattermost/templates/mattermost.service.j2 Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=Mattermost
After=network.target
After=postgresql.service
Requires=postgresql.service
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User={{ mattermost_user }}
Group={{ mattermost_user }}
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target

5
roles/nginx/tasks/main.yml
View File

@ -7,3 +7,8 @@
apt:
name: python3-certbot-nginx
when: installCertbot == True
- name: Allow http and https connexions
ufw:
rule: allow
name: 'Nginx Full'

5
roles/postgresql/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: restart apache
service:
name: postgresql
state: restarted

1
roles/postgresql/tasks/main.yml
View File

@ -5,3 +5,4 @@
name:
- postgresql
- postgresql-contrib
- python-psycopg2