From: Bill Erickson Date: Wed, 12 Apr 2017 17:45:41 +0000 (-0400) Subject: Ansible-based Evergreen/OpenSRF install X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=8b44cda22bf939201338d058d31f9d44fa8433b7;p=working%2Frandom.git Ansible-based Evergreen/OpenSRF install Signed-off-by: Bill Erickson --- diff --git a/README.adoc b/README.adoc new file mode 100644 index 000000000..c915a2442 --- /dev/null +++ b/README.adoc @@ -0,0 +1,14 @@ += Evergreen / OpenSRF Ansible Installer + +== settings.yml + +Review the values contained in setting.yml and modify as needed. + +== Running + +[source,sh] +--------------------------------------------------------------------------- +sudo ansible-playbook playbook.yml -e "hosts=127.0.0.1" +--------------------------------------------------------------------------- + + diff --git a/evergreen/apache.yml b/evergreen/apache.yml new file mode 100644 index 000000000..7988da52c --- /dev/null +++ b/evergreen/apache.yml @@ -0,0 +1,37 @@ +# Apache +- service: name=apache2 state=stopped +- copy: + src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_24.conf" + dest: /etc/apache2/sites-available/eg.conf +- copy: + src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache_24/eg_vhost_24.conf" + dest: /etc/apache2/eg_vhost.conf +- copy: + src: "{{repo_base}}/Evergreen/Open-ILS/examples/apache/eg_startup" + dest: /etc/apache2/ +- file: path=/etc/apache2/ssl state=directory +- name: Setup SSL Certs + shell: cd /etc/apache2/ssl && openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN={{domain_name}}" +- shell: /usr/sbin/a2dismod mpm_event +- shell: /usr/sbin/a2enmod mpm_prefork +- shell: /usr/sbin/a2enmod deflate +- shell: /usr/sbin/a2enmod headers +- shell: /usr/sbin/a2enmod expires +- shell: /usr/sbin/a2enmod rewrite +- shell: /usr/sbin/a2dissite 000-default +- shell: /usr/sbin/a2ensite eg.conf +- file: path=/var/lock/apache2 owner=opensrf group=opensrf +- replace: + dest: /etc/apache2/envvars + regexp: 'www-data' + replace: 'opensrf' +- replace: + dest: /etc/apache2/apache2.conf + regexp: 'KeepAliveTimeout .*' + replace: 'KeepAliveTimeout 1' +- name: Restarting Apache + service: name=apache2 state=started +- name: Restarting Websockets +# service name=apache2ctl-websockets state=restarted FAILS + shell: apache2ctl-websockets restart + diff --git a/evergreen/database.yml b/evergreen/database.yml new file mode 100644 index 000000000..e28465f5a --- /dev/null +++ b/evergreen/database.yml @@ -0,0 +1,39 @@ +- name: Install Postgres Prereqs + apt: name={{item}} state=present + with_items: + - python-psycopg2 # required by postgresql_user + - pgtap +- name: Install Postgres Dependencies + shell: > + cd {{repo_base}}/Evergreen + && PERL_MM_USE_DEFAULT=1 make -f + Open-ILS/src/extras/Makefile.install postgres-server-{{os_build_target}} +- name: Start Postgres + service: name=postgresql state=started +- name: Create DB User + become: true + become_user: postgres + postgresql_user: + name: "{{database_user}}" + password: "{{database_password}}" + role_attr_flags: SUPERUSER +- name: Apply EG DB Schema + shell: > + perl {{repo_base}}/Evergreen/Open-ILS/src/support-scripts/eg_db_config + {{load_sample_data}} + --create-database + --create-schema + --create-offline + --update-config + --service all + --user {{database_user}} + --password {{database_password}} + --hostname {{database_host}} + --database {{database_database}} + --admin-user {{eg_admin_user}} + --admin-pass {{eg_admin_pass}} +- name: Create PGTAP Extension + become: true + become_user: postgres + postgresql_ext: name=pgtap db={{database_database}} + diff --git a/evergreen/eg-build.yml b/evergreen/eg-build.yml new file mode 100644 index 000000000..9a114bdad --- /dev/null +++ b/evergreen/eg-build.yml @@ -0,0 +1,24 @@ +- name: Checkout Evergreen Repository + git: + repo: "{{eg_git_repository}}" + dest: "{{repo_base}}/Evergreen" + depth: "{{eg_clone_depth}}" + version: "{{eg_git_branch}}" +- name: Install Evergreen Prereqs + become: true + shell: > + cd {{repo_base}}/Evergreen + && PERL_MM_USE_DEFAULT=1 make -f + Open-ILS/src/extras/Makefile.install {{os_build_target}} +- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes +- name: Build Evergreen + become: true + become_user: opensrf + environment: + PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin" + shell: > + cd {{repo_base}}/Evergreen + && autoreconf -i + && ./configure --prefix={{eg_install_path}} --sysconfdir={{eg_install_path}}/conf + && make +- file: dest="{{eg_install_path}}" owner=opensrf group=opensrf recurse=yes diff --git a/evergreen/eg-install.yml b/evergreen/eg-install.yml new file mode 100644 index 000000000..1284d4c36 --- /dev/null +++ b/evergreen/eg-install.yml @@ -0,0 +1,46 @@ +- name: Install Evergreen + become: true + environment: + PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin" + shell: > + cd {{repo_base}}/Evergreen + && make STAFF_CLIENT_STAMP_ID={{eg_stamp_id}} install +- name: Create XUL Current Symlink + file: + state: link + src: /openils/var/web/xul/{{eg_stamp_id}} + dest: /openils/var/web/xul/current +- name: Create XUL Server Symlink + file: + state: link + src: /openils/var/web/xul/current/server + dest: /openils/var/web/xul/server +- copy: + src: /openils/conf/opensrf.xml.example + dest: /openils/conf/opensrf.xml + force: no +- copy: + src: /openils/conf/opensrf_core.xml.example + dest: /openils/conf/opensrf_core.xml + force: no +- get_url: url={{dojo_url}} dest=/tmp/dojo-release-{{dojo_version}}.tar.gz +- unarchive: + src: /tmp/dojo-release-{{dojo_version}}.tar.gz + dest: /tmp/ +- copy: src=/tmp/dojo-release-{{dojo_version}}/ dest=/openils/var/web/js/dojo/ +- file: dest="{{eg_install_path}}" owner=opensrf group=opensrf recurse=yes +- copy: src=/openils/conf/srfsh.xml.example dest=/home/opensrf/.srfsh.xml force=no +- file: dest=/home/opensrf/.srfsh.xml owner=opensrf group=opensrf +- name: Copy ldconfig + copy: + src: "{{playbook_dir}}/evergreen/evergreen.ld.conf" + dest: /etc/ld.so.conf.d/evergreen.ld.conf +- shell: ldconfig +- name: Configure Rsyslog + when: use_rsyslog + copy: + src: "{{repo_base}}/Evergreen/Open-ILS/examples/evergreen-rsyslog.conf" + dest: /etc/rsyslog.d/evergreen.conf +- name: Restart Rsyslog + when: use_rsyslog + service: name=rsyslog state=restarted diff --git a/evergreen/eg-web.yml b/evergreen/eg-web.yml new file mode 100644 index 000000000..d44731383 --- /dev/null +++ b/evergreen/eg-web.yml @@ -0,0 +1,25 @@ +- name: Install Evergreen Web Prereqs + shell: > + cd {{repo_base}}/Evergreen + && PERL_MM_USE_DEFAULT=1 make -f + Open-ILS/src/extras/Makefile.install {{os_build_target}}-developer +- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes +- name: Install Grunt + npm: name=grunt-cli global=true +- name: Node Build + become: true + become_user: opensrf + npm: path={{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff +- name: Grunt Build + become: true + become_user: opensrf + shell: > + cd {{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff + && grunt build +- name: Grunt Test + become: true + become_user: opensrf + shell: > + cd {{repo_base}}/Evergreen/Open-ILS/web/js/ui/default/staff + && grunt test + diff --git a/evergreen/evergreen.ld.conf b/evergreen/evergreen.ld.conf new file mode 100644 index 000000000..7ba262be1 --- /dev/null +++ b/evergreen/evergreen.ld.conf @@ -0,0 +1,4 @@ +/openils/lib +/usr/local/lib +/usr/lib/x86_64-linux-gnu/ +/usr/lib/x86_64-linux-gnu/dbd diff --git a/evergreen/main.yml b/evergreen/main.yml new file mode 100644 index 000000000..407369344 --- /dev/null +++ b/evergreen/main.yml @@ -0,0 +1,15 @@ +- name: Build Evergreen + include: eg-build.yml +- name: Build Evergreen Web + include: eg-web.yml +- name: Install Evergreen + include: eg-install.yml +- name: Setup Apache + include: apache.yml +- name: Install Nginx + include: nginx.yml + when: use_nginx +- name: Install Database + include: database.yml + when: install_database + diff --git a/evergreen/nginx.yml b/evergreen/nginx.yml new file mode 100644 index 000000000..9475b7d7b --- /dev/null +++ b/evergreen/nginx.yml @@ -0,0 +1,38 @@ +# Apache must be reconfigured before NGINX is installed +# or the NGINX install will fail on conflicting ports +- replace: + dest: /etc/apache2/ports.conf + regexp: 'Listen 80' + replace: 'Listen 7080' +- replace: + dest: /etc/apache2/ports.conf + regexp: 'Listen 443' + replace: 'Listen 7443' +- replace: + dest: /etc/apache2/sites-available/eg.conf + regexp: ':80' + replace: ':7080' +- replace: + dest: /etc/apache2/sites-available/eg.conf + regexp: ':443' + replace: ':7443' +- name: Restart Apache With New Ports + service: name=apache2 state=restarted +- name: Install Nginx Prereqs + apt: name=nginx state=present +- name: Install NGINX Configs + copy: + src: "{{repo_base}}/OpenSRF/examples/nginx/osrf-ws-http-proxy" + dest: /etc/nginx/sites-available/osrf-ws-http-proxy +- name: Link NGINX Configs + file: + state: link + src: /etc/nginx/sites-available/osrf-ws-http-proxy + dest: /etc/nginx/sites-enabled/osrf-ws-http-proxy +- name: Remove Default NGINX Site + file: + state: absent + dest: /etc/nginx/sites-available/default +- name: Restart NGINX With New Config + service: name=nginx state=restarted + diff --git a/opensrf/ejabberd-config.yml b/opensrf/ejabberd-config.yml new file mode 100644 index 000000000..a5527d8dc --- /dev/null +++ b/opensrf/ejabberd-config.yml @@ -0,0 +1,689 @@ +### +###' ejabberd configuration file +### +### + +### The parameters used in this configuration file are explained in more detail +### in the ejabberd Installation and Operation Guide. +### Please consult the Guide in case of doubts, it is included with +### your copy of ejabberd, and is also available online at +### http://www.process-one.net/en/ejabberd/docs/ + +### The configuration file is written in YAML. +### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. +### However, ejabberd treats different literals as different types: +### +### - unquoted or single-quoted strings. They are called "atoms". +### Example: dog, 'Jupiter', '3.14159', YELLOW +### +### - numeric literals. Example: 3, -45.0, .0 +### +### - quoted or folded strings. +### Examples of quoted string: "Lizzard", "orange". +### Example of folded string: +### > Art thou not Romeo, +### and a Montague? + +###. ======= +###' LOGGING + +## +## loglevel: Verbosity of log files generated by ejabberd. +## 0: No ejabberd log at all (not recommended) +## 1: Critical +## 2: Error +## 3: Warning +## 4: Info +## 5: Debug +## +loglevel: 4 + +## +## rotation: Disable ejabberd's internal log rotation, as the Debian package +## uses logrotate(8). +log_rotate_size: 0 +log_rotate_date: "" + +## +## overload protection: If you want to limit the number of messages per second +## allowed from error_logger, which is a good idea if you want to avoid a flood +## of messages when system is overloaded, you can set a limit. +## 100 is ejabberd's default. +log_rate_limit: 100 + +## +## watchdog_admins: Only useful for developers: if an ejabberd process +## consumes a lot of memory, send live notifications to these XMPP +## accounts. +## +## watchdog_admins: +## - "bob@example.com" + +###. =============== +###' NODE PARAMETERS + +## +## net_ticktime: Specifies net_kernel tick time in seconds. This options must have +## identical value on all nodes, and in most cases shouldn't be changed at all from +## default value. +## +## net_ticktime: 60 + +###. ================ +###' SERVED HOSTNAMES + +## +## hosts: Domains served by ejabberd. +## You can define one or several, for example: +## hosts: +## - "example.net" +## - "example.com" +## - "example.org" +## +hosts: + - "localhost" + - "private.localhost" + - "public.localhost" + +## +## route_subdomains: Delegate subdomains to other XMPP servers. +## For example, if this ejabberd serves example.org and you want +## to allow communication with an XMPP server called im.example.org. +## +## route_subdomains: s2s + +###. =============== +###' LISTENING PORTS + +## +## listen: The ports ejabberd will listen on, which service each is handled +## by and what options to start it with. +## +listen: + - + port: 5222 + ip: "::" + module: ejabberd_c2s + ## + ## If TLS is compiled in and you installed a SSL + ## certificate, specify the full path to the + ## file and uncomment these lines: + ## + certfile: "/etc/ejabberd/ejabberd.pem" + starttls: true + ## + ## To enforce TLS encryption for client connections, + ## use this instead of the "starttls" option: + ## + ## starttls_required: true + ## + ## Custom OpenSSL options + ## + protocol_options: + - "no_sslv3" + ## - "no_tlsv1" + max_stanza_size: 2000000 + shaper: c2s_shaper + access: c2s + zlib: true + resend_on_timeout: if_offline + - + port: 5269 + ip: "::" + module: ejabberd_s2s_in + ## + ## ejabberd_service: Interact with external components (transports, ...) + ## + ## - + ## port: 8888 + ## module: ejabberd_service + ## access: all + ## shaper_rule: fast + ## ip: "127.0.0.1" + ## hosts: + ## "icq.example.org": + ## password: "secret" + ## "sms.example.org": + ## password: "secret" + + ## + ## ejabberd_stun: Handles STUN Binding requests + ## + ## - + ## port: 3478 + ## transport: udp + ## module: ejabberd_stun + + ## + ## To handle XML-RPC requests that provide admin credentials: + ## + ## - + ## port: 4560 + ## module: ejabberd_xmlrpc + ## access_commands: {} + - + port: 5280 + ip: "::" + module: ejabberd_http + request_handlers: + "/websocket": ejabberd_http_ws + ## "/pub/archive": mod_http_fileserver + web_admin: true + http_bind: true + ## register: true + captcha: true + tls: true + certfile: "/etc/ejabberd/ejabberd.pem" + +## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text +## password storage (see auth_password_format option). +disable_sasl_mechanisms: "digest-md5" + +###. ================== +###' S2S GLOBAL OPTIONS + +## +## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. +## Allowed values are: false optional required required_trusted +## You must specify a certificate file. +## +s2s_use_starttls: optional + +## +## s2s_certfile: Specify a certificate file. +## +s2s_certfile: "/etc/ejabberd/ejabberd.pem" + +## Custom OpenSSL options +## +s2s_protocol_options: + - "no_sslv3" +## - "no_tlsv1" + +## +## domain_certfile: Specify a different certificate for each served hostname. +## +## host_config: +## "example.org": +## domain_certfile: "/path/to/example_org.pem" +## "example.com": +## domain_certfile: "/path/to/example_com.pem" + +## +## S2S whitelist or blacklist +## +## Default s2s policy for undefined hosts. +## +## s2s_access: s2s + +## +## Outgoing S2S options +## +## Preferred address families (which to try first) and connect timeout +## in milliseconds. +## +## outgoing_s2s_families: +## - ipv4 +## - ipv6 +## outgoing_s2s_timeout: 10000 + +###. ============== +###' AUTHENTICATION + +## +## auth_method: Method used to authenticate the users. +## The default method is the internal. +## If you want to use a different method, +## comment this line and enable the correct ones. +## +auth_method: internal + +## +## Store the plain passwords or hashed for SCRAM: +## auth_password_format: plain +auth_password_format: plain +## +## Define the FQDN if ejabberd doesn't detect it: +## fqdn: "server3.example.com" + +## +## Authentication using external script +## Make sure the script is executable by ejabberd. +## +## auth_method: external +## extauth_program: "/path/to/authentication/script" + +## +## Authentication using ODBC +## Remember to setup a database in the next section. +## +## auth_method: odbc + +## +## Authentication using PAM +## +## auth_method: pam +## pam_service: "pamservicename" + +## +## Authentication using LDAP +## +## auth_method: ldap +## +## List of LDAP servers: +## ldap_servers: +## - "localhost" +## +## Encryption of connection to LDAP servers: +## ldap_encrypt: none +## ldap_encrypt: tls +## +## Port to connect to on LDAP servers: +## ldap_port: 389 +## ldap_port: 636 +## +## LDAP manager: +## ldap_rootdn: "dc=example,dc=com" +## +## Password of LDAP manager: +## ldap_password: "******" +## +## Search base of LDAP directory: +## ldap_base: "dc=example,dc=com" +## +## LDAP attribute that holds user ID: +## ldap_uids: +## - "mail": "%u@mail.example.org" +## +## LDAP filter: +## ldap_filter: "(objectClass=shadowAccount)" + +## +## Anonymous login support: +## auth_method: anonymous +## anonymous_protocol: sasl_anon | login_anon | both +## allow_multiple_connections: true | false +## +## host_config: +## "public.example.org": +## auth_method: anonymous +## allow_multiple_connections: false +## anonymous_protocol: sasl_anon +## +## To use both anonymous and internal authentication: +## +## host_config: +## "public.example.org": +## auth_method: +## - internal +## - anonymous + +###. ============== +###' DATABASE SETUP + +## ejabberd by default uses the internal Mnesia database, +## so you do not necessarily need this section. +## This section provides configuration examples in case +## you want to use other database backends. +## Please consult the ejabberd Guide for details on database creation. + +## +## MySQL server: +## +## odbc_type: mysql +## odbc_server: "server" +## odbc_database: "database" +## odbc_username: "username" +## odbc_password: "password" +## +## If you want to specify the port: +## odbc_port: 1234 + +## +## PostgreSQL server: +## +## odbc_type: pgsql +## odbc_server: "server" +## odbc_database: "database" +## odbc_username: "username" +## odbc_password: "password" +## +## If you want to specify the port: +## odbc_port: 1234 +## +## If you use PostgreSQL, have a large database, and need a +## faster but inexact replacement for "select count(*) from users" +## +## pgsql_users_number_estimate: true + +## +## SQLite: +## +## odbc_type: sqlite +## odbc_database: "/path/to/database.db" + +## +## ODBC compatible or MSSQL server: +## +## odbc_type: odbc +## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd" + +## +## Number of connections to open to the database for each virtual host +## +## odbc_pool_size: 10 + +## +## Interval to make a dummy SQL request to keep the connections to the +## database alive. Specify in seconds: for example 28800 means 8 hours +## +## odbc_keepalive_interval: undefined + +###. =============== +###' TRAFFIC SHAPERS + +shaper: + ## + ## The "normal" shaper limits traffic speed to 1000 B/s + ## + normal: 500000 + + ## + ## The "fast" shaper limits traffic speed to 50000 B/s + ## + fast: 500000 + +## +## This option specifies the maximum number of elements in the queue +## of the FSM. Refer to the documentation for details. +## +max_fsm_queue: 1000 + +###. ==================== +###' ACCESS CONTROL LISTS +acl: + ## + ## The 'admin' ACL grants administrative privileges to XMPP accounts. + ## You can put here as many accounts as you want. + ## + admin: + user: + - "": "localhost" + + ## + ## Blocked users + ## + ## blocked: + ## user: + ## - "baduser": "example.org" + ## - "test" + + ## Local users: don't modify this. + ## + local: + user_regexp: "" + + ## + ## More examples of ACLs + ## + ## jabberorg: + ## server: + ## - "jabber.org" + ## aleksey: + ## user: + ## - "aleksey": "jabber.ru" + ## test: + ## user_regexp: "^test" + ## user_glob: "test*" + + ## + ## Loopback network + ## + loopback: + ip: + - "127.0.0.0/8" + + ## + ## Bad XMPP servers + ## + ## bad_servers: + ## server: + ## - "xmpp.zombie.org" + ## - "xmpp.spam.com" + +## +## Define specific ACLs in a virtual host. +## +## host_config: +## "localhost": +## acl: +## admin: +## user: +## - "bob-local": "localhost" + +###. ============ +###' ACCESS RULES +access: + ## Maximum number of simultaneous sessions allowed for a single user: + max_user_sessions: + all: 10000 + ## Maximum number of offline messages that users can have: + max_user_offline_messages: + admin: 5000 + all: 100 + ## This rule allows access only for local users: + local: + local: allow + ## Only non-blocked users can use c2s connections: + c2s: + blocked: deny + all: allow + ## For C2S connections, all users except admins use the "normal" shaper + c2s_shaper: + admin: none + all: normal + ## All S2S connections use the "fast" shaper + s2s_shaper: + all: fast + ## Only admins can send announcement messages: + announce: + admin: allow + ## Only admins can use the configuration interface: + configure: + admin: allow + ## Admins of this server are also admins of the MUC service: + muc_admin: + admin: allow + ## Only accounts of the local ejabberd server can create rooms: + muc_create: + local: allow + ## All users are allowed to use the MUC service: + muc: + all: allow + ## Only accounts on the local ejabberd server can create Pubsub nodes: + pubsub_createnode: + local: allow + ## In-band registration allows registration of any possible username. + ## To disable in-band registration, replace 'allow' with 'deny'. + register: + all: allow + ## Only allow to register from localhost + trusted_network: + loopback: allow + ## Do not establish S2S connections with bad servers + ## s2s: + ## bad_servers: deny + ## all: allow + +## By default the frequency of account registrations from the same IP +## is limited to 1 account every 10 minutes. To disable, specify: infinity +## registration_timeout: 600 + +## +## Define specific Access Rules in a virtual host. +## +## host_config: +## "localhost": +## access: +## c2s: +## admin: allow +## all: deny +## register: +## all: deny + +###. ================ +###' DEFAULT LANGUAGE + +## +## language: Default language used for server messages. +## +language: "en" + +## +## Set a different default language in a virtual host. +## +## host_config: +## "localhost": +## language: "ru" + +###. ======= +###' CAPTCHA + +## +## Full path to a script that generates the image. +## +## captcha_cmd: "/usr/share/ejabberd/captcha.sh" + +## +## Host for the URL and port where ejabberd listens for CAPTCHA requests. +## +## captcha_host: "example.org:5280" + +## +## Limit CAPTCHA calls per minute for JID/IP to avoid DoS. +## +## captcha_limit: 5 + +###. ======= +###' MODULES + +## +## Modules enabled in all ejabberd virtual hosts. +## +modules: + mod_adhoc: {} + mod_admin_extra: {} + mod_announce: # recommends mod_adhoc + access: announce + mod_blocking: {} # requires mod_privacy + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} # requires mod_adhoc + mod_disco: {} + mod_echo: {} + mod_irc: {} + mod_http_bind: {} + ## mod_http_fileserver: + ## docroot: "/var/www" + ## accesslog: "/var/log/ejabberd/access.log" + mod_last: {} + mod_muc: + ## host: "conference.@HOST@" + access: muc + access_create: muc_create + access_persistent: muc_create + access_admin: muc_admin + ## mod_muc_log: {} + mod_muc_admin: {} + ## mod_multicast: {} + #mod_offline: + # access_max_user_messages: max_user_offline_messages + mod_ping: {} + ## mod_pres_counter: + ## count: 5 + ## interval: 60 + mod_privacy: {} + mod_private: {} + ## mod_proxy65: {} + mod_pubsub: + access_createnode: pubsub_createnode + ## reduces resource comsumption, but XEP incompliant + ignore_pep_from_offline: true + ## XEP compliant, but increases resource comsumption + ## ignore_pep_from_offline: false + last_item_cache: false + plugins: + - "flat" + - "hometree" + - "pep" # pep requires mod_caps + mod_register: + ## + ## Protect In-Band account registrations with CAPTCHA. + ## + ## captcha_protected: true + + ## + ## Set the minimum informational entropy for passwords. + ## + ## password_strength: 32 + + ## + ## After successful registration, the user receives + ## a message with this subject and body. + ## + welcome_message: + subject: "Welcome!" + body: |- + Hi. + Welcome to this XMPP server. + + ## + ## When a user registers, send a notification to + ## these XMPP accounts. + ## + ## registration_watchers: + ## - "admin1@example.org" + + ## + ## Only clients in the server machine can register accounts + ## + ip_access: trusted_network + + ## + ## Local c2s or remote s2s users cannot register accounts + ## + ## access_from: deny + + access: register + mod_roster: {} + mod_shared_roster: {} + mod_stats: {} + mod_time: {} + mod_vcard: + search: false + mod_version: {} + +## +## Enable modules with custom options in a specific virtual host +## +## host_config: +## "localhost": +## modules: +## mod_echo: +## host: "mirror.localhost" + +## +## Enable modules management via ejabberdctl for installation and +## uninstallation of public/private contributed modules +## (enabled by default) +## + +allow_contrib_modules: true + +###. +###' +### Local Variables: +### mode: yaml +### End: +### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker: diff --git a/opensrf/ejabberd.yml b/opensrf/ejabberd.yml new file mode 100644 index 000000000..9bf1e11b4 --- /dev/null +++ b/opensrf/ejabberd.yml @@ -0,0 +1,16 @@ +- name: Copying Ejabberd Config + copy: + src: "{{playbook_dir}}/opensrf/ejabberd-config.yml" + dest: /etc/ejabberd/ejabberd.yml + mode: 0600 +- name: Restarting Ejabberd + service: name=ejabberd state=restarted +- pause: seconds=5 +- shell: ejabberdctl unregister router private.localhost +- shell: ejabberdctl unregister opensrf private.localhost +- shell: ejabberdctl unregister router public.localhost +- shell: ejabberdctl unregister opensrf public.localhost +- shell: ejabberdctl register router private.localhost {{ejabberd_password}} +- shell: ejabberdctl register opensrf private.localhost {{ejabberd_password}} +- shell: ejabberdctl register router public.localhost {{ejabberd_password}} +- shell: ejabberdctl register opensrf public.localhost {{ejabberd_password}} diff --git a/opensrf/main.yml b/opensrf/main.yml new file mode 100644 index 000000000..3bdd9dfb4 --- /dev/null +++ b/opensrf/main.yml @@ -0,0 +1,8 @@ +- name: Setup OpenSRF + include: setup.yml +- name: Install OpenSRF + include: opensrf.yml +- name: Configure Ejabberd + include: ejabberd.yml +- name: OpenSRF WebSockets + include: websockets.yml diff --git a/opensrf/opensrf.yml b/opensrf/opensrf.yml new file mode 100644 index 000000000..4c3fc6092 --- /dev/null +++ b/opensrf/opensrf.yml @@ -0,0 +1,21 @@ +- name: Checkout OpenSRF Repository + git: + repo: "{{osrf_git_repository}}" + dest: "{{repo_base}}/OpenSRF" + depth: "{{osrf_clone_depth}}" + version: "{{osrf_git_branch}}" +- name: Install OpenSRF Prereqs + become: true + shell: cd {{repo_base}}/OpenSRF && export PERL_MM_USE_DEFAULT=1 && make -f src/extras/Makefile.install {{os_build_target}} +- file: dest="{{repo_base}}" owner=opensrf group=opensrf recurse=yes +- name: Build OpenSRF + become: true + become_user: opensrf + environment: + PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin" + shell: cd {{repo_base}}/OpenSRF && autoreconf -i && ./configure --prefix={{eg_install_path}} --sysconfdir={{eg_install_path}}/conf && make +- name: Install OpenSRF Files + environment: + PATH: "{{ansible_env.PATH}}:{{eg_install_path}}/bin" + shell: cd {{repo_base}}/OpenSRF && make install +- file: dest="{{eg_install_path}}" owner=opensrf group=opensrf recurse=yes diff --git a/opensrf/setup.yml b/opensrf/setup.yml new file mode 100644 index 000000000..a86cedeae --- /dev/null +++ b/opensrf/setup.yml @@ -0,0 +1,25 @@ +- name: Install OpenSRF Pre-Prereqs + apt: name=make state=present + with_items: + - make + - git +- name: Create opensrf user + user: + name: opensrf + shell: /bin/bash +- lineinfile: + dest: /home/opensrf/.bashrc + regexp: '^export PATH=' + line: 'export PATH={{eg_install_path}}/bin:$PATH' +- lineinfile: + dest: /home/opensrf/.bashrc + regexp: '^export LD_LIBRARY_PATH=' + line: 'export LD_LIBRARY_PATH={{eg_install_path}}/lib:/usr/local/lib:/usr/local/lib/dbd:$LD_LIBRARY_PATH' +- lineinfile: + dest: /etc/hosts + regexp: '^127.0.1.2' + line: '127.0.1.2 public.{{domain_name}}' +- lineinfile: + dest: /etc/hosts + regexp: '^127.0.1.3' + line: '127.0.1.3 private.{{domain_name}}' diff --git a/opensrf/websockets.yml b/opensrf/websockets.yml new file mode 100644 index 000000000..5f46db2c2 --- /dev/null +++ b/opensrf/websockets.yml @@ -0,0 +1,25 @@ +- name: Checkout Websockets Repository + git: + repo: "{{websockets_repository}}" + dest: "{{repo_base}}/apache-websocket" +- name: Install Websockets + shell: cd {{repo_base}}/apache-websocket && apxs2 -i -a -c mod_websocket.c +- stat: path=/etc/apache2-websockets + register: websocketsconf +- block: + - name: Create Websockets Instance + shell: > + sh /usr/share/doc/apache2/examples/setup-instance websockets + && a2dismod websocket + - lineinfile: + state: present + dest: /etc/apache2-websockets/envvars + regexp: 'APACHE_RUN_USER' + line: 'export APACHE_RUN_USER=opensrf' + - name: Copy Example Websockets apache2.conf + copy: + src: "{{repo_base}}/OpenSRF/examples/apache_24/websockets/apache2.conf" + dest: /etc/apache2-websockets/apache2.conf + when: websocketsconf.stat.isdir is not defined +# NOTE: restarting websockets here fails because the SSL cert is not yet in place + diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 000000000..1fd7692ea --- /dev/null +++ b/playbook.yml @@ -0,0 +1,14 @@ +## + +- hosts: '{{hosts}}' + connection: local + # Every command not explicitly run by opensrf/postgres requires root. + remote_user: root + become_method: sudo + vars_files: + - settings.yml + tasks: + - name: Process OpenSRF Tasks + include: opensrf/main.yml + - name: Process Evergreen Tasks + include: evergreen/main.yml diff --git a/settings.yml b/settings.yml new file mode 100644 index 000000000..af9c289eb --- /dev/null +++ b/settings.yml @@ -0,0 +1,30 @@ +--- +repo_base: /home/opensrf +os_build_target: ubuntu-xenial +osrf_git_repository: git://git.evergreen-ils.org/OpenSRF.git +eg_git_repository: git://git.evergreen-ils.org/Evergreen.git +websockets_repository: https://github.com/disconnect/apache-websocket +osrf_git_branch: master +eg_git_branch: master +# Clone depth zero means no clone depth limit. +osrf_clone_depth: 0 +eg_clone_depth: 0 +eg_install_path: /openils +eg_stamp_id: master +eg_admin_user: admin +eg_admin_pass: demo123 +ejabberd_password: password +domain_name: localhost +install_database: true +database_host: 127.0.0.1 +database_port: 5432 +database_user: evergreen +database_password: evergreen +database_database: evergreen +# set to empty value to avoid loading sample data +load_sample_data: --load-all-sample +opensrf_memcached_server: ["127.0.0.1:11211"] +dojo_version: 1.3.3 +dojo_url: http://download.dojotoolkit.org/release-{{dojo_version}}/dojo-release-{{dojo_version}}.tar.gz +use_rsyslog: true +use_nginx: true